7206eafc475f246e7c9c258afdaaa64b5193c1c7427d927be417e53dec890078[.]com

Resubmissions

22/07/2024, 08:45

240722-kn8p4syfql 3

Sharing

Copy URL Twitter E-mail

General

Target

7206eafc475f246e7c9c258afdaaa64b5193c1c7427d927be417e53dec890078.com
Size

1.3MB
MD5

ea593cf5f415170819b98748115379b6
SHA1

98610dd01105bce34136bee3a6db695f717fe035
SHA256

7206eafc475f246e7c9c258afdaaa64b5193c1c7427d927be417e53dec890078
SHA512

3df6e53b3a020254aba87f3aabd16f6ec36e7694bf4e9fe33587fbd58aa0732ab66ebec5cfa7cec05d8e65b9f55b074314e1a7a3f79b7c45abf5ab5d1235d321
SSDEEP

24576:nGtlqC59JiWdmE6r7DzyIzcRdfBFEUT62a3muq9Y+Hk38RyTTAg521LSDyCJVx:nGtlqs9JiWdtTBFjT62aSdHk3RTTYAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7206eafc475f246e7c9c258afdaaa64b5193c1c7427d927be417e53dec890078.com

Files

7206eafc475f246e7c9c258afdaaa64b5193c1c7427d927be417e53dec890078.com
.dll windows:5 windows x64 arch:x64

4b9342e71f1538fef0f8f4ea2f913c9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\531548\out\Release\360Base64.pdb

Imports

kernel32

GetUserDefaultLCID
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
GetSystemWindowsDirectoryW
GetVersionExW
LockResource
FreeResource
SetFilePointerEx
GetFileSizeEx
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
lstrcmpA
LocalFree
GetFileSize
WriteFile
SetFilePointer
GetLocalTime
GetCurrentThreadId
FlushFileBuffers
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
MoveFileExW
QueryPerformanceCounter
LockFileEx
UnlockFileEx
MapViewOfFile
GetFileType
lstrlenW
ReleaseMutex
GetACP
lstrlenA
LocalFileTimeToFileTime
lstrcmpiA
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OpenThread
HeapUnlock
HeapWalk
HeapLock
CreateFileA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
lstrcatW
GlobalMemoryStatus
RtlVirtualUnwind
GetStdHandle
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileAttributesW
CreateFileW

user32

CharNextW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr

shlwapi

SHGetValueA
PathFileExistsW
StrTrimA
StrRChrW
PathAppendW
PathCombineW
StrCmpNIW
StrStrIW
StrCmpIW
StrStrIA
SHSetValueA
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptMsgControl
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObjectEx
CertFreeCertificateChain
CryptDecodeObject
CertAddStoreToCollection
CertOpenStore
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertOpenSystemStoreW
CryptMsgGetParam
CertGetCertificateChain

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateObject
home

Sections

.text
Size: 842KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4b9342e71f1538fef0f8f4ea2f913c9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

crypt32

iphlpapi

Exports

Exports

Sections

.text Size: 842KB - Virtual size: 842KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 68KB - Virtual size: 82KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 842KB - Virtual size: 842KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 68KB - Virtual size: 82KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 12KB - Virtual size: 11KB