VTRL[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

VTRL.exe
Size

5.6MB
MD5

6c2d6a394fa98c9bc17ef23fbc2a4ed7
SHA1

ea851d3ade19fb41fcbd955b928a5aecd7a90e2e
SHA256

db85e08b5e17b1332736406c1ea6ee92d4bdb344c4fb8eb5cae2c7e60fe15623
SHA512

c1660e2a24712cd2d4499c0c4f116013ed409b791e0782ae921902bbd61082e073549ab0a0fb5991a200a0068dbf575782bf6d13a09a3a6ee3023b08fe42f8b1
SSDEEP

49152:RTQQV5vnd8PWGkftEPvOmZLa84Jj54ma94VPzn2qhxx2X9VwT4xpxmAqWnl1r1OO:1es4m1nd0FxpIWX7FF8hjPps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VTRL.exe

Files

VTRL.exe
.exe windows:6 windows x64 arch:x64

4ebdd005f9ec841b00529b26865efa04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vtrl.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetQueuedCompletionStatusEx
GetNamedPipeServerProcessId
GetStdHandle
GetConsoleMode
GetNamedPipeClientProcessId
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateNamedPipeW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetCurrentThread
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLogicalProcessorInformation
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
SetHandleInformation
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
OpenProcess
lstrlenW
WaitNamedPipeW
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
CreateFileW
LocalFree
GetCurrentProcess
SetEvent
HeapReAlloc
GetSystemTimePreciseAsFileTime
GetTickCount64
CreateIoCompletionPort
SetFileCompletionNotificationModes
Sleep
GetLogicalDrives
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
InitializeSListHead
GlobalMemoryStatusEx
SetEnvironmentVariableW
FindClose
IsDebuggerPresent
GetModuleHandleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
TlsFree
RtlPcToFileHeader
ReadFileEx
GetProcAddress
RaiseException
GetModuleHandleW
EncodePointer
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
LoadLibraryExW
TlsSetValue
GetCurrentThreadId
CloseHandle
DisconnectNamedPipe
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FlushFileBuffers
ReadFile
ConnectNamedPipe
LoadLibraryExA
FreeLibrary
WriteFile
PostQueuedCompletionStatus
GetLastError
SwitchToThread
HeapFree
CreateWaitableTimerExW

user32

SendInput
ShowWindow
SetMenuItemInfoW
DefWindowProcW
RegisterClassExW
GetWindowPlacement
SystemParametersInfoA
DestroyIcon
GetCursorPos
SetCursorPos
PeekMessageW
AdjustWindowRectEx
GetForegroundWindow
GetMenu
PostQuitMessage
FlashWindowEx
DispatchMessageW
GetWindowLongW
InvalidateRgn
GetKeyboardState
CreateAcceleratorTableW
SetWindowPos
TrackMouseEvent
ScreenToClient
RegisterWindowMessageA
SetWindowLongW
LoadCursorW
IsProcessDPIAware
MsgWaitForMultipleObjectsEx
ReleaseCapture
MapVirtualKeyExW
RegisterTouchWindow
IsWindow
SetWindowDisplayAffinity
ChangeDisplaySettingsExW
EnumDisplayMonitors
MonitorFromPoint
GetDC
SetCapture
SetWindowPlacement
GetMonitorInfoW
GetTouchInputInfo
IsWindowVisible
SetMenu
CheckMenuItem
ShowCursor
ClipCursor
MonitorFromWindow
GetSystemMetrics
CloseTouchInputHandle
PostMessageW
GetAncestor
TranslateAcceleratorW
CreateWindowExW
GetClipCursor
GetActiveWindow
SetWindowLongPtrW
RegisterRawInputDevices
DispatchMessageA
GetAsyncKeyState
ClientToScreen
RedrawWindow
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
GetMessageA
SetCursor
EnumChildWindows
GetSystemMenu
TranslateMessage
GetMessageW
GetWindowRect
PostThreadMessageW
EnableMenuItem
VkKeyScanW
DestroyWindow
SetForegroundWindow
MonitorFromRect
GetWindowLongPtrW
GetWindowTextW
GetClientRect
IsIconic
GetWindowTextLengthW
AppendMenuW
CreateMenu
GetKeyState
SetWindowTextW
SendMessageW
AllowSetForegroundWindow
CreateIcon
ToUnicodeEx
GetKeyboardLayout
DestroyAcceleratorTable

comctl32

DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
SafeArrayGetLBound
GetErrorInfo
SysFreeString
SafeArrayUnaccessData
SysStringLen
SafeArrayAccessData
SafeArrayGetUBound
SetErrorInfo

advapi32

RegCreateKeyExW
SystemFunction036
IsValidSid
GetLengthSid
ConvertSidToStringSidW
RegSetValueExW
RegCloseKey
GetTokenInformation
RegEnumValueW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
CredWriteW
CredReadW
CredDeleteW
CredFree
OpenProcessToken
RegDeleteValueW
CopySid
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
LookupAccountSidW

shell32

SHCreateItemFromParsingName
CommandLineToArgvW
ShellExecuteW
SHAppBarMessage
SHGetKnownFolderPath
DragQueryFileW
DragFinish

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

ws2_32

WSAIoctl
closesocket
WSASend
WSASocketW
ioctlsocket
connect
WSAGetLastError
bind
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
getsockname
getsockopt
getpeername
shutdown
send
recv

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtQuerySystemInformation
NtQueryInformationProcess
NtWriteFile
NtReadFile
NtCancelIoFileEx
RtlGetVersion

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore

secur32

EncryptMessage
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA
InitializeSecurityContextW
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
FreeContextBuffer
QueryContextAttributesW

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

pdh

PdhAddEnglishCounterW
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
_wcsicmp
wcslen
strlen

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free
calloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

trunc
floor
round
pow
__setusermatherr

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_initialize_onexit_table
terminate
abort
_cexit
_set_app_type
_configure_narrow_argv
__p___argv
_seh_filter_exe
_wassert
_initialize_narrow_environment
__p___argc
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_c_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ebdd005f9ec841b00529b26865efa04

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

user32

comctl32

oleaut32

advapi32

shell32

ole32

setupapi

dxgi

bcrypt

ws2_32

ntdll

crypt32

secur32

psapi

iphlpapi

netapi32

pdh

powrprof

uxtheme

gdi32

dwmapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 1024B - Virtual size: 12KB

.pdata Size: 67KB - Virtual size: 66KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 32KB - Virtual size: 32KB