eb0a048428c44aa5006933d1a514a8bb2cc0bd55c9077b07fec6751cc2f8667e

Sharing

Copy URL Twitter E-mail

General

Target

eb0a048428c44aa5006933d1a514a8bb2cc0bd55c9077b07fec6751cc2f8667e
Size

7.2MB
MD5

e5e96e68fb53da75187255ddc8efc375
SHA1

8877cd1cc4202e0b028db184288f9ece759b787b
SHA256

eb0a048428c44aa5006933d1a514a8bb2cc0bd55c9077b07fec6751cc2f8667e
SHA512

3b4226c8625357e8ddb226f9d41c7707bdefa9f5f438e02864df7f7cdf791320dd1a0342845252994501615b13c6d1926c2525b9de25e3856ed081ec4b5f189b
SSDEEP

196608:0douEko1nisbpW2/JuoLl5oSwf66GxY6SxkLD/UcXel9:aouETnrdW2xuoLl5oSIrGKDKAcul9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb0a048428c44aa5006933d1a514a8bb2cc0bd55c9077b07fec6751cc2f8667e

Files

eb0a048428c44aa5006933d1a514a8bb2cc0bd55c9077b07fec6751cc2f8667e
.exe windows:5 windows x86 arch:x86

82b2502726b748d7cd0267010fcb51a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\747565\out\Release\GameAssistantSetup.pdb

Imports

kernel32

GetLogicalDriveStringsW
GetLongPathNameW
GetVolumeInformationW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
OpenProcess
GlobalAlloc
GlobalFree
MoveFileExW
GetFileAttributesExW
GetCurrentProcess
OpenThread
GetModuleHandleExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GetVersionExW
SystemTimeToFileTime
GetLocalTime
GetCommandLineW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
LocalFree
FindClose
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
GetCurrentThreadId
lstrlenA
LoadLibraryW
UnmapViewOfFile
CreateFileMappingW
GetFileSize
GetTimeZoneInformation
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
WriteConsoleW
DeleteFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapDestroy
OutputDebugStringW
WriteFile
SetFilePointer
ReadFile
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleFileNameW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
lstrcmpA
SetStdHandle
IsDebuggerPresent
GetStringTypeW
TryEnterCriticalSection
GetCPInfo
LCMapStringEx
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcmpiA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
FormatMessageW
GetACP
MulDiv
GlobalSize
VerSetConditionMask
LeaveCriticalSection
EnterCriticalSection
CreateFileA
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
HeapLock
HeapUnlock
HeapWalk
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerifyVersionInfoW
GlobalUnlock
GlobalLock
CreateFileW

user32

FindWindowW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
CharLowerW
GetSystemMetrics
IntersectRect
OffsetRect
EqualRect
PtInRect
GetMonitorInfoW
EnumDisplayMonitors
AttachThreadInput
IsIconic
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
GetDesktopWindow
DrawTextW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
UnionRect
MonitorFromPoint
IsZoomed
GetCursorPos
GetKeyState
ScreenToClient
SendMessageTimeoutW
UpdateLayeredWindow
IsRectEmpty
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
GetFocus
GetDC
CallWindowProcW
RegisterClassW
LoadCursorW
ReleaseDC
GetWindowThreadProcessId
wsprintfW
SetWindowPos
IsWindowVisible
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostQuitMessage
SetTimer
KillTimer
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
LoadImageW
MonitorFromWindow
SetFocus
EnableWindow
SetWindowTextW
SetWindowRgn

advapi32

QueryServiceObjectSecurity
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
StartServiceW
SetServiceObjectSecurity
QueryServiceStatus
RegEnumKeyExA
OpenServiceW
ChangeServiceConfigW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenSCManagerW

shell32

ord165
SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
StrStrIW
PathCombineW
SHDeleteValueW
PathRemoveFileSpecW
PathIsRelativeW
SHGetValueW
PathCanonicalizeW
PathIsDirectoryW
PathIsPrefixW
PathIsRootW
PathRemoveBackslashW
PathFindFileNameW
SHSetValueW
SHGetValueA
SHSetValueA
PathAppendW

version

VerQueryValueW

psapi

GetModuleFileNameExW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

crypt32

CryptBinaryToStringA

winmm

timeKillEvent
timeSetEvent

gdiplus

GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHDC
GdipBitmapLockBits
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCreatePath
GdipDeletePath
GdipSetLineBlend
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipCreatePathGradientFromPath
GdipDeleteBrush
GdipImageSelectActiveFrame
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCreatePen2
GdipCreateBitmapFromScan0
GdipAddPathPath
GdipCloneBrush
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateRegionPath
GdipDeleteRegion
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPathGradientFocusScales
GdipClosePathFigure
GdipAddPathArc
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipImageRotateFlip
GdipLoadImageFromFile
GdipFillRegion

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

msimg32

AlphaBlend

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetOpenW

gdi32

DeleteObject
CreateRoundRectRgn
BitBlt
GetStockObject
CreateFontIndirectW
GetDeviceCaps
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetWindowOrgEx
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
SetBkMode
GetObjectA
GetObjectW

Sections

.text
Size: 909KB - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82b2502726b748d7cd0267010fcb51a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

comctl32

crypt32

winmm

gdiplus

imm32

msimg32

wininet

gdi32

Sections

.text Size: 909KB - Virtual size: 908KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 909KB - Virtual size: 908KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 58KB - Virtual size: 58KB