vsgarcello[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

vsgarcello.exe
Size

14.2MB
MD5

87e3f4d5dc47f1abebac00fa5cf5d7ce
SHA1

38c0180676c94748d468e32f280da00c40248cc2
SHA256

f318613552f2e4986c316edc4877701d557a6a0ada0ddf4ebb86f08e518d9dba
SHA512

7a0c63bb2b5285f2aa055c8d682742762c6aba1dd00b2cb18ce15104e90d3820e964aee3253fe09d44f1857dff04036af33066e3ce7e28dc4cef0b5c39f01aac
SSDEEP

98304:2YBcA3gCWfQb/lXwNCB5ji/Plm3CIMEfo4TeFirfgGx:ZBcA3gCW4RXw0B5ji/PltIMNFG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vsgarcello.exe

Files

vsgarcello.exe
.exe windows:6 windows x64 arch:x64

Password: infected

a336869077118278bfb0901b1472683b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxA

ws2_32

getaddrinfo
WSAGetLastError
WSAStartup
gethostbyname
socket
shutdown
setsockopt
send
freeaddrinfo
inet_ntoa
inet_addr
htons
ioctlsocket
connect
closesocket
recv

advapi32

RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegSetKeyValueW
RegQueryValueExW
CryptAcquireContextA
RegCreateKeyExW

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
SetEnvironmentVariableW
GetStringTypeW
SetFilePointerEx
FlushFileBuffers
ReadConsoleW
GetConsoleMode
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
FindFirstFileExW
GetCommandLineW
GetProcessHeap
HeapSize
SetEndOfFile
GetFileSizeEx
WakeAllConditionVariable
TlsGetValue
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
SystemTimeToFileTime
RtlCaptureContext
TlsSetValue
TlsAlloc
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryW
GetCommandLineA
LoadLibraryA
ReadFile
WriteFile
DuplicateHandle
CreatePipe
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
FormatMessageA
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
Sleep
GetModuleFileNameW
GetLastError
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
PeekNamedPipe
WaitNamedPipeW
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
LCMapStringW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
CreateDirectoryW
DeleteFileW
GetStdHandle
WriteConsoleW
ExitThread
FreeLibraryAndExitThread
GetConsoleCP
HeapFree
HeapAlloc
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
hx_cffi

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a336869077118278bfb0901b1472683b

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

crypt32

kernel32

Exports

Exports

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 1.0MB - Virtual size: 1.3MB

.pdata Size: 423KB - Virtual size: 422KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 367KB - Virtual size: 367KB

.reloc Size: 245KB - Virtual size: 245KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 1.0MB - Virtual size: 1.3MB

.pdata
Size: 423KB - Virtual size: 422KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 367KB - Virtual size: 367KB

.reloc
Size: 245KB - Virtual size: 245KB