91c5d0f89d0a2ab6f6bbc4e560ae9a83264bc5a0c976c0798f10b6a527eb0cf3

Sharing

Copy URL Twitter E-mail

General

Target

91c5d0f89d0a2ab6f6bbc4e560ae9a83264bc5a0c976c0798f10b6a527eb0cf3
Size

3.5MB
MD5

005c6e178a32ebaa49fb000ddcccb412
SHA1

4a6ca07410b9b2ef784cf8e01a26a4f0cb73dc10
SHA256

91c5d0f89d0a2ab6f6bbc4e560ae9a83264bc5a0c976c0798f10b6a527eb0cf3
SHA512

cba8b709e77133b9f58142ed19ec1dba57a5a52a67f1e8b1570bb4e4f7a02775d49edeb77d5a414843d831949140c8386a2f1171487bfa8f83c69412ab600e7e
SSDEEP

98304:TmeTVvXl3xA4r/lIwZNY5rMGu0jAjiT9Bh3:TLV/7A4r/lIqNw0js9Bh3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91c5d0f89d0a2ab6f6bbc4e560ae9a83264bc5a0c976c0798f10b6a527eb0cf3

Files

91c5d0f89d0a2ab6f6bbc4e560ae9a83264bc5a0c976c0798f10b6a527eb0cf3
.exe windows:5 windows x86 arch:x86

56ab1bf1ab287bc52130bfa582c08ef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\804158\out\Release\GameAssistant.pdb

Imports

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptBinaryToStringA
CryptStringToBinaryA

advapi32

DeregisterEventSource
RegQueryInfoKeyW
RegEnumKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
ChangeServiceConfigW
OpenServiceW
QueryServiceObjectSecurity
QueryServiceStatus
SetServiceObjectSecurity
StartServiceW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterEventSourceW

kernel32

VirtualAlloc
VirtualFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetUserDefaultLCID
DeleteFileW
GetFileSizeEx
ReadFile
SetFileAttributesW
WriteFile
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenW
MoveFileExW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
CreateProcessW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTimeZoneInformation
GetFileSize
SetFilePointer
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
LoadLibraryW
lstrlenA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetCurrentThreadId
TerminateThread
GetExitCodeThread
MapViewOfFile
GetNativeSystemInfo
Process32FirstW
Process32NextW
OutputDebugStringW
CreatePipe
GetExitCodeProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleA
LocalFree
GetBinaryTypeW
GetPrivateProfileIntW
GetPrivateProfileStringW
FileTimeToSystemTime
SetFilePointerEx
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetLongPathNameW
RemoveDirectoryW
SetEndOfFile
GlobalAlloc
GlobalFree
GetFileAttributesExW
GetCurrentProcess
OpenThread
ResumeThread
GetModuleHandleExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GetTempPathW
GlobalMemoryStatusEx
GetVersionExW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SetEnvironmentVariableW
OpenMutexW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
SetDllDirectoryW
GetStartupInfoW
CopyFileW
GetCommandLineW
CreateThread
WritePrivateProfileStringW
GetStdHandle
GetEnvironmentVariableW
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
QueryPerformanceCounter
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryA
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
PeekNamedPipe
GetFileInformationByHandle
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
GetCurrentDirectoryW
GlobalSize
GlobalUnlock
GlobalLock
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFullPathNameW
CreateFileW
CreateToolhelp32Snapshot
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
GetStringTypeW
TryEnterCriticalSection
QueryPerformanceFrequency
LCMapStringEx
GetCPInfo
CompareStringEx

user32

RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
CharLowerW
GetSystemMetrics
IntersectRect
OffsetRect
EqualRect
PtInRect
PostMessageW
FindWindowW
DefWindowProcW
GetUserObjectInformationW
GetProcessWindowStation
GetMonitorInfoW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetWindowTextW
MonitorFromWindow
AttachThreadInput
IsIconic
BringWindowToTop
GetDesktopWindow
DrawTextW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetSysColor
GetKeyState
ScreenToClient
SetWindowRgn
UpdateLayeredWindow
GetUpdateRect
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
SendMessageTimeoutW
GetWindow
GetParent
MapWindowPoints
GetClientRect
SetFocus
GetFocus
SetCursor
UnionRect
IsRectEmpty
ReleaseDC
GetWindowRect
MoveWindow
MonitorFromPoint
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
CallWindowProcW
UnregisterClassW
GetClassInfoExW
SetTimer
KillTimer
LoadCursorW
GetAsyncKeyState
MessageBoxW
LoadImageW
SetWindowPos
IsWindowVisible
SendMessageW
RegisterClassW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostThreadMessageW
RegisterWindowMessageW
PostQuitMessage
GetCursorPos
ClientToScreen
LoadIconW
DestroyIcon
IsZoomed
GetMessagePos
GetDC

shell32

SHGetFolderPathW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHChangeNotify
CommandLineToArgvW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CoSetProxyBlanket
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathFileExistsW
StrStrIW
SHDeleteValueW
StrStrIA
PathAppendW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
SHGetValueW
ord176
StrFormatByteSizeW
PathCanonicalizeW
PathIsRelativeW
PathIsDirectoryW
SHSetValueW
StrCpyNW
PathRemoveBackslashW
PathIsPrefixW
PathIsRootW

ws2_32

closesocket
socket
WSACleanup
bind

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipFree
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDrawImageRect
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipClosePathFigure
GdipAddPathArc
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipLoadImageFromFile
GdipImageRotateFlip
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipFillRegion
GdipSetPathGradientFocusScales
GdipDeleteRegion
GdipCreateRegionPath
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipAddPathPath
GdipDeletePath
GdipCreatePath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipAlloc

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

winmm

timeKillEvent
timeSetEvent

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

msimg32

AlphaBlend

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

bcrypt

BCryptGenRandom

gdi32

SaveDC
GetObjectA
SetBkMode
SetBkColor
SetTextColor
StretchBlt
SetStretchBltMode
SetWindowOrgEx
GetStockObject
CreateFontIndirectW
DeleteObject
GetDeviceCaps
BitBlt
CreateRoundRectRgn
GetWindowOrgEx
CreateRectRgnIndirect
GetObjectW
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC

Exports

Exports

??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 62KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56ab1bf1ab287bc52130bfa582c08ef3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

advapi32

kernel32

user32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

gdiplus

comctl32

winmm

imm32

msimg32

wininet

bcrypt

gdi32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 677KB - Virtual size: 677KB

.data Size: 62KB - Virtual size: 81KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 199KB - Virtual size: 200KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 677KB - Virtual size: 677KB

.data
Size: 62KB - Virtual size: 81KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 199KB - Virtual size: 200KB