147f00bd54fb5adb4a0f29307f6796e6a3d6810d52ebdb33e632aaccf683695a

Sharing

Copy URL Twitter E-mail

General

Target

147f00bd54fb5adb4a0f29307f6796e6a3d6810d52ebdb33e632aaccf683695a
Size

1.2MB
MD5

cb7bbd753bc2ca9f127cc870356778fe
SHA1

7a229efe612c7839ed8a6e490fa9cc6954bd8b9d
SHA256

147f00bd54fb5adb4a0f29307f6796e6a3d6810d52ebdb33e632aaccf683695a
SHA512

e1eb2ee8168503c3b6f621eaa473341423c6bcd0d7954222e691d8cfc0656389a6a87b1f78ebcd325ab70d9e79418fc19016fb5ed875d470c653129635e47c8f
SSDEEP

24576:B/qbku9IP17Kdnuu+N/w06chJMvVyo8kB49UPgQdXmfAcIGUk/k:B/80+nuu+No06cUS0k02pk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c2b2d77ffd497ef0e0af9745e5499b40

Files

147f00bd54fb5adb4a0f29307f6796e6a3d6810d52ebdb33e632aaccf683695a
.zip
c2b2d77ffd497ef0e0af9745e5499b40
.exe windows:5 windows x86 arch:x86

f39f273105477696f07a26bc5869a437

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\829820\out\Release\SudaSetup.pdb

Imports

kernel32

InterlockedDecrement
GetFileSizeEx
ReadFile
SetFilePointerEx
GlobalAlloc
GlobalFree
GetLongPathNameW
OpenProcess
SetEndOfFile
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetVolumeInformationW
GetFileAttributesExW
GetCurrentProcess
OpenThread
lstrcmpA
lstrcmpiW
GetModuleHandleExW
GlobalSize
GlobalLock
GlobalUnlock
GetThreadLocale
SetThreadLocale
SystemTimeToFileTime
GetModuleHandleA
GetVersionExW
InterlockedIncrement
GetCommandLineW
GetFileInformationByHandle
GetStdHandle
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
ReleaseSemaphore
InitializeCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
FindClose
LocalFree
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
GetCurrentThreadId
LoadLibraryW
CreateFileMappingW
UnmapViewOfFile
InterlockedCompareExchange
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
FindFirstFileW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetFileType
ExitProcess
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
FreeResource
lstrcmpiA
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetACP
MulDiv
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
FormatMessageW
TryEnterCriticalSection
GetStringTypeW
IsDebuggerPresent
FindNextFileW
GetConsoleCP
SetFilePointer
WriteFile
SizeofResource
LoadResource
GetProcessHeap
HeapSize
GetLocalTime
HeapDestroy
LockResource
GetModuleFileNameW
SetEnvironmentVariableW
DeleteCriticalSection
CreateFileW

user32

SetActiveWindow
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
AttachThreadInput
IsIconic
BringWindowToTop
GetClipboardData
GetForegroundWindow
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
wsprintfW
SetWindowPos
IsWindowVisible
GetDesktopWindow
DrawTextW
GetSysColor
ClientToScreen
GetAsyncKeyState
EmptyClipboard
SetClipboardData
UnionRect
IntersectRect
SetCursor
EqualRect
MonitorFromPoint
SetWindowTextW
EnableWindow
SetFocus
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetSystemMetrics
KillTimer
SetTimer
PostQuitMessage
SendMessageW
CharUpperW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
IsClipboardFormatAvailable
LoadCursorW
CloseClipboard
OpenClipboard
CallWindowProcW
RegisterClassW
UpdateLayeredWindow
MoveWindow
IsZoomed
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
GetCursorPos
ScreenToClient
OffsetRect
IsRectEmpty
PtInRect

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegEnumKeyExA
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
ord165
SHGetFolderPathW

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

PathRemoveFileSpecW
SHDeleteValueW
StrStrIW
StrCmpNIW
StrCmpIW
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
PathAddBackslashW
SHGetValueW
PathRemoveExtensionW
StrStrIA
PathCanonicalizeW
StrTrimA
SHSetValueA
SHSetValueW
StrCpyNW
PathIsRelativeW
PathRemoveBackslashW
SHGetValueA
PathIsPrefixW
PathIsDirectoryW

version

VerQueryValueW

psapi

GetModuleFileNameExW

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

winmm

timeKillEvent
timeSetEvent

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

crypt32

CryptBinaryToStringA

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW
HttpQueryInfoW
HttpOpenRequestW
InternetSetOptionW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
HttpSendRequestW

msi

ord217
ord173

gdi32

GetObjectA
SetWindowOrgEx
CreateDIBSection
SetTextColor
SetStretchBltMode
BitBlt
CreateRoundRectRgn
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
CreateRectRgnIndirect
GetWindowOrgEx
RestoreDC
SaveDC
ExtSelectClipRgn
CreateCompatibleDC
DeleteDC
SelectObject
SetBkColor
SetBkMode
StretchBlt

gdiplus

GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDrawImageRectRectI
GdipFillPath
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawString
GdipCreateFontFromLogfontA
GdipFillEllipse
GdipDeleteFont
GdipSetStringFormatAlign
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreatePath
GdipDeletePath
GdipAddPathPath
GdipCreateRegionPath
GdipDeleteRegion
GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientFocusScales
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipFillRegion
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen1
GdipCreatePen2
GdipDeletePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipSetWorldTransform
GdipDrawArc
GdipDrawImageRect
GdipClosePathFigure
GdipAddPathLine
ord1
GdipAddPathRectangle
GdipAddPathEllipse
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipSetPenDashStyle
GdipSetPenDashArray
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetWorldTransform
GdipDrawLineI
GdipDrawRectangleI
GdipDrawEllipse
GdipDrawPath

msimg32

AlphaBlend

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39f273105477696f07a26bc5869a437

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

comctl32

winmm

imm32

crypt32

iphlpapi

wininet

msi

gdi32

gdiplus

msimg32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 276KB - Virtual size: 276KB

.data Size: 45KB - Virtual size: 73KB

.rsrc Size: 16.8MB - Virtual size: 16.8MB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 276KB - Virtual size: 276KB

.data
Size: 45KB - Virtual size: 73KB

.rsrc
Size: 16.8MB - Virtual size: 16.8MB

.reloc
Size: 72KB - Virtual size: 71KB