a9b7a45efb14a9cd274ab3842d703a1b4d2fe7269fe5b4e7a4710a968fbe34b5

Sharing

Copy URL

Twitter E-mail

General

Target

a9b7a45efb14a9cd274ab3842d703a1b4d2fe7269fe5b4e7a4710a968fbe34b5
Size

1.6MB
MD5

43c24ae5d94ff15aae4c35dd091bae14
SHA1

6d480f09a04df100661f1d36d9a69fa28d3afeb2
SHA256

a9b7a45efb14a9cd274ab3842d703a1b4d2fe7269fe5b4e7a4710a968fbe34b5
SHA512

65a30f87c66eb5cca11d5768334beb1fb8544242830032c5ba1a6907bb1de697ce66636cb8117d5a990fd2bfafc536e459b108a5682ee8767e1490ad83c4486a
SSDEEP

49152:cNyPV3UVWD2U8fBOcEfV2rUld+1gqBIuKR0wv7x:cNyPNUVWiU8fBOccsrUlM1lmuKRh9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b7a45efb14a9cd274ab3842d703a1b4d2fe7269fe5b4e7a4710a968fbe34b5

Files

a9b7a45efb14a9cd274ab3842d703a1b4d2fe7269fe5b4e7a4710a968fbe34b5
.exe windows:5 windows x86 arch:x86

40e9f10c92e0c120c49a2dece19d5f40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\vmagent_new\bin\joblist\521481\out\Release\360zip.pdb

Imports

kernel32

DeviceIoControl
FileTimeToLocalFileTime
lstrcpynW
lstrcpyW
GetFileAttributesExW
GlobalSize
OutputDebugStringW
FormatMessageW
CreateMutexW
GetShortPathNameW
OpenMutexW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
GetLongPathNameW
MoveFileW
lstrcatW
GetFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
GetPrivateProfileIntW
InterlockedExchange
GetSystemTime
SystemTimeToFileTime
CompareFileTime
FlushFileBuffers
GetSystemInfo
SetFilePointerEx
GetTempFileNameW
WaitForMultipleObjects
lstrcmpA
lstrcmpiA
GetCurrentThread
GetThreadContext
VirtualQuery
SetThreadPriority
VirtualAlloc
OpenThread
GetThreadPriority
VirtualProtect
SuspendThread
ResumeThread
SetEnvironmentVariableA
CompareStringA
GetConsoleOutputCP
GetDiskFreeSpaceW
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetFileType
WriteConsoleW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetTempPathW
FileTimeToSystemTime
GetWindowsDirectoryW
GetFileAttributesW
MoveFileExW
SetEndOfFile
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
GetFileSizeEx
ResetEvent
SetEvent
CreateEventW
GetTickCount
SetLastError
GetPrivateProfileStringW
GetSystemDirectoryW
InterlockedCompareExchange
GetSystemWindowsDirectoryW
MulDiv
Sleep
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetFileSize
WriteFile
GetStdHandle
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
TerminateProcess
SetFileAttributesW
RemoveDirectoryW
CreateFileW
ReadFile
CreateDirectoryW
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetPriorityClass
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LocalFree
GetLastError
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
DeleteFileW
InterlockedDecrement
InterlockedIncrement
ExitProcess
LoadLibraryW
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExW
lstrlenW
GlobalFree
RaiseException
FreeResource
GetVersion
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WriteConsoleA

user32

RedrawWindow
LoadMenuW
PostThreadMessageW
CreatePopupMenu
MonitorFromPoint
ScreenToClient
MoveWindow
UpdateWindow
IsWindowEnabled
ClientToScreen
SetWindowRgn
WindowFromPoint
ReleaseDC
UnregisterClassA
GetDC
GetClientRect
SendMessageW
GetParent
InvalidateRect
PostMessageW
SetWindowLongW
EndDialog
GetWindowLongW
KillTimer
MapWindowPoints
GetCursorPos
SetTimer
LoadCursorW
SetWindowTextW
LoadIconW
SetWindowPos
SetCursor
LoadImageW
FillRect
ReleaseCapture
SetCapture
GetCapture
PtInRect
EndPaint
BeginPaint
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuW
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
InflateRect
GetSysColor
GetWindowDC
GetSystemMetrics
GetAncestor
GetKeyState
IsDialogMessageW
SetRect
LockWindowUpdate
SetParent
MessageBeep
IsClipboardFormatAvailable
GetMenuState
RegisterClipboardFormatW
GetClipboardData
IsIconic
EnableMenuItem
CheckMenuItem
wvsprintfW
SetRectEmpty
AppendMenuW
InsertMenuItemW
GetMessagePos
DrawEdge
SystemParametersInfoW
GetDlgItemInt
SetDlgItemInt
SetMenuDefaultItem
DialogBoxParamW
CreateDialogParamW
GetClassInfoExW
RegisterClassExW
CharNextW
FindWindowW
GetClassInfoW
RegisterClassW
GetActiveWindow
GetMenuItemCount
DestroyIcon
MessageBoxW
DefWindowProcW
GetWindowTextW
GetClassNameW
GetDlgItem
ShowWindow
PostQuitMessage
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
SetActiveWindow
SetForegroundWindow
SetDlgItemTextW
SetFocus
BringWindowToTop
GetWindowTextLengthW
EnableWindow
IsDlgButtonChecked
GetComboBoxInfo
CallWindowProcW
DestroyMenu
GetSubMenu
ModifyMenuW
GetMenuItemID
GetMenuStringW
IsMenu
CreateWindowExW
MsgWaitForMultipleObjects
GetIconInfo
CharLowerBuffW
DrawTextW
GetCaretPos
CopyRect
LoadBitmapW
TrackPopupMenu
GetDlgCtrlID
FrameRect
AdjustWindowRectEx
UpdateLayeredWindow
IsRectEmpty
GetSysColorBrush
PeekMessageW
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
DestroyWindow
IsWindow
RegisterWindowMessageW

gdi32

GetTextMetricsW
DPtoLP
CreateDCW
GetTextColor
CreateRectRgnIndirect
GetClipBox
GetTextExtentPointA
GetTextMetricsA
CreatePenIndirect
RoundRect
GetCurrentObject
CreateSolidBrush
SetViewportOrgEx
CombineRgn
CreateRectRgn
GetPixel
SetTextColor
SetBkMode
SetStretchBltMode
RestoreDC
SaveDC
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
CreatePolygonRgn
ExtTextOutW
SetBkColor
StretchBlt
BitBlt
GetTextExtentPoint32W
CreateRoundRectRgn
CreateFontW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
DeleteObject
GetObjectW
GetStockObject
GetBkColor
CreateFontIndirectW
SelectObject

comdlg32

ChooseColorW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
ConvertSidToStringSidW
LookupAccountNameW
OpenProcessToken
GetTokenInformation

shell32

Shell_NotifyIconW
ShellExecuteW
ord18
ord190
SHBrowseForFolderW
ord23
ord680
ord153
ord4
ord155
DragQueryPoint
DragQueryFileW
ord21
SHFileOperationW
SHGetFileInfoW
SHChangeNotify
SHGetDesktopFolder
ShellExecuteExW
CommandLineToArgvW
ord165
SHGetFolderPathW
SHGetPathFromIDListW
ord17
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ord71
ord16
ord2
DragAcceptFiles
ord152

ole32

StgCreateDocfile
CreateStreamOnHGlobal
DoDragDrop
CoUninitialize
CoInitialize
OleInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
SafeArrayCreateVector
SysStringLen
SysAllocStringLen
OleTranslateColor
VariantInit
VarUI4FromStr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathCombineW
SHDeleteKeyW
PathAppendW
PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathRemoveExtensionW
StrCmpIW
ord437
PathFindFileNameW
PathAddExtensionW
PathCompactPathExW
PathIsDirectoryW
PathIsUNCW
PathRemoveBackslashW
PathSearchAndQualifyW
StrRStrIW
StrStrIW
PathRenameExtensionW
SHSetValueW
SHGetValueA
SHGetValueW

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove
ImageList_SetImageCount
ImageList_Replace

msimg32

AlphaBlend

gdiplus

GdipCreateBitmapFromFile
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipBitmapGetPixel
GdipBitmapUnlockBits

oleacc

AccessibleObjectFromPoint

secur32

GetUserNameExW

netapi32

Netbios

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40e9f10c92e0c120c49a2dece19d5f40

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

shlwapi

comctl32

msimg32

gdiplus

oleacc

secur32

netapi32

rpcrt4

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 181KB - Virtual size: 199KB

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 181KB - Virtual size: 199KB

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 78KB - Virtual size: 78KB