bc521ec6b877b9a16efca3fc92770dd07e76422fc8682bc5285f22bd4bd1b8ec

Sharing

Copy URL Twitter E-mail

General

Target

bc521ec6b877b9a16efca3fc92770dd07e76422fc8682bc5285f22bd4bd1b8ec
Size

1.3MB
MD5

18b0e5c39232ed35c56183310fefba20
SHA1

c0f1faed5302acef7cd3b674c571015f39826a56
SHA256

bc521ec6b877b9a16efca3fc92770dd07e76422fc8682bc5285f22bd4bd1b8ec
SHA512

88eadd89cf0725d63b509caea01743c0ed69a510e51f275a4b853f3ba17cb5e7a6dc80449b349870be79331dc1a1f853112c40ee937a5ec6dd2e8bd6f8f81241
SSDEEP

24576:qic7t2NM7M8lLq+RcBxGooYzXBwtqOFwTQyKHlCm2:qoNp8ozBM7YzX20O+TQHFCm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc521ec6b877b9a16efca3fc92770dd07e76422fc8682bc5285f22bd4bd1b8ec

Files

bc521ec6b877b9a16efca3fc92770dd07e76422fc8682bc5285f22bd4bd1b8ec
.exe windows:5 windows x86 arch:x86

36a83d2ad8d4abe3d43dcf0b05185dd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\779299\out\Release\Uninst.pdb

Imports

kernel32

FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetLongPathNameW
RemoveDirectoryW
SetEndOfFile
GlobalAlloc
GlobalFree
GetCurrentProcess
OpenThread
ResumeThread
GetModuleHandleExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GetTempPathW
GetVersionExW
SystemTimeToFileTime
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
GetCommandLineW
CopyFileW
GetBinaryTypeW
LocalFree
GetModuleHandleA
OpenProcess
ProcessIdToSessionId
GetExitCodeProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
GetCurrentThreadId
lstrlenA
LoadLibraryW
UnmapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
GetFileSize
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
FindClose
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
lstrcmpiA
InitializeSListHead
GetStartupInfoW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapDestroy
ReadFile
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleFileNameW
CreateProcessW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteFileW
SetFilePointerEx
GetEnvironmentStringsW
IsDebuggerPresent
GetStringTypeW
TryEnterCriticalSection
GetCPInfo
LeaveCriticalSection
LCMapStringEx
QueryPerformanceCounter
EnterCriticalSection
QueryPerformanceFrequency
DeviceIoControl
HeapFree
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
FormatMessageW
GetACP
MulDiv
GlobalSize
GetFileAttributesW
GetCurrentDirectoryW
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
lstrcmpA
LocalFileTimeToFileTime
CreateFileA
HeapLock
HeapUnlock
HeapWalk
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerSetConditionMask
VerifyVersionInfoW
GlobalUnlock
GlobalLock
CreateFileW

user32

FindWindowW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
CharLowerW
GetSystemMetrics
IntersectRect
OffsetRect
EqualRect
PtInRect
GetMonitorInfoW
EnumDisplayMonitors
AttachThreadInput
IsIconic
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
GetDesktopWindow
DrawTextW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
UnionRect
MonitorFromPoint
IsZoomed
GetCursorPos
GetKeyState
ScreenToClient
SetWindowRgn
SendMessageTimeoutW
IsRectEmpty
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
GetFocus
GetDC
CallWindowProcW
RegisterClassW
LoadCursorW
ReleaseDC
GetWindowThreadProcessId
LoadImageW
SetWindowPos
IsWindowVisible
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostQuitMessage
KillTimer
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
MonitorFromWindow
SetFocus
EnableWindow
SetWindowTextW
UpdateLayeredWindow

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
StartServiceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfigW
GetUserNameW
SetSecurityDescriptorDacl
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW

shell32

ord165
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathFileExistsW
StrStrIW
PathAppendW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
SHGetValueW
ord176
PathCanonicalizeW
PathIsPrefixW
PathIsRelativeW
PathIsRootW
PathRemoveBackslashW
SHSetValueW
SHGetValueA
SHSetValueA
SHDeleteValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

gdiplus

GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreatePen1
GdipDeletePen
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipSetPathGradientWrapMode
GdipSetLineBlend
GdipCreatePen2
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusStartup
GdipDeleteRegion
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipSetPathGradientPresetBlend
GdipFillRegion
GdipSetPathGradientFocusScales
GdipCreateFromHDC
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCreateLineBrushFromRect
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDrawArc
GdipCreatePath
GdipDeletePath
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAddPathPath
GdipClosePathFigure
GdipAddPathArc
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreateRegionPath

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

crypt32

CryptBinaryToStringA

winmm

timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend

wininet

InternetConnectW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW

gdi32

DeleteObject
GetObjectW
CreateRoundRectRgn
BitBlt
CreateFontIndirectW
GetDeviceCaps
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetWindowOrgEx
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
SetBkMode
GetObjectA
GetStockObject

Sections

.text
Size: 905KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36a83d2ad8d4abe3d43dcf0b05185dd5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

gdiplus

comctl32

crypt32

winmm

imm32

msimg32

wininet

gdi32

Sections

.text Size: 905KB - Virtual size: 905KB

.rdata Size: 235KB - Virtual size: 234KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 905KB - Virtual size: 905KB

.rdata
Size: 235KB - Virtual size: 234KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 59KB - Virtual size: 58KB