6e52a9f437aefb2f8f899af51993fd901832adb4d9502ba4a81ee18d865025e4

Sharing

Copy URL Twitter E-mail

General

Target

6e52a9f437aefb2f8f899af51993fd901832adb4d9502ba4a81ee18d865025e4
Size

2.5MB
MD5

bbceb87f0fcbd9e4133b4c5794b4e0e5
SHA1

ad717eb546828d9b432e5c78ea5ef1fa6c0dbf14
SHA256

6e52a9f437aefb2f8f899af51993fd901832adb4d9502ba4a81ee18d865025e4
SHA512

1ffc8dee07804b301ace058542f16d2f30931b5f7a8979592f3b6e9fa1d7627aea64ddbc36ee20a5d04e6b79c8aab4f64763cf334a4e1ef557a73d2d3c4eb22d
SSDEEP

49152:FWs1Vq0YndhmG3ZwJV/LgNYBOo6Ab1lpzJMSbkfQRnvVXDK:FXV1W3ZAVyOf6klBk4RvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e52a9f437aefb2f8f899af51993fd901832adb4d9502ba4a81ee18d865025e4

Files

6e52a9f437aefb2f8f899af51993fd901832adb4d9502ba4a81ee18d865025e4
.dll regsvr32 windows:5 windows x86 arch:x86

70b407a4147710ae9b0d044786681d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\830543\out\Release\SodaMSOAddin.pdb

Imports

kernel32

GetModuleHandleA
SetFilePointerEx
GetLongPathNameW
SetEndOfFile
FlushViewOfFile
GetLogicalDriveStringsW
GetDriveTypeW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetVolumeInformationW
IsBadReadPtr
lstrcpynA
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
OpenThread
ReadProcessMemory
WriteProcessMemory
ResumeThread
lstrcmpA
lstrcpyW
OpenEventW
GetModuleHandleExW
OutputDebugStringA
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GlobalSize
GlobalLock
GlobalUnlock
GetThreadLocale
SetThreadLocale
GlobalMemoryStatusEx
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTempPathW
GetWindowsDirectoryA
InterlockedIncrement
InterlockedDecrement
LocalAlloc
GetBinaryTypeW
GetSystemTime
MulDiv
lstrcmpiW
GetCurrentProcess
OpenProcess
ReleaseSemaphore
CreateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
InterlockedExchange
MapViewOfFileEx
LoadLibraryW
CreateFileMappingW
lstrlenA
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetStdHandle
GetModuleFileNameA
GetFileType
ExitProcess
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GlobalFree
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
GetVersionExW
GetEnvironmentVariableW
GetACP
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
HeapWalk
HeapUnlock
UnmapViewOfFile
GetFileSize
InterlockedCompareExchange
FindNextFileW
FindFirstFileW
GetFileAttributesExW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
OutputDebugStringW
ExpandEnvironmentStringsW
GetLocalTime
FindClose
SetFilePointer
ReadFile
WriteFile
GetFileSizeEx
SizeofResource
LoadResource
GetCurrentThreadId
GetProcessHeap
HeapSize
HeapDestroy
LockResource
CreateProcessW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
FormatMessageW
GetCurrentThread
SwitchToThread
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
LocalFree
GetThreadPriority
GlobalAlloc
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
UnhandledExceptionFilter
lstrlenW
CreateFileW

user32

UnregisterClassW
AttachThreadInput
ShowWindow
IsIconic
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
PostMessageW
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
DrawTextW
GetSysColor
ClientToScreen
EmptyClipboard
SetClipboardData
SetCursor
IsRectEmpty
GetUpdateRect
ReleaseCapture
SetCapture
IsZoomed
UpdateLayeredWindow
RegisterClassW
MonitorFromPoint
SendMessageW
GetDesktopWindow
FindWindowExW
SendMessageTimeoutW
CharUpperW
EnumWindows
GetClassNameW
wsprintfW
GetActiveWindow
MessageBoxW
EnumDesktopWindows
WaitForInputIdle
SetWindowPos
IsWindowVisible
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
SetWindowTextW
GetClassInfoExW
CharNextW
SetTimer
KillTimer
LoadCursorW
GetDC
ReleaseDC
GetCursorPos
ScreenToClient
MoveWindow
GetWindowRect
GetParent
IsChild
SetFocus
GetFocus
GetKeyState
BeginPaint
EndPaint
SetWindowRgn
InvalidateRect
GetClientRect
FillRect
IntersectRect
UnionRect
OffsetRect
EqualRect
PtInRect
GetMessagePos
GetAsyncKeyState
GetSystemMetrics
MapWindowPoints
GetWindow
LoadImageW
EnableWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow

gdi32

GetObjectA
CreateDIBSection
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
SetMapMode
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
SetTextColor
GetStockObject
GetObjectW
BitBlt
CreateRoundRectRgn
GetWindowOrgEx
ExtSelectClipRgn
CreateCompatibleDC
SelectObject
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
CreateFontIndirectW

comdlg32

GetOpenFileNameW

advapi32

OpenSCManagerW
RegSetValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenCurrentUser
ConvertSidToStringSidW
GetUserNameW
GetUserNameA
LookupAccountNameW
LookupAccountNameA
GetSidIdentifierAuthority
IsValidSid
EnumServicesStatusExW
CheckTokenMembership
CreateProcessAsUserW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
GetFileSecurityW
MapGenericMask
AccessCheck
DuplicateToken
StartServiceW
SetServiceObjectSecurity
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
ChangeServiceConfigW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
LookupPrivilegeValueW
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
EnumServicesStatusW

shell32

ord75
SHOpenFolderAndSelectItems
ord155
SHGetFolderPathW
ord190
SHGetPathFromIDListW
ord165
SHGetSpecialFolderPathW
SHBrowseForFolderW
ord680
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

ole32

OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
StringFromGUID2
CoTaskMemRealloc
CLSIDFromString
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
OleCreatePictureIndirect
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
SysAllocString
SysStringByteLen
VarUI4FromStr

shlwapi

PathIsRelativeW
SHDeleteKeyW
PathAppendA
SHSetValueW
SHDeleteValueW
StrCpyNW
PathRemoveBackslashW
PathRelativePathToW
PathIsRootW
PathIsPrefixW
PathFindExtensionW
PathCommonPrefixW
PathCanonicalizeW
StrFormatByteSizeW
ord176
StrStrIA
StrRChrA
StrChrW
StrChrA
UrlGetPartW
PathAddBackslashW
StrCmpNIW
PathIsDirectoryW
SHGetValueW
PathFileExistsW
StrStrIW
PathAppendW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
StrCmpIW

ws2_32

socket
shutdown
send
recv
inet_addr
htons
connect
closesocket
WSACleanup
WSAStartup
inet_ntoa
gethostbyname

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

gdiplus

GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCloneStringFormat
GdipCreateFontFromDC
GdipCreateBitmapFromStreamICM
GdipCreatePath
GdipDeletePath
GdipAddPathEllipseI
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipSetStringFormatTrimming
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdipSetStringFormatLineAlign
GdipResetClip
GdipFillPath
GdipSetSmoothingMode
GdipDeleteGraphics
GdipSetStringFormatFlags
GdiplusStartup
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen1
GdipCreatePen2
GdipDeletePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipCreateFromHDC
GdipSetWorldTransform
GdipDrawArc
GdipDrawImageRect
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipAddPathPath
GdipCreateRegionPath
GdipDeleteRegion
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientFocusScales
GdipSetPixelOffsetMode
GdipFillRegion
GdipClosePathFigure
GdipAddPathLine
ord1
GdipAddPathRectangle
GdipAddPathEllipse
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipSetPenDashStyle
GdipSetPenDashArray
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetWorldTransform
GdipDrawLineI
GdipDrawRectangleI
GdipDrawEllipse
GdipDrawPath
GdipFillEllipse
GdipDrawImageRectRectI
GdipSetClipPath
GdipCreateBitmapFromFile

winmm

timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CryptBinaryToStringW
CryptStringToBinaryW
CryptStringToBinaryA
CryptBinaryToStringA
CertGetNameStringW
CryptMsgClose

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

iphlpapi

GetIpAddrTable
GetAdaptersInfo

wininet

InternetSetFilePointer
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetSetOptionW
InternetCrackUrlW

urlmon

UrlMkSetSessionOption

setupapi

SetupIterateCabinetW

comctl32

_TrackMouseEvent
ord17

msimg32

AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
RegisterAddin
UnRegisterAddin
getopt_a
getopt_long_a
getopt_long_only_a
getopt_long_only_w
getopt_long_w
getopt_w
optarg_a
optarg_w
opterr
optind
optopt
reset_getopt_data_w

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70b407a4147710ae9b0d044786681d5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

gdiplus

winmm

imm32

wintrust

crypt32

dbghelp

iphlpapi

wininet

urlmon

setupapi

comctl32

msimg32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 425KB - Virtual size: 424KB

.data Size: 57KB - Virtual size: 71KB

.rsrc Size: 178KB - Virtual size: 177KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 425KB - Virtual size: 424KB

.data
Size: 57KB - Virtual size: 71KB

.rsrc
Size: 178KB - Virtual size: 177KB

.reloc
Size: 95KB - Virtual size: 94KB