8ba7f8d32427efaa88f82954c9b441f200e2d5c910edde5c401c90d3720d221f

Sharing

Copy URL Twitter E-mail

General

Target

8ba7f8d32427efaa88f82954c9b441f200e2d5c910edde5c401c90d3720d221f
Size

912KB
MD5

cf20f8fba01f22fc05b85c508160d310
SHA1

b295d8d225c9000704c5d1d06b1f6bf8f48866e0
SHA256

8ba7f8d32427efaa88f82954c9b441f200e2d5c910edde5c401c90d3720d221f
SHA512

accfecc9a0af620c8e05ccf35ed8ac619be346ee02b8da24d3a41ce712f57477d1591a8e5168b5fad47406353dbaeb49cb3a7993a611568c375ffd64e982810f
SSDEEP

24576:KAhE3hqT5LYoFCYkYExmKBhaWQc1PTV1/MUls:HWhq9YoFN76m8haWHTV1/MUls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba7f8d32427efaa88f82954c9b441f200e2d5c910edde5c401c90d3720d221f

Files

8ba7f8d32427efaa88f82954c9b441f200e2d5c910edde5c401c90d3720d221f
.exe windows:5 windows x86 arch:x86

d8b4d71e3956f122e3cc59005d550b25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\817539\out\QBuildRelease\IncrementUpgrade.pdb

Imports

kernel32

InitializeCriticalSection
TerminateProcess
CopyFileW
Sleep
MultiByteToWideChar
LoadLibraryExW
ReleaseMutex
GetTempPathW
CreateDirectoryW
GetTickCount
MoveFileW
WinExec
CreateMutexW
InterlockedDecrement
DecodePointer
RaiseException
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcess
IsBadReadPtr
DeleteFileW
ExitProcess
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
WriteFile
FreeLibrary
LoadLibraryW
GetModuleHandleA
lstrlenW
lstrcmpiW
lstrlenA
lstrcmpiA
VirtualProtect
VirtualQuery
SetLastError
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
WriteConsoleW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
ReadFile
FindFirstFileExW
SetStdHandle
FlushFileBuffers
GetFileType
SetEnvironmentVariableA
GetModuleHandleExW
GetACP
RtlUnwind
CreateTimerQueue
GetLastError
GetFileSize
CreateFileW
CloseHandle
OpenProcess
FreeResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
CreateFileA
LocalFileTimeToFileTime
UnhandledExceptionFilter
LoadLibraryExA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
FindResourceW
LoadResource
TlsGetValue
TlsAlloc
SwitchToThread
EncodePointer
TryEnterCriticalSection
QueryPerformanceCounter
GetStringTypeW
SetEvent
ResetEvent
CreateEventW
DeviceIoControl
WaitForSingleObject
GetStartupInfoW
GetPrivateProfileStringW
SizeofResource
InterlockedIncrement
GetSystemInfo
GetFileAttributesExW
InterlockedCompareExchange
GetSystemWindowsDirectoryW
LockResource
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindClose
GetFileTime
SetFileTime
GetDriveTypeW
SetVolumeLabelW
LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObjectEx
DuplicateHandle
OutputDebugStringW
SystemTimeToFileTime
GetTimeZoneInformation
MoveFileExW
FindNextFileW
RemoveDirectoryW
CreateThread

user32

InvalidateRect
GetActiveWindow
IsIconic
IsWindowVisible
MessageBoxW
FindWindowW
PostMessageW
GetSystemMetrics
IsWindow
CharNextW
wsprintfW

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
CreateDCW

advapi32

RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
SHSetValueW
StrStrIW
StrStrIA
PathFindFileNameW
PathAppendW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCrackUrl

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8b4d71e3956f122e3cc59005d550b25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

winhttp

dbghelp

Sections

.text Size: 660KB - Virtual size: 660KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 19KB - Virtual size: 47KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 660KB - Virtual size: 660KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 19KB - Virtual size: 47KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 32KB - Virtual size: 32KB