87a2d2ffe4ea7fc5fb640f8d03030d670a75eab0126172792a2f12315375e7bc

Sharing

Copy URL Twitter E-mail

General

Target

87a2d2ffe4ea7fc5fb640f8d03030d670a75eab0126172792a2f12315375e7bc
Size

9.0MB
MD5

0d5f6a6e78a8e36ac1190fee57d19436
SHA1

43027d3eff76099347593c0a5fd60025559b4608
SHA256

87a2d2ffe4ea7fc5fb640f8d03030d670a75eab0126172792a2f12315375e7bc
SHA512

e4c4a9187a73bbd3eafc18b1197a21e8e41930ec9b4206f3d62f8961d57f9ce95bea0ef7ff04deed7369b8361b5b8d3508ed5ce04eef1e339d6f0956a5e50703
SSDEEP

98304:eCNfeNaDU5VJ+oJ+gP/CAFBQ6Cjk0BctpaJAdO0mWS0+YoIfyfWfmacAr:3NfelrQoBqP6CjNyYAknWS0J2ygi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87a2d2ffe4ea7fc5fb640f8d03030d670a75eab0126172792a2f12315375e7bc

Files

87a2d2ffe4ea7fc5fb640f8d03030d670a75eab0126172792a2f12315375e7bc
.exe windows:6 windows x86 arch:x86

b0ae39d1587925c123fc00fadcab9ad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Source\vguest\Release\ops-agent.pdb

Imports

kernel32

GetUserPreferredUILanguages
GetCurrentThreadId
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
TerminateThread
WaitForSingleObjectEx
CloseHandle
GetSystemInfo
CancelIoEx
CreateMutexW
SetUnhandledExceptionFilter
GetCurrentProcess
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
GetTempPathW
GetQueuedCompletionStatus
SetFilePointer
LeaveCriticalSection
GetDiskFreeSpaceW
GetNativeSystemInfo
GetLocaleInfoW
GetModuleFileNameW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeviceIoControl
IsDebuggerPresent
GetDynamicTimeZoneInformation
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
CreateJobObjectW
WaitForMultipleObjects
TerminateProcess
CreateEventA
FormatMessageA
GetSystemTimeAsFileTime
CreateProcessA
SleepEx
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
DeleteFileW
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
SleepConditionVariableSRW
WakeAllConditionVariable
LCMapStringEx
EncodePointer
WideCharToMultiByte
GetCurrentProcessId
DeleteCriticalSection
LocalFree
GetStringTypeW
GetExitCodeThread
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetLocaleInfoEx
RaiseException
lstrcpynW
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
GlobalAlloc
lstrcpyW
lstrcmpiW
MulDiv
ExitProcess
lstrlenW
GlobalLock
GlobalUnlock
GetTickCount
GetFileSize
GetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
ConvertThreadToFiber
AssignProcessToJobObject
WriteFile
DecodePointer
QueueUserAPC
SetEndOfFile
ConvertFiberToThread
GetACP
QueryPerformanceCounter
GetFileType
GetStdHandle
CreateFiberEx
CreateWaitableTimerW
EnterCriticalSection
SetLastError
SetWaitableTimer
ReadFile
GetFileSizeEx
SetInformationJobObject
ResetEvent
WriteConsoleW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetSystemDirectoryA
LoadLibraryA
VirtualFree
GetEnvironmentVariableW
SwitchToFiber
DeleteFiber

user32

LoadIconW
GetSystemMetrics
LoadImageW
SendMessageW
UnregisterClassW
SetWindowTextW
IsWindow
ChangeWindowMessageFilter
IsWindowVisible
GetParent
GetMonitorInfoW
MonitorFromWindow
SetWindowPos
PostQuitMessage
GetWindowLongW
GetIconInfo
GetDC
DrawIconEx
ReleaseDC
DestroyIcon
DestroyWindow
UpdateLayeredWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
UpdateWindow
RegisterWindowMessageW
PostMessageW
wsprintfW
ShowWindow
MessageBoxW
GetWindowRect
GetWindow
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
EqualRect
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
GetWindowRgn
IsWindowEnabled
SetRect
FillRect
DrawTextW
CharPrevW
SetForegroundWindow
MoveWindow
GetWindowTextLengthW
GetWindowTextW
GetPropW
SetPropW
EnableWindow
GetClassInfoExW
RegisterClassW
CallWindowProcW
SetWindowRgn
SetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
GetProcessWindowStation
GetUserObjectInformationW
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture

gdi32

AddFontMemResourceEx
GetBitmapBits
GetTextExtentPointA
PtInRegion
CreateRectRgn
GdiFlush
TextOutW
MoveToEx
BitBlt
CreateDIBitmap
CreateFontIndirectW
CreatePen
GetDeviceCaps
GetStockObject
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
SetWindowOrgEx
CreateRoundRectRgn
CreatePatternBrush
CreateSolidBrush
GetObjectA
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
CreateDIBSection
SetBkMode
SetTextColor
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
SetBitmapBits

advapi32

RegCloseKey
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExA
RegQueryValueExA
RegGetValueW
ReportEventW
RegOpenKeyExW
RegQueryValueExW

shell32

DragQueryFileW
SHGetKnownFolderPath
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
DoDragDrop
OleDuplicateData
CreateStreamOnHGlobal
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
VariantInit
VarUI8FromStr
VariantClear

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipCreateFromHDC
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipDeleteFontFamily
GdipStringFormatGetGenericTypographic
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDeleteGraphics
GdipCloneStringFormat
GdipDrawRectangleI
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipReleaseDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipMeasureString
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipImageSelectActiveFrame

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
gethostbyname
inet_ntop
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
recv
shutdown
WSAGetLastError
WSASetLastError
WSAStringToAddressW
WSASocketW
getaddrinfo
WSAStartup
getsockname
ntohs
connect
WSARecv
getsockopt
htonl
send
htons
freeaddrinfo
ioctlsocket
socket
gethostname
ntohl
listen
setsockopt

bcrypt

BCryptGenRandom

shlwapi

StrCpyW
PathCombineW
StrDupW

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

cfgmgr32

CM_Get_DevNode_PropertyW

iphlpapi

GetAdaptersAddresses
GetIfEntry2

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertDuplicateCertificateContext

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 792KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 798KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0ae39d1587925c123fc00fadcab9ad2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

ws2_32

bcrypt

shlwapi

setupapi

cfgmgr32

iphlpapi

version

api-ms-win-shcore-scaling-l1-1-1

crypt32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 792KB - Virtual size: 826KB

.rsrc Size: 798KB - Virtual size: 797KB

.reloc Size: 254KB - Virtual size: 254KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 792KB - Virtual size: 826KB

.rsrc
Size: 798KB - Virtual size: 797KB

.reloc
Size: 254KB - Virtual size: 254KB