985f8f3b33777ecc151b6bad5f48f9a44615e406bd49381769dfa44ce351f636

Sharing

Copy URL Twitter E-mail

General

Target

985f8f3b33777ecc151b6bad5f48f9a44615e406bd49381769dfa44ce351f636
Size

1.3MB
MD5

0033f8449b03a7641d273026539fbb7a
SHA1

4a09aa9b575b0f5d7ba16b44d6b16c4d7e1bb354
SHA256

985f8f3b33777ecc151b6bad5f48f9a44615e406bd49381769dfa44ce351f636
SHA512

b278be7f0da78954b9034e94400fe1c7dc57a7b17a16691dc4ddec7d6785b894c3e0c31a436caae6bcb53b3bcf1d236f4b083a85d61a9e9bacb33b2d298ee1df
SSDEEP

24576:Tj+IdX0D3RCzXZePMnqhGuvLuPkL5LrsAaNTGuvoy64:A7IzJLiGuvqPkLxsAYTGuvoy64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
985f8f3b33777ecc151b6bad5f48f9a44615e406bd49381769dfa44ce351f636

Files

985f8f3b33777ecc151b6bad5f48f9a44615e406bd49381769dfa44ce351f636
.exe windows:5 windows x86 arch:x86

de8d071e42c694823c52c84c759174c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\750944\out\Release\SDIS.pdb

Imports

kernel32

GetSystemInfo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
SetFileAttributesW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileTime
CreateFileMappingW
ExitProcess
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
VirtualQuery
VirtualProtect
DeviceIoControl
Thread32First
Thread32Next
lstrcmpA
OpenThread
RemoveDirectoryW
GetLongPathNameW
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
MapViewOfFileEx
InterlockedCompareExchange
GetSystemDirectoryW
SystemTimeToFileTime
GetModuleHandleA
SetFilePointerEx
GetThreadLocale
SetThreadLocale
GetNativeSystemInfo
MapViewOfFile
TerminateThread
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
lstrcmpiA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetTimeZoneInformation
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetFileAttributesW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
CreateIoCompletionPort
GetVersion
GetVersionExW
OpenFileMappingW
OpenMutexW
HeapFree
GetProcessHeap
HeapAlloc
GlobalSize
GlobalReAlloc
CreateWaitableTimerW
ResetEvent
SetWaitableTimer
GlobalUnlock
GlobalLock
CreateThread
GetFileSizeEx
LocalFree
lstrcpynW
ReadFile
GetFileSize
InterlockedExchange
FlushInstructionCache
MoveFileW
FreeResource
CopyFileW
GetExitCodeThread
GetCommandLineW
GlobalFree
GlobalAlloc
MoveFileExW
GetFileAttributesExW
DeleteFileW
lstrlenA
SetEvent
CreateEventW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MulDiv
FindClose
FindNextFileW
FindFirstFileW
InitializeCriticalSection
GetCurrentThreadId
SetErrorMode
GetExitCodeProcess
GetProcessId
GetCurrentProcess
TerminateProcess
LoadLibraryExW
RaiseException
lstrcmpiW
lstrlenW
CreateProcessW
GetStartupInfoW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
WaitForSingleObject
SetLastError
OutputDebugStringA
WideCharToMultiByte
GetTempPathW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
OutputDebugStringW
WriteFile
Sleep
GetTickCount
GetModuleFileNameW
GetCurrentProcessId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryW
CreateMutexW
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex

user32

DestroyWindow
DefWindowProcW
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
IsWindow
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
CreateWindowExW
SetWindowLongW
GetWindowLongW
ShowWindow
PostThreadMessageW
CharNextW
GetDC
ReleaseDC
CloseDesktop
GetThreadDesktop
SendMessageW
GetUserObjectInformationW
CreateDesktopW
GetProcessWindowStation
EnumDesktopWindows
SetTimer
PostMessageW
KillTimer
EndDialog
FindWindowW
WaitForInputIdle
IsWindowVisible
SetWindowPos
SetForegroundWindow
SetActiveWindow
SetThreadDesktop
DialogBoxParamW
EnumThreadWindows
GetGUIThreadInfo
GetClientRect
GetWindowTextW
PrintWindow
UnregisterClassA
GetWindowRect
GetForegroundWindow
AttachThreadInput
BringWindowToTop
SetCursorPos
GetWindow
GetDlgCtrlID
GetParent
IsWindowEnabled
SetRectEmpty
PtInRect
SetCursor
LoadCursorW
SetRect
PostQuitMessage
GetClassInfoExW
GetLastInputInfo
GetCursorPos
SystemParametersInfoW
GetActiveWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
CopyRect
CallWindowProcW

gdi32

CreateHalftonePalette
GetPaletteEntries
GdiFlush
CreatePalette
SetDIBColorTable
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
CreateDCW
DeleteDC
BitBlt
GetObjectW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DPtoLP
GetDeviceCaps
DeleteObject
GetStockObject
SetBitmapBits

advapi32

GetSecurityInfo
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW
ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CoInitializeEx
CoLoadLibrary
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringByteLen
VarUI4FromStr
DispCallFunc
SysAllocStringByteLen
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathBuildRootW
PathGetDriveNumberW
PathIsPrefixW
SHSetValueA
PathFileExistsW
PathAppendW
PathCombineW
PathFindFileNameW
PathAddBackslashW
StrCmpNIW
StrCmpIW
PathRemoveFileSpecW
PathFindExtensionW
PathRenameExtensionW
PathMatchSpecW
PathIsDirectoryW
PathQuoteSpacesW
StrStrW
SHGetValueW
StrCmpW
SHSetValueW
PathCanonicalizeA
PathFindNextComponentA
StrStrIW
StrFormatByteSizeW
SHGetValueA
StrRChrW
PathIsRootW
ord176
PathCanonicalizeW
PathRemoveBackslashW
StrCpyNW
StrChrW

gdiplus

GdipCloneImage
GdiplusShutdown
GdipFree
GdipAlloc
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdiplusStartup

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

imm32

ImmDisableIME

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

Sections

.text
Size: 918KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de8d071e42c694823c52c84c759174c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

crypt32

imm32

wtsapi32

psapi

version

netapi32

Sections

.text Size: 918KB - Virtual size: 917KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 25KB - Virtual size: 45KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 133KB - Virtual size: 136KB

.text
Size: 918KB - Virtual size: 917KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 25KB - Virtual size: 45KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 133KB - Virtual size: 136KB