011abc7752ab3180e8016d7f395a1a10[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

011abc7752ab3180e8016d7f395a1a10.exe
Size

2.3MB
MD5

011abc7752ab3180e8016d7f395a1a10
SHA1

c76164145c4a0debefa4a44cf9107e85d0428f32
SHA256

c58842bb0fdcff37f9ad04db475e9769a3a5449125d5044d518baea2640d2716
SHA512

037b0544cca532dbb0574d2ad189fc33ad794e67c2b71273f7a9c3973c5ac80aaaf2fbc4bf2cd30594b5d00f4062c2f99457c6ea4204a5dad54ec5dfda648ed3
SSDEEP

49152:x0ecwe0AWB48iGNnEtyX849TdByyfRhL3Au0EcoHUsdWwNs:oweu48iGStyXlRRhLwHsUsdWEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011abc7752ab3180e8016d7f395a1a10.exe

Files

011abc7752ab3180e8016d7f395a1a10.exe
.dll windows:5 windows x86 arch:x86

476955b9e5bf5b01a0c90b260d75c156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\539414\out\Release\360SafeChecker.pdb

Imports

kernel32

SystemTimeToFileTime
GetDriveTypeW
Thread32First
OpenThread
Thread32Next
ExpandEnvironmentStringsW
lstrlenW
SetFileAttributesW
MoveFileExW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntW
ResumeThread
RemoveDirectoryW
GetSystemTimes
GlobalMemoryStatusEx
GetFileSize
SetThreadPriority
MoveFileW
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
ProcessIdToSessionId
GetCommandLineW
InterlockedIncrement
IsDebuggerPresent
OutputDebugStringW
FlushFileBuffers
GetModuleHandleExW
FreeLibraryAndExitThread
CreateFileA
GlobalFree
PeekNamedPipe
CreatePipe
LockFile
UnlockFile
lstrcmpiW
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
GetExitCodeThread
ExitThread
CreateDirectoryA
GetSystemWindowsDirectoryA
GetLogicalDriveStringsW
lstrcpynW
SetEndOfFile
GetEnvironmentVariableW
SetEnvironmentVariableW
GetLogicalDrives
ExitProcess
GetFileTime
SetFileTime
GetWindowsDirectoryW
WriteConsoleW
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
FindClose
FindFirstFileExA
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
InterlockedFlushSList
RtlUnwind
HeapUnlock
TlsFree
TlsGetValue
TlsAlloc
HeapWalk
ReleaseMutex
HeapLock
TlsSetValue
LocalFileTimeToFileTime
SetFilePointerEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
FindNextFileW
CopyFileW
FindFirstFileW
GetExitCodeProcess
CreateDirectoryW
DeleteFileW
WriteFile
GetSystemWindowsDirectoryW
InterlockedExchange
FreeResource
GetLocalTime
LocalAlloc
GetTempFileNameW
GetTempPathW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapDestroy
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
GetFileAttributesExW
GetVersionExW
LocalFree
CreateThread
GetCurrentProcess
ReadFile
SetFilePointer
GetPrivateProfileStringW
CreateProcessW
GetStartupInfoW
GetLongPathNameW
OpenProcess
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
InterlockedCompareExchange
GetCurrentThreadId
GetModuleHandleW
SetCurrentDirectoryW
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
FindNextFileA
SizeofResource
GetCommandLineA
WaitForSingleObject
CreateFileW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
GetFullPathNameW
GetFileAttributesW
SetThreadExecutionState
VirtualQuery

user32

GetWindowThreadProcessId
FindWindowExW
CreateWindowExW
UpdateWindow
DestroyIcon
TrackMouseEvent
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
UpdateLayeredWindow
MoveWindow
GetClassInfoW
RegisterClassW
InflateRect
GetCursorPos
EqualRect
GetDlgItem
DestroyWindow
SetWindowLongW
DialogBoxParamW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
EndDialog
GetWindow
MonitorFromWindow
MapWindowPoints
ReleaseCapture
SetCapture
CopyRect
SetRectEmpty
UnionRect
MessageBoxW
wsprintfW
SendMessageW
IsWindowVisible
GetParent
EnumWindows
FindWindowW
SendMessageTimeoutW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetClassNameW
IsWindow
IsIconic
SetForegroundWindow
BringWindowToTop
GetWindowLongW
SetTimer
KillTimer
SetWindowRgn
LoadImageW
EndPaint
BeginPaint
LoadBitmapW
CharNextW
ShowWindow
SetWindowPos
GetWindowTextW
GetActiveWindow
CreateDialogParamW
GetKeyState
ScrollWindow
DrawTextW
SetCursor
RedrawWindow
PostThreadMessageW
GetForegroundWindow
IsWindowEnabled
DefWindowProcW
GetMessageW
LoadStringW
SetWindowTextW
GetWindowRect
GetMonitorInfoW
MonitorFromRect
LoadIconW
PtInRect
ScreenToClient
InvalidateRect
ClientToScreen
ReleaseDC
GetDC
FillRect
OffsetRect
IntersectRect
LockWindowUpdate
SetFocus
GetClientRect
PostMessageW
CallWindowProcW
ExitWindowsEx

gdi32

SetBrushOrgEx
SetStretchBltMode
GetStretchBltMode
CreateCompatibleBitmap
GetObjectW
LineTo
MoveToEx
StretchBlt
SetViewportOrgEx
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
CreateSolidBrush
CreatePolygonRgn
SetBkColor
ExtTextOutW
SetBkMode
SetTextColor
GetBkMode
GetStockObject
CreatePen
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ConvertStringSidToSidW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DuplicateTokenEx
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetLengthSid
RegEnumKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegCreateKeyW
GetNamedSecurityInfoW
SetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
CryptAcquireContextW
CryptReleaseContext
GetSecurityDescriptorDacl
GetAclInformation
GetAce
IsValidSecurityDescriptor
RegQueryInfoKeyW
CreateServiceW
StartServiceW
ChangeServiceConfigW
ControlService
DeleteService
SetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHOpenFolderAndSelectItems
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetMalloc
SHCreateDirectoryExW
CommandLineToArgvW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ord190
ord155
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantClear
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VarUI4FromStr
VarDateFromStr
VariantCopy
SafeArrayGetVartype
SafeArrayCopy
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayRedim
SafeArrayCreate

shlwapi

SHDeleteValueW
StrCmpIW
StrStrW
StrStrIW
PathIsDirectoryW
PathIsRelativeW
StrRChrW
StrCmpW
PathAddBackslashW
StrCpyNW
PathFileExistsA
StrCmpNW
SHDeleteKeyW
PathFileExistsW
PathAppendW
PathCombineW
SHGetValueW
PathRemoveFileSpecW
SHSetValueW
PathFindExtensionW
StrCmpNIW
StrChrW
PathFindFileNameW

ws2_32

WSACreateEvent
WSAResetEvent
WSACloseEvent

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleInformation

setupapi

SetupIterateCabinetW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Add
ImageList_GetImageCount
ImageList_Create
ImageList_LoadImageW

msimg32

TransparentBlt

gdiplus

GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipCreateBitmapFromFile
GdipFree
GdipDeleteGraphics
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDisposeImage
GdipCreateBitmapFromStream
GdipGetImageHeight

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

mpr

WNetGetConnectionW

iphlpapi

GetIpAddrTable
NotifyAddrChange
GetAdaptersInfo

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
NdrAsyncClientCall
RpcAsyncCancelCall

netapi32

NetApiBufferFree
NetShareEnum

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreW
CertGetNameStringW

Exports

Exports

AlphaBlend
TransparentBlt
TransparentBlt
TransparentBlt
TransparentBlt
DnsGuardderOperation
GetCurrentPageID
GetEmpStage
GetNotifyUpdateSpyerDlgHWND
GetNotifyUpdateSpyerDlgHWND2
InitPreCreateUI
IsEmpHoding
IsEngSupportEmp
IsFeatureSupport
IsOffLineSpyerLibTooOld
IsSupportUploadZoneUI
NotifyCallTd
NotifyInvokeSuperKiller
NotifyRBPWROFF
NotifyScanArk
NotifyScanArk2
OpenTrustDlg
OperateScanLog
PreExitProcess
ProcessDS
RunnedTDWS
SEHS
SafeUpdateInterface
ScanOFFPWR
SendMainCommand
ShowSpyerLibUpdateDlg
SkinMsgBox
SkinMsgBoxNew
TrustZone_Destroy
TrustZone_SHOWFUNC
WifiCheckUIOperation

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 798KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476955b9e5bf5b01a0c90b260d75c156

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

setupapi

comctl32

msimg32

gdiplus

wininet

mpr

iphlpapi

rpcrt4

netapi32

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 386KB - Virtual size: 388KB

.data Size: 33KB - Virtual size: 64KB

.rsrc Size: 798KB - Virtual size: 797KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 386KB - Virtual size: 388KB

.data
Size: 33KB - Virtual size: 64KB

.rsrc
Size: 798KB - Virtual size: 797KB