24cb49647106f381ab4808f1e9466398c3795cc121fdcd1334ef07fd45f7ca26[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

24cb49647106f381ab4808f1e9466398c3795cc121fdcd1334ef07fd45f7ca26.exe
Size

79KB
MD5

8817627281d7bb04dc93de70d58a671b
SHA1

fb627e36ca7c7261dacc404b29b367d2356b8f80
SHA256

24cb49647106f381ab4808f1e9466398c3795cc121fdcd1334ef07fd45f7ca26
SHA512

f7f281622633a057a8f5b0159e47046e963057ab48127b0388dda9d2e1fc9b42523a49dec77a78764bf4679bce47ed0704faa855a4683665861fad08c951b9f6
SSDEEP

768:5KNnP0AACkN/wojh3GZciwvEwKiDDQC0wjT7f8nUbftpnthtXPtbht1thttXjFtO:5XPN/XgZZ4zDEFC38fl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24cb49647106f381ab4808f1e9466398c3795cc121fdcd1334ef07fd45f7ca26.exe

Files

24cb49647106f381ab4808f1e9466398c3795cc121fdcd1334ef07fd45f7ca26.exe
.dll windows:6 windows x64 arch:x64

d9c55536d78924c5c87f2596b26b4079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vmbuspipe.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
wcsncmp
memcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

advapi32

RegQueryValueExW
RegCloseKey

kernel32

SetLastError
CloseHandle
HeapAlloc
GetLastError
DeviceIoControl
CreateEventW
Sleep
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapFree
GetProcessHeap
GetModuleHandleW
GetOverlappedResult

ole32

IIDFromString

user32

PostMessageW
KillTimer
DispatchMessageW
DefWindowProcW
UnregisterDeviceNotification
SetWindowLongPtrW
CreateWindowExW
GetDesktopWindow
RegisterDeviceNotificationW
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
GetMessageW
SetTimer
DestroyWindow
TranslateMessage

Exports

Exports

VmbusPipeClientEnumeratePipes
VmbusPipeClientOpenChannel
VmbusPipeClientWaitChannel
VmbusPipeGetPipeMode
VmbusPipeServerConnectPipe
VmbusPipeServerOfferChannel
VmbusPipeServerPause
VmbusPipeServerResume

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

)�>�
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9c55536d78924c5c87f2596b26b4079

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

setupapi

advapi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 116B

)�>� Size: 64KB - Virtual size: 64KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 116B

)�>�
Size: 64KB - Virtual size: 64KB