ClientManager[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ClientManager.exe
Size

22.4MB
MD5

197dbf9a91ce348a832947e6745aca17
SHA1

8d0dc2f3eb19d4c9c626099be09340f6654b0cf9
SHA256

0cc4ee7ff1e817948b88aeddb751ed8b21e84f3459e42fd02e2413fcebef77c0
SHA512

f9a0454e18c17a5bd844701c44901d0ee141de446336e618448d67b9fae7c58ca717d7c1ab693820785e1958aad27fddd6a3f253dc657b8dd30e5bb27b25cef3
SSDEEP

196608:sLUc2TaVBVMX1onePHloxTc06K5lK0Bq4fbJlrVJZDntMeoaruN/GyB0Z6c2Xktj:LcqGXnuHyrs41lBLDnmsrJZAktNXXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ClientManager.exe

Files

ClientManager.exe
.exe windows:6 windows x64 arch:x64

Password: swimhub

a36cc53e44829b445a60ed94c020ab0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32FirstW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId

ole32

CoInitializeSecurity

oleaut32

VariantClear

advapi32

RegEnumValueW

Sections

.text
Size: - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.i_sec
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

."vk
Size: - Virtual size: 13.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.#0;
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QK4
Size: 22.4MB - Virtual size: 22.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: swimhub

a36cc53e44829b445a60ed94c020ab0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

advapi32

Sections

.text Size: - Virtual size: 307KB

.i_sec Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 88KB

.data Size: - Virtual size: 13KB

.pdata Size: - Virtual size: 14KB

."vk Size: - Virtual size: 13.5MB

.#0; Size: 3KB - Virtual size: 2KB

.QK4 Size: 22.4MB - Virtual size: 22.4MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 307KB

.i_sec
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 88KB

.data
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 14KB

."vk
Size: - Virtual size: 13.5MB

.#0;
Size: 3KB - Virtual size: 2KB

.QK4
Size: 22.4MB - Virtual size: 22.4MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 480B