f606e36600f41a92ee25afba7baa4a6d5985c4aa34170999da580e6f192952e5

Sharing

Copy URL Twitter E-mail

General

Target

f606e36600f41a92ee25afba7baa4a6d5985c4aa34170999da580e6f192952e5
Size

373KB
MD5

106a99199a133a9a7bd37c9a2541834f
SHA1

d053319b8035a966422e1b48fb549b58ef913418
SHA256

f606e36600f41a92ee25afba7baa4a6d5985c4aa34170999da580e6f192952e5
SHA512

2a99e96034b15b94af816249ffc466b3ebca0b2a21194ed4c0a96f2fc99ef172cf1ee96f744cf6207e2b7b2f7d325ec25134e9cf52f8032b2314c34de5aa67fd
SSDEEP

6144:sgY5eotIyyiE2DsqTDLCzzb2Dmu+KzgKGsyGFyaTM4tkcgMAt:tY5eHv2DsmezPcJ0KGLGFVkB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f606e36600f41a92ee25afba7baa4a6d5985c4aa34170999da580e6f192952e5

Files

f606e36600f41a92ee25afba7baa4a6d5985c4aa34170999da580e6f192952e5
.exe windows:5 windows x86 arch:x86

49b488e7c094149d11a26cc8fe92503a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\762790\out\Release\Uninstall.pdb

Imports

kernel32

FindClose
GetShortPathNameW
CreateProcessW
SetPriorityClass
ResumeThread
GetCommandLineW
WaitNamedPipeW
CreateFileW
SetNamedPipeHandleState
WriteFile
CreateEventW
WaitForSingleObject
SetEvent
MultiByteToWideChar
SetLastError
InterlockedDecrement
GetTickCount
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
InterlockedIncrement
SetCurrentDirectoryW
GetPrivateProfileStringW
ReadFile
SetFilePointer
DeviceIoControl
DuplicateHandle
WaitForMultipleObjects
ResetEvent
lstrlenW
lstrcmpiW
RaiseException
SetErrorMode
FlushInstructionCache
GetSystemWindowsDirectoryW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentProcessId
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetCurrentProcess
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
DeleteFileW
MoveFileExW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
InterlockedCompareExchange
FreeResource
GetSystemDirectoryW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LoadLibraryW
LockResource
SizeofResource
CloseHandle
GetLastError
CreateMutexW
GetCurrentThreadId
LoadLibraryExW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetVersionExW
FreeLibrary
GetLocaleInfoA

user32

GetActiveWindow
UnregisterClassA
MessageBoxW
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
SetActiveWindow
SetForegroundWindow
BringWindowToTop
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
CharNextW
CallWindowProcW
DestroyWindow
DefWindowProcW
SwitchToThisWindow
TranslateMessage
GetMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
PostQuitMessage
DisableProcessWindowsGhosting
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowLongW
SetWindowPos
SetWindowTextW
GetSystemMetrics
LoadImageW
DispatchMessageW
GetParent
GetWindow
GetWindowLongW
GetWindowRect
SendMessageW
ShowWindow
IsIconic
FindWindowW

advapi32

GetLengthSid
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CheckTokenMembership
SaferCloseLevel
CreateProcessAsUserW
FreeSid
SetTokenInformation
AllocateAndInitializeSid
SaferComputeTokenFromLevel
SaferCreateLevel
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
DispCallFunc
VarUI4FromStr

shlwapi

SHGetValueW
PathAppendW
PathCombineW
StrCmpNIW
StrStrIW
StrCmpW
StrCmpIW
PathRemoveBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
SHDeleteKeyW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49b488e7c094149d11a26cc8fe92503a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

version

Sections

.text Size: 179KB - Virtual size: 178KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 90KB - Virtual size: 92KB

.text
Size: 179KB - Virtual size: 178KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 90KB - Virtual size: 92KB