b02269c6fa8326504123393242c2fff691e7ad7c2172111d0c046ca6a9bdb661

Sharing

Copy URL

Twitter E-mail

General

Target

b02269c6fa8326504123393242c2fff691e7ad7c2172111d0c046ca6a9bdb661
Size

1.6MB
MD5

f158384936a9005e88e18ec25e7c0f1e
SHA1

f92881beb843e7eb483bf0027b27376bb29b0f24
SHA256

b02269c6fa8326504123393242c2fff691e7ad7c2172111d0c046ca6a9bdb661
SHA512

068102312e1d3ec41b75bf24032b714ee4ad6661ac690075ad81a36b47d81900abcedc4d85adea2842d8c2b50844c4acd4c06a16d030e506c20c70e58238bfec
SSDEEP

24576:R/lrU/JboM0lOglm2nNPYs/9Wny5gCkIurDsD7eXGzLervxqA9vrEH7M:Fl4/BvOFm2nhL/90yGDsD7SGzLezUS

Score

1^/10

Malware Config

Signatures

Files

b02269c6fa8326504123393242c2fff691e7ad7c2172111d0c046ca6a9bdb661
.exe windows:5 windows x86 arch:x86

59ef5d34534b756fb27e6dc43b84276d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:ad:05:b8:0c:eb:d7:64:cd:27:5f:77:34:c8:32:18:a4:e6:e6:6e:66:d5:af:5d:79:22:f6:da:ff:11:4b:12
Signer

Actual PE Digest

1b:ad:05:b8:0c:eb:d7:64:cd:27:5f:77:34:c8:32:18:a4:e6:e6:6e:66:d5:af:5d:79:22:f6:da:ff:11:4b:12

Digest Algorithm

sha256

PE Digest Matches

false

c7:89:35:8f:1b:1d:9b:d5:3a:f5:4f:67:5d:a4:8a:11:a1:7e:c9:32
Signer

Actual PE Digest

c7:89:35:8f:1b:1d:9b:d5:3a:f5:4f:67:5d:a4:8a:11:a1:7e:c9:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\525614\out\Release\PopWndTracker.pdb

Imports

kernel32

GetExitCodeProcess
CopyFileW
GetTempPathW
ReadProcessMemory
GlobalMemoryStatus
RemoveDirectoryW
SetFileAttributesW
TlsSetValue
TlsGetValue
InterlockedCompareExchange
TlsFree
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetPrivateProfileSectionW
GetFileSize
GetTimeZoneInformation
GetFileAttributesW
TerminateProcess
MoveFileW
MoveFileExW
SetEnvironmentVariableW
WritePrivateProfileSectionW
CreateMutexA
ReleaseMutex
GetDriveTypeW
ResumeThread
Module32FirstW
ExpandEnvironmentStringsW
GetCommandLineW
GetDiskFreeSpaceExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringW
InterlockedExchange
GetSystemDirectoryW
LocalFree
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
GetProcessTimes
GetPrivateProfileSectionNamesW
GetCurrentThread
CreateEventW
OpenMutexW
OutputDebugStringA
TerminateThread
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
Module32NextW
OpenThread
SuspendThread
Thread32Next
FindNextFileW
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
FindFirstFileW
FindClose
GetTickCount
ProcessIdToSessionId
GetACP
AreFileApisANSI
WideCharToMultiByte
LoadLibraryA
lstrlenA
lstrcmpiA
lstrcmpA
HeapWalk
HeapLock
HeapUnlock
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
TlsAlloc
IsValidCodePage
GetOEMCP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcmpW
GetModuleHandleA
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetVersionExW
GetVersion
CreateProcessW
WriteFile
CreateFileW
ReadFile
SetFilePointer
lstrcmpiW
Thread32First
lstrlenW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetCurrentProcess
FlushInstructionCache
SetEvent
Sleep
CreateThread
WaitForSingleObject
RaiseException
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
CloseHandle
CreateMutexW
GetLastError
GetPrivateProfileIntW
GetWindowsDirectoryW
CreateDirectoryW
GetModuleFileNameW
DeleteFileW
GetCurrentProcessId
WritePrivateProfileStringW
GetLongPathNameW
LoadLibraryExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultUILanguage
DeviceIoControl
GetTempFileNameW
MulDiv

user32

ReleaseDC
EnumWindows
GetActiveWindow
GetDC
SendMessageTimeoutW
FindWindowW
SendMessageW
PostMessageW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
PostThreadMessageW
ShowWindow
SetWindowLongW
CreateWindowExW
UnregisterClassA
LoadStringW
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MonitorFromRect
EnableWindow
DrawTextW
SetRect
IsRectEmpty
SetRectEmpty
OffsetRect
SetClassLongW
GetClassLongW
GetMessagePos
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharNextW
CharLowerBuffW
WaitForInputIdle
SetForegroundWindow
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
EnumThreadWindows
SetWindowPos
SwitchToThisWindow
BringWindowToTop
GetWindowRect
SetLayeredWindowAttributes
GetWindowLongW
GetClassNameW
GetWindowTextW
IsWindowVisible
IsWindow
GetParent
PtInRect
GetWindowDC
GetDesktopWindow
MoveWindow
GetClientRect
InvalidateRect
SetTimer
KillTimer
CallWindowProcW
CopyRect
RegisterWindowMessageW
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
DrawIconEx
SetWindowsHookExW
PostQuitMessage
UnhookWindowsHookEx
SetWindowTextW
mouse_event
SetCursor
SetCapture
SetFocus
ClientToScreen
ScreenToClient
CallNextHookEx
GetWindowThreadProcessId
SetCursorPos
IsIconic
GetWindowPlacement
RedrawWindow
GetCursorPos
LoadImageW
SetActiveWindow
EnumDisplaySettingsW
MonitorFromPoint
SetParent
ChildWindowFromPoint
GetWindowRgn
EqualRect
MessageBoxW

gdi32

StretchBlt
SetBrushOrgEx
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectW
GetDIBits
DeleteDC
SetDIBColorTable
SetStretchBltMode
StretchDIBits
GetDeviceCaps
GetTextMetricsW
GetStockObject
SetViewportOrgEx
CreateFontW
GetObjectA
GetPixel
CreateFontIndirectW
CreateRectRgn
GetRgnBox
DeleteObject
GetTextExtentPoint32W

advapi32

RegEnumKeyExA
RegCreateKeyA
SetEntriesInAclW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
OpenThreadToken
GetUserNameW
LookupPrivilegeValueW
IsValidSid
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
FreeSid
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord680
SHGetFolderPathW
ShellExecuteW
ExtractIconExW
SHChangeNotify
CommandLineToArgvW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocStringLen
VariantCopy
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
VarUI4FromStr
SysFreeString
SysAllocString
DispCallFunc
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound

shlwapi

PathRemoveFileSpecW
SHSetValueW
StrCmpNW
PathAppendW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathAddBackslashW
wnsprintfW
PathUnquoteSpacesW
PathRemoveBackslashW
SHGetValueA
SHSetValueA
SHDeleteValueA
ord437
PathCompactPathW
ColorRGBToHLS
ColorHLSToRGB
StrCmpNIW
PathFileExistsW
SHGetValueW
StrToIntExW
PathCombineW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imm32

ImmDisableIME

gdiplus

GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateLineBrushFromRectI
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode
GdipCreateHBITMAPFromBitmap
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipFillRectangleI
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipDrawString
GdipGetFontHeight
GdipFillRectangle
GdipResetClip
GdipSetClipRectI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipMeasureString
GdipCreateFromHDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipSetLinePresetBlend
GdipDrawLineI
GdipCreatePen2
GdipDrawRectangleI
GdipDrawPath
GdipCreateLineBrushFromRect
GdipFillPath
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipGetSmoothingMode
GdipGetPixelOffsetMode
GdipSetPenWidth
GdipDrawEllipseI
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipDeletePen
GdipCreatePen1
GdipAddPathLineI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth

ws2_32

select

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59ef5d34534b756fb27e6dc43b84276d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

1b:ad:05:b8:0c:eb:d7:64:cd:27:5f:77:34:c8:32:18:a4:e6:e6:6e:66:d5:af:5d:79:22:f6:da:ff:11:4b:12Signer

c7:89:35:8f:1b:1d:9b:d5:3a:f5:4f:67:5d:a4:8a:11:a1:7e:c9:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

imm32

gdiplus

ws2_32

wintrust

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 24KB - Virtual size: 44KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 46KB - Virtual size: 45KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

1b:ad:05:b8:0c:eb:d7:64:cd:27:5f:77:34:c8:32:18:a4:e6:e6:6e:66:d5:af:5d:79:22:f6:da:ff:11:4b:12
Signer

c7:89:35:8f:1b:1d:9b:d5:3a:f5:4f:67:5d:a4:8a:11:a1:7e:c9:32
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 24KB - Virtual size: 44KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 46KB - Virtual size: 45KB