e27be4940409bf6b72ee7d102c2adce7ae297bb362405a31e6a91dbda1ad49dd

Sharing

Copy URL Twitter E-mail

General

Target

e27be4940409bf6b72ee7d102c2adce7ae297bb362405a31e6a91dbda1ad49dd
Size

1.5MB
MD5

a87b798cf7b0897e291658e0a85297d6
SHA1

1d9f40a5837aba2e93e1cd07ad6dbfd0678a2901
SHA256

e27be4940409bf6b72ee7d102c2adce7ae297bb362405a31e6a91dbda1ad49dd
SHA512

d29fe861dcdc2502c62c07942357b839c7038cfa50c5b52d6fb50bbaee042c43d85e53956b351cf1592a69f0ecbb7007f48e7c4c1db3fe39994969ae7194945b
SSDEEP

24576:87YdQi2xJ8rfnhc2qfIeaGhivfLho3/7zgkR31344int1JlIr:i3SKIOhiLW3T11344S1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27be4940409bf6b72ee7d102c2adce7ae297bb362405a31e6a91dbda1ad49dd

Files

e27be4940409bf6b72ee7d102c2adce7ae297bb362405a31e6a91dbda1ad49dd
.exe windows:5 windows x86 arch:x86

cbf7535efbcde97480dda157eb276839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\828709\out\Release\SodaUninst.pdb

Imports

kernel32

GetLongPathNameW
OpenProcess
SetEndOfFile
RemoveDirectoryW
DeleteFileW
MoveFileExW
GetFileAttributesExW
GetCurrentProcess
OpenThread
lstrcmpA
lstrcmpiW
GetModuleHandleExW
GlobalSize
GlobalLock
GlobalUnlock
GetThreadLocale
SetThreadLocale
SystemTimeToFileTime
GetModuleHandleA
GetTempPathW
GetVersionExW
InterlockedIncrement
GetCommandLineW
CopyFileW
FindClose
LocalFree
GetFileSizeEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
GetCurrentThreadId
InterlockedExchange
LoadLibraryW
CreateFileMappingW
lstrlenA
UnmapViewOfFile
InterlockedCompareExchange
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetFileType
GetStdHandle
ExitProcess
ExitThread
RtlUnwind
UnregisterWaitEx
OutputDebugStringW
GlobalAlloc
WriteFile
SizeofResource
LoadResource
GetProcessHeap
HeapSize
InterlockedDecrement
LockResource
CreateProcessW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
FreeResource
lstrcmpiA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetACP
MulDiv
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
FormatMessageW
TryEnterCriticalSection
GetStringTypeW
IsDebuggerPresent
GlobalFree
SetFilePointerEx
SetFilePointer
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
ReadFile
FindNextFileW
FindFirstFileW
HeapDestroy
CreateFileW

user32

LoadCursorW
GetFocus
GetKeyState
SetCapture
ReleaseCapture
IsRectEmpty
BeginPaint
EndPaint
PtInRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetCursorPos
IntersectRect
BringWindowToTop
IsIconic
AttachThreadInput
CloseClipboard
SetWindowLongW
GetWindowLongW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
IsWindow
GetSystemMetrics
GetWindowRect
GetWindowThreadProcessId
PostMessageW
UnionRect
EqualRect
SetActiveWindow
GetForegroundWindow
ScreenToClient
OffsetRect
SetCursor
SetClipboardData
EmptyClipboard
GetAsyncKeyState
ClientToScreen
GetSysColor
GetDesktopWindow
DrawTextW
wsprintfW
FindWindowW
GetUpdateRect
SetForegroundWindow
SetFocus
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
MapWindowPoints
GetClientRect
KillTimer
PostQuitMessage
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
IsClipboardFormatAvailable
GetClipboardData
IsZoomed
OpenClipboard
IsWindowVisible
SetWindowPos
GetDC
ReleaseDC
MonitorFromPoint
CallWindowProcW
RegisterClassW
UpdateLayeredWindow
MoveWindow
DefWindowProcW

advapi32

RegEnumKeyExA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegOpenKeyW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegQueryValueExW

shell32

SHGetFolderPathW
ord165
CommandLineToArgvW
SHFileOperationW
ShellExecuteW
ShellExecuteExW

ole32

CoTaskMemFree
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringLen
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathRemoveBackslashW
PathIsRootW
PathIsPrefixW
PathCanonicalizeW
ord176
SHGetValueW
PathRemoveFileSpecW
StrStrIW
StrStrIA
SHSetValueW
PathAppendW
SHDeleteKeyW
PathFileExistsW
PathCombineW
PathFindFileNameW
StrCmpIW
StrCmpNIW
StrTrimA
SHSetValueA
PathAddBackslashW
SHGetValueA
PathIsRelativeW

version

VerQueryValueW

psapi

GetModuleFileNameExW

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

winmm

timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

crypt32

CryptBinaryToStringA

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetSetOptionW

gdi32

GetObjectW
GetDeviceCaps
BitBlt
CreateRoundRectRgn
GetStockObject
GetWindowOrgEx
RestoreDC
SaveDC
ExtSelectClipRgn
CreateCompatibleDC
DeleteDC
SelectObject
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectA
SetWindowOrgEx
DeleteObject
CreateFontIndirectW
CreateRectRgnIndirect

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipResetClip
GdipSetClipPath
GdipDrawImageRectRectI
GdipFillPath
GdipFillEllipse
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen1
GdipCreatePen2
GdipDeletePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDrawArc
GdipDrawImageRect
GdipCreatePath
GdipDeletePath
GdipAddPathPath
GdipCreateRegionPath
GdipDeleteRegion
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientFocusScales
GdipSetPixelOffsetMode
GdipFillRegion
GdipClosePathFigure
GdipAddPathLine
ord1
GdipAddPathRectangle
GdipAddPathEllipse
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipSetPenDashStyle
GdipSetPenDashArray
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetWorldTransform
GdipDrawLineI
GdipDrawRectangleI
GdipDrawEllipse
GdipDrawPath

msimg32

AlphaBlend

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbf7535efbcde97480dda157eb276839

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

comctl32

winmm

imm32

crypt32

iphlpapi

wininet

gdi32

gdiplus

msimg32

Sections

.text Size: 1010KB - Virtual size: 1009KB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 43KB - Virtual size: 54KB

.rsrc Size: 191KB - Virtual size: 190KB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1010KB - Virtual size: 1009KB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 43KB - Virtual size: 54KB

.rsrc
Size: 191KB - Virtual size: 190KB

.reloc
Size: 67KB - Virtual size: 67KB