a01ee8a477e9313a5712a83832b2ba0da94b286c8f3833050270e1004e529155

Sharing

Copy URL

Twitter E-mail

General

Target

a01ee8a477e9313a5712a83832b2ba0da94b286c8f3833050270e1004e529155
Size

3.5MB
MD5

0b7399925c0284616b9fdfec3d20fcad
SHA1

2511a97c723050bad7c35f6ae9674f33040e1f8c
SHA256

a01ee8a477e9313a5712a83832b2ba0da94b286c8f3833050270e1004e529155
SHA512

80bf5ab18eb6919af7a36e8deafb2e62e9cb03afa7f7ee1bf891708fb9349062449e117bdfa355d37e73e1a20f301b7f2c077ae0bc78d34439c3080c9bd2c3aa
SSDEEP

49152:BfNSyj01WjPC1pJqQ2mIaoA1QXnIjw28jfhxS99PxV3kS0FrQj7qDBs4L:BIyA1WbC1PqooAVjv5RxVUS0IM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a01ee8a477e9313a5712a83832b2ba0da94b286c8f3833050270e1004e529155

Files

a01ee8a477e9313a5712a83832b2ba0da94b286c8f3833050270e1004e529155
.dll windows:5 windows x86 arch:x86

14bcb6d4d0c773a61ca8415faa86f637

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\822445\out\Release\360rp.pdb

Imports

dbghelp

MiniDumpWriteDump

kernel32

SetEnvironmentVariableW
QueryDosDeviceW
AreFileApisANSI
GetCommandLineW
lstrcmpW
GetACP
GetTimeZoneInformation
lstrlenA
OpenFileMappingW
IsBadReadPtr
GetHandleInformation
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
GetSystemWindowsDirectoryW
GetFileInformationByHandle
SetThreadExecutionState
SetPriorityClass
GetPrivateProfileIntA
VirtualQueryEx
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
CreateProcessA
VirtualQuery
FlushInstructionCache
SetThreadContext
LoadLibraryA
GetFullPathNameW
LockFile
LockFileEx
UnlockFile
GetTempPathA
FormatMessageA
GetFileAttributesA
DeleteFileA
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
SetNamedPipeHandleState
TerminateThread
ReadFileEx
WaitForSingleObjectEx
CreateNamedPipeA
GetOverlappedResult
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetStringTypeExW
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
CreateSemaphoreA
GetAtomNameW
lstrcmpA
LocalFileTimeToFileTime
SetFileTime
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalFlags
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentDirectoryW
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
ExitThread
HeapReAlloc
GetCommandLineA
SetStdHandle
GetFileType
HeapSize
ExitProcess
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
OutputDebugStringA
RemoveDirectoryW
GetExitCodeProcess
VirtualAlloc
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetModuleHandleA
Toolhelp32ReadProcessMemory
GetThreadTimes
GetSystemInfo
GlobalMemoryStatus
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLogicalDrives
SetCurrentDirectoryW
SetUnhandledExceptionFilter
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
SetErrorMode
OpenMutexW
GetCurrentThreadId
VirtualProtect
SetProcessWorkingSetSize
GetDiskFreeSpaceExW
LoadLibraryW
FlushFileBuffers
GetTempFileNameW
CompareFileTime
GetThreadContext
ReadProcessMemory
CreateMutexW
MoveFileW
GetShortPathNameW
OpenMutexA
SystemTimeToFileTime
SetThreadPriority
FileTimeToLocalFileTime
GetExitCodeThread
GetProcessIoCounters
WritePrivateProfileSectionW
GetPrivateProfileIntW
CreateEventA
ResetEvent
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
lstrcmpiW
GetEnvironmentVariableW
CreateProcessW
GetTempPathW
GetCurrentProcessId
ProcessIdToSessionId
Process32FirstW
GetProcessTimes
GetSystemTime
Process32NextW
HeapUnlock
HeapLock
HeapWalk
SetLastError
CreateThread
lstrcpyW
ResumeThread
OpenThread
SuspendThread
SetLocalTime
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
GetFileSizeEx
SetFilePointer
SetEndOfFile
WideCharToMultiByte
CreateMutexA
ReleaseMutex
OpenProcess
GetPrivateProfileSectionW
GetDriveTypeW
WriteFile
GetCurrentThread
TlsAlloc
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetPrivateProfileStringW
CreateDirectoryW
OutputDebugStringW
SetEvent
WaitForSingleObject
GetWindowsDirectoryW
CreateEventW
GetFileSize
ReadFile
WritePrivateProfileStringW
GetFileAttributesExW
CopyFileW
GetLongPathNameW
MoveFileExW
TlsGetValue
TlsSetValue
TlsFree
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetTickCount
InterlockedExchangeAdd
FreeLibrary
GetLogicalDriveStringsW
lstrlenW
GetFileAttributesW
GetLastError
QueryDosDeviceA
MultiByteToWideChar
GetDriveTypeA
CreateFileA
DeviceIoControl
GetSystemDirectoryW
lstrcatW
GetModuleFileNameW
IsBadCodePtr
LoadLibraryExW
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
CreateFileW
Sleep
GetFileTime
CloseHandle
GetLocalTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
InterlockedCompareExchange
InterlockedExchange
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalGetAtomNameW

user32

GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetDlgItemTextW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
MoveWindow
ScrollWindowEx
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
PostQuitMessage
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
GetMessagePos
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
CharUpperW
MsgWaitForMultipleObjects
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
IsIconic
LoadStringW
MessageBoxW
SetTimer
KillTimer
EnumThreadWindows
CharLowerBuffW
ShowWindow
SendMessageTimeoutW
GetWindowRect
BringWindowToTop
SetForegroundWindow
SwitchToThisWindow
SetWindowPos
SystemParametersInfoW
WindowFromPoint
WaitForInputIdle
FindWindowExW
GetWindowThreadProcessId
GetSystemMetrics
GetLastInputInfo
FindWindowW
PostMessageW
wsprintfW
CallWindowProcW

gdi32

GetTextMetricsW
GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontW
GetCharWidthW
GetTextExtentPoint32W
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
GetStockObject
CreateRectRgnIndirect
CreateFontIndirectW
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
CreateCompatibleDC
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
CreateDCA
GetObjectA
GetBitmapBits
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetDeviceCaps
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
GetObjectW
GetViewportExtEx
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
SelectPalette

advapi32

QueryServiceConfig2W
IsValidSid
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegSetValueW
EqualSid
RegEnumKeyExW
OpenThreadToken
SetEntriesInAclW
RevertToSelf
DuplicateTokenEx
QueryServiceStatusEx
SetTokenInformation
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyW
CloseServiceHandle
ControlService
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
StartServiceW
QueryServiceStatus
CreateServiceW
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
QueryServiceConfigW
ChangeServiceConfig2W
RegQueryInfoKeyW
RegCreateKeyExW
GetUserNameW
FreeSid
ConvertSidToStringSidA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ShellExecuteW

shlwapi

PathRemoveBackslashW
PathAppendW
PathFindExtensionW
PathCommonPrefixW
StrCmpNIW
StrStrIW
SHDeleteValueW
PathRemoveFileSpecW
PathAddBackslashW
StrCmpIW
PathFileExistsW
PathFindFileNameW
PathCanonicalizeW
SHGetValueW
StrStrW
StrCmpNW
SHDeleteKeyW
wnsprintfW
PathCombineW
StrCmpW
PathIsDirectoryW
SHGetValueA
StrToIntW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
SHSetValueW

ole32

CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoInitializeEx
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
IIDFromString
CoInitializeSecurity
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CoTreatAsClass

oleaut32

SafeArrayGetDim
GetErrorInfo
SetErrorInfo
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysStringByteLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetLBound
VarBstrCat
VariantInit
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
CreateErrorInfo
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Request_Device_EjectW
CM_Get_Parent

ws2_32

gethostbyname
WSACleanup
WSAStartup
gethostname
inet_ntoa
select

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

rpcrt4

NdrClientCall2
NdrAsyncClientCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW

Exports

Exports

?StartListen2@Communicator@@YAPAXPBD@Z
?StartListen3@Communicator@@YAPAXPBDI@Z
?StartListen@Communicator@@YAHPBD@Z
?StopListen2@Communicator@@YAXPAX@Z
?StopListen@Communicator@@YAHXZ
CreateHipsClient

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14bcb6d4d0c773a61ca8415faa86f637

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

version

setupapi

ws2_32

wintrust

crypt32

psapi

rpcrt4

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 58KB - Virtual size: 95KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 144KB - Virtual size: 144KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 58KB - Virtual size: 95KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 144KB - Virtual size: 144KB