e6e8db1555365fcdbf37c829251cf7ce252b284e2a4fbbb471733046bbadf27f

Sharing

Copy URL Twitter E-mail

General

Target

e6e8db1555365fcdbf37c829251cf7ce252b284e2a4fbbb471733046bbadf27f
Size

986KB
MD5

c5cdbf0cbe760678af80839e486b1786
SHA1

899e37ac6a61f1b77a4d46956ced1a5c61b8194c
SHA256

e6e8db1555365fcdbf37c829251cf7ce252b284e2a4fbbb471733046bbadf27f
SHA512

b329cbec43ae84257d5f6a8705b1bc90f42cb3c0f7b19aaf1502d0032966c280a8c956e63dd551beb86539e94de54961d06ee4b3935733a5ff6b8d673cbfe001
SSDEEP

24576:KbUp3TorQ/fYz1AX+iIYFoIdMqEXpGx/w3Ds1+PRwixB:fXRD7EUxY3DsuRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6e8db1555365fcdbf37c829251cf7ce252b284e2a4fbbb471733046bbadf27f

Files

e6e8db1555365fcdbf37c829251cf7ce252b284e2a4fbbb471733046bbadf27f
.exe windows:6 windows x86 arch:x86

864a140aa0590188b0aa8d0be03c7cfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\Jabber\products\jabber-virtualization\out\vxme-agent\release\bin\hvdagent.exe.pdb

Imports

csflogger

CSFLog
CSFLog_isTraceEnabled
CSFLogger_initialize
?GetInstance@LogController@csflogger@CSF@@SA?AV?$shared_ptr@VLogController@csflogger@CSF@@@std@@XZ
CSFLogger_getLogger
CSFLog_isDebugEnabled
CSFLogger_flush

user32

MessageBoxW

kernel32

UnhandledExceptionFilter
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcessId
TerminateProcess
CreateThread
OpenProcess
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLastError
GetCurrentProcess
FreeLibrary
GetModuleHandleW
GetStartupInfoW
LoadLibraryW
SetDllDirectoryW
GetModuleFileNameA
GetModuleHandleA
Sleep
ReleaseMutex
CreateMutexW
CreateFileW
SetUnhandledExceptionFilter
GetCurrentThreadId
FlushInstructionCache
GetLocalTime
VirtualProtect
WriteProcessMemory
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
ResetEvent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetProcAddress
WaitForSingleObjectEx
SetLastError
AreFileApisANSI
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexA
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

tsdetectionlib

GetEnvironment
GetVirtualisationProtocol

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

msvcp140

_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_destroy
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
_Strcoll
_Strxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Cnd_broadcast
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Mtx_init_in_situ
_Mtx_destroy
_Mtx_init
_Thrd_id
_Thrd_sleep
_Thrd_join
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Xtime_get_ticks
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
_Mtx_destroy_in_situ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_XGetLastError@std@@YAXXZ
_Thrd_start

ole32

CoTaskMemFree
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
StringFromCLSID

oleaut32

UnRegisterTypeLi
SysFreeString
LoadTypeLibEx
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke
VariantClear
SysAllocString

dbghelp

MiniDumpWriteDump

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

vcruntime140

__std_terminate
memmove
__CxxFrameHandler3
memcpy
memset
strstr
strchr
_set_purecall_handler
__std_exception_copy
__std_exception_destroy
memchr
_purecall
_except_handler4_common
__RTDynamicCast
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
_cexit
_seh_filter_exe
_set_new_handler
signal
_set_invalid_parameter_handler
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_initterm
_errno
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
terminate
_exit

api-ms-win-crt-string-l1-1-0

_wcsicmp
strncpy_s
strncat_s
strcat_s
strcpy_s
strncpy

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs
strtol
strtoll
strtoul
strtoull
strtod

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode
realloc

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

_dtest
__setusermatherr
_fdtest
_except1

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
fflush
__stdio_common_vfprintf
__p__commode
__stdio_common_vsprintf

Sections

.text
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

864a140aa0590188b0aa8d0be03c7cfa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

csflogger

user32

kernel32

tsdetectionlib

advapi32

msvcp140

ole32

oleaut32

dbghelp

shell32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Sections

.text Size: 791KB - Virtual size: 791KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 791KB - Virtual size: 791KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 43KB - Virtual size: 42KB