18dd73c4541d5131857e1d6dc5946948b0c4370cecb38536b72f3b74f041ed5d

Sharing

Copy URL

Twitter E-mail

General

Target

18dd73c4541d5131857e1d6dc5946948b0c4370cecb38536b72f3b74f041ed5d
Size

1.8MB
MD5

bd2c05a881877440d3d82aa3a774226a
SHA1

a3a524066a02fc500c799efe475fa18f9c167c1e
SHA256

18dd73c4541d5131857e1d6dc5946948b0c4370cecb38536b72f3b74f041ed5d
SHA512

1bb63db23d2e437c31c367fe391c7f7654a5d8a6112599f0664ebb759728668828ebd56f098e7a9dfdb69d7fa6b73dc4b79c08b5cf3f0adb114ac1b061f90c4d
SSDEEP

24576:wPR0Y4MMJ3/82md+8S5AvAXqGc/AXvdFQJWA9GbSArkm8YQHjO3/yJrDfM41RZsQ:S4l/BNSofX7+MNQC36p441RZsdMpp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18dd73c4541d5131857e1d6dc5946948b0c4370cecb38536b72f3b74f041ed5d

Files

18dd73c4541d5131857e1d6dc5946948b0c4370cecb38536b72f3b74f041ed5d
.exe windows:5 windows x86 arch:x86

a7e8918739d7a5206a5103aeb555a6ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\829820\out\Release\readertray.pdb

Imports

kernel32

InterlockedDecrement
SetFilePointerEx
GlobalAlloc
GlobalFree
OpenProcess
SetEndOfFile
GetCurrentProcess
OpenThread
ReadProcessMemory
lstrcmpiW
GetModuleHandleExW
GlobalSize
GlobalLock
GlobalUnlock
GetThreadLocale
SetThreadLocale
LocalFree
SystemTimeToFileTime
GetModuleHandleA
GetSystemTime
InterlockedIncrement
GetCommandLineW
CopyFileW
LocalAlloc
GetBinaryTypeW
GetModuleFileNameW
DeleteCriticalSection
FindFirstFileW
GetLocalTime
FindClose
MapViewOfFile
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
GetCurrentThreadId
InterlockedExchange
WriteConsoleW
InitializeCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetStdHandle
GetFileType
ExitProcess
ExitThread
RtlUnwind
MapViewOfFileEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
DeleteTimerQueueTimer
GetTempPathW
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetACP
MulDiv
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
LoadLibraryW
CreateFileMappingW
lstrlenA
UnmapViewOfFile
GetFileSize
InterlockedCompareExchange
GetVersionExW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
OutputDebugStringW
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
FormatMessageW
TryEnterCriticalSection
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetTempFileNameW
ChangeTimerQueueTimer
SetFilePointer
SizeofResource
LoadResource
GetVersion
LockResource
MoveFileExW
DeleteFileW
SetFileAttributesW
lstrlenW
ReadFile
WriteFile
GetFileSizeEx
FindNextFileW
GetProcessHeap
HeapSize
HeapDestroy
UnregisterWaitEx
CreateProcessW
SetEnvironmentVariableA
CreateFileW

user32

ClientToScreen
GetAsyncKeyState
EmptyClipboard
SetClipboardData
UnionRect
IntersectRect
SetCursor
EqualRect
MonitorFromPoint
PtInRect
OffsetRect
ScreenToClient
GetCursorPos
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
MoveWindow
UpdateLayeredWindow
RegisterClassW
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
SendMessageW
wsprintfW
SetWindowPos
IsWindowVisible
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
CharLowerBuffW
UnregisterClassW
GetSysColor
GetWindowTextW
GetWindowRect
FindWindowExW
CharNextW
CallWindowProcW
GetClassInfoExW
SetClipboardViewer
ChangeClipboardChain
KillTimer
LoadCursorW
GetDesktopWindow
DrawTextW
GetDC
ReleaseDC
IsRectEmpty
LoadImageW
EnumChildWindows
GetClassNameW
GetWindow
SetWinEventHook
UnhookWinEvent
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetSystemMetrics
SetWindowTextW
GetClientRect
MapWindowPoints
GetParent
MonitorFromWindow
GetMonitorInfoW
RegisterHotKey
UnregisterHotKey
IsIconic
AttachThreadInput
SendMessageTimeoutW
PostMessageW
SetWindowLongW
GetWindowLongW
ShowWindow
DestroyWindow
IsWindow
BringWindowToTop
SetTimer
CreateWindowExW
RegisterClassExW
DefWindowProcW

gdi32

SetStretchBltMode
GetObjectA
SetBkColor
StretchBlt
ExtSelectClipRgn
GetObjectW
CreateDIBSection
SetTextColor
SetBkMode
SetWindowOrgEx
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SaveDC
BitBlt
CreateRoundRectRgn
GetDeviceCaps
CreateRectRgnIndirect
GetWindowOrgEx
RestoreDC

advapi32

RevertToSelf
RegOpenCurrentUser
RegEnumKeyExW
RegSetValueW
RegQueryInfoKeyW
RegOpenKeyW
RegCreateKeyW
ConvertSidToStringSidW
LookupAccountNameW
RegCloseKey
StartServiceW
SetServiceObjectSecurity
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
ImpersonateSelf

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ord165
SHChangeNotify

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
VarUI4FromStr
VariantInit
LoadTypeLi
SysAllocString
SysAllocStringLen
LoadRegTypeLi
SysFreeString

shlwapi

UrlGetPartW
SHSetValueW
StrCpyNW
PathFindFileNameW
PathCombineW
ord176
PathIsRelativeW
SHDeleteValueW
PathAddBackslashW
StrStrIW
StrCmpNIW
SHGetValueW
PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreateFromHDC
GdipFillPath
GdipCreateSolidFill
GdipCloneImage
GdipAddPathRectangle
ord1
GdipDeletePath
GdipCreatePath
GdipDeleteBrush
GdiplusStartup
GdipCloneBrush
GdipFree
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipClosePathFigure
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipAddPathLine
GdipSetPixelOffsetMode
GdipAlloc
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipResetClip
GdipSetClipPath
GdipDrawImageRectRectI
GdipFillEllipse
GdipDrawPath
GdipDrawEllipse
GdipDrawRectangleI
GdipDrawLineI
GdipGetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenDashArray
GdipSetPenDashStyle
GdipCreateLineBrushFromRectI
GdipAddPathEllipse
GdipDrawImageRect
GdipDrawArc
GdipSetWorldTransform
GdipImageRotateFlip
GdipLoadImageFromFile
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFillRegion
GdipSetPathGradientFocusScales
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCreatePathGradientFromPath
GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathPath
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame

winmm

timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

crypt32

CryptBinaryToStringA
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertGetNameStringW
CryptStringToBinaryA
CryptMsgGetParam
CryptMsgClose
CertCloseStore

secur32

GetUserNameExW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7e8918739d7a5206a5103aeb555a6ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

comctl32

msimg32

gdiplus

winmm

imm32

crypt32

secur32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 293KB - Virtual size: 292KB

.data Size: 51KB - Virtual size: 60KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 293KB - Virtual size: 292KB

.data
Size: 51KB - Virtual size: 60KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 76KB - Virtual size: 75KB