55713915cbbc4bf9a4f1394522119a6ed0a34267974129e56f26b1f7831be20e

Sharing

Copy URL Twitter E-mail

General

Target

55713915cbbc4bf9a4f1394522119a6ed0a34267974129e56f26b1f7831be20e
Size

8.1MB
MD5

9a5838b85cc770dd5e9989859b7d36c6
SHA1

fabcd5319a0d6ada5d8823e03aeac224ba4dec36
SHA256

55713915cbbc4bf9a4f1394522119a6ed0a34267974129e56f26b1f7831be20e
SHA512

35ce0ef7e2046cbb3b8c4fd4e1e99ab0768eeb2e6bc26aada068a91039da87d92e6eebc192c1dbf01b90f212ef5868163b246ce0f2c201961cd3d630118e1538
SSDEEP

196608:pdS80r43CFKWBv+08TUfxxjD9aJPhRVeigCXsQFx:OL48fG0WkHjB0hRVeiNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55713915cbbc4bf9a4f1394522119a6ed0a34267974129e56f26b1f7831be20e

Files

55713915cbbc4bf9a4f1394522119a6ed0a34267974129e56f26b1f7831be20e
.exe windows:5 windows x86 arch:x86

9d01e24f1aa9930627689fc238e0b63b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\824322\out\Release\SodaMSOAddinSetup.pdb

Imports

kernel32

SetEndOfFile
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetVolumeInformationW
GetCurrentProcess
lstrcmpA
lstrcmpiW
GetModuleHandleExW
GlobalSize
GlobalLock
GlobalUnlock
SystemTimeToFileTime
GetVersionExW
GetVersion
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
GetFileInformationByHandle
GetStdHandle
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
ReleaseSemaphore
MapViewOfFile
LocalFree
LoadLibraryW
CreateFileMappingW
UnmapViewOfFile
InterlockedCompareExchange
FindNextFileW
FindFirstFileW
GetFileAttributesExW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
OutputDebugStringW
GetLocalTime
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ExitProcess
ExitThread
RtlUnwind
GlobalFree
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
FindClose
SetFilePointer
ReadFile
WriteFile
GetFileSizeEx
SizeofResource
LoadResource
GetCurrentThreadId
GetProcessHeap
HeapSize
HeapDestroy
LockResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
FreeResource
lstrcmpiA
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetACP
MulDiv
VerSetConditionMask
VerifyVersionInfoW
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
TryEnterCriticalSection
GetStringTypeW
IsDebuggerPresent
SetFilePointerEx
GetFileType
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetModuleHandleA
GlobalAlloc
Process32NextW
Process32FirstW
UnregisterWaitEx
CreateToolhelp32Snapshot
CreateFileW

user32

GetKeyState
ScreenToClient
SetWindowRgn
UpdateLayeredWindow
IsRectEmpty
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
GetFocus
GetDC
IsZoomed
CallWindowProcW
RegisterClassW
OffsetRect
ReleaseDC
SetWindowPos
IsWindowVisible
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostQuitMessage
SetTimer
KillTimer
GetSystemMetrics
GetClientRect
PtInRect
MonitorFromPoint
AttachThreadInput
ShowWindow
IsIconic
GetCursorPos
BringWindowToTop
SetActiveWindow
SetWindowTextW
EnableWindow
SetFocus
EqualRect
UnionRect
IntersectRect
SetCursor
ClientToScreen
GetSysColor
GetAsyncKeyState
EmptyClipboard
SetClipboardData
DrawTextW
GetDesktopWindow
GetWindowRect
GetMonitorInfoW
MapWindowPoints
MonitorFromWindow
LoadImageW
GetWindow
GetParent
GetForegroundWindow
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
PostMessageW
DefWindowProcW
RegisterClassExW
CharUpperW
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
CreateWindowExW
LoadCursorW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegEnumKeyExA
OpenSCManagerW
EnumServicesStatusW

shell32

CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

OleInitialize
CoTaskMemRealloc
CoInitialize
OleUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
SysAllocStringLen
VariantClear
SysStringLen

shlwapi

PathIsRelativeW
StrStrIA
SHGetValueA
SHSetValueA
PathFileExistsW
StrStrIW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
StrCmpIW
SHSetValueW
SHGetValueW
StrCmpNIW
PathIsDirectoryW
StrTrimA
PathCombineW

version

VerQueryValueW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipFree
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipSetPenDashArray
GdipSetPenDashStyle
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipClosePathFigure
ord1
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipFillRegion
GdipSetPathGradientFocusScales
GdipDeleteRegion
GdipCreateRegionPath
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipAddPathPath
GdipDeletePath
GdipCreatePath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

winmm

timeSetEvent
timeKillEvent

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msimg32

AlphaBlend

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetOpenW

gdi32

CreateRoundRectRgn
BitBlt
GetObjectW
GetStockObject
CreateFontIndirectW
GetDeviceCaps
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetWindowOrgEx
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
SetBkMode
GetObjectA
DeleteObject

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d01e24f1aa9930627689fc238e0b63b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

comctl32

winmm

imm32

msimg32

iphlpapi

wininet

gdi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 41KB - Virtual size: 68KB

.rsrc Size: 6.7MB - Virtual size: 6.7MB

.reloc Size: 71KB - Virtual size: 71KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 41KB - Virtual size: 68KB

.rsrc
Size: 6.7MB - Virtual size: 6.7MB

.reloc
Size: 71KB - Virtual size: 71KB