0a219d9c58448f81d404246683cbb3c13395f20b971eb22b7e8780cb1f11cf7e

Sharing

Copy URL Twitter E-mail

General

Target

0a219d9c58448f81d404246683cbb3c13395f20b971eb22b7e8780cb1f11cf7e
Size

2.6MB
MD5

08648be97753bf0e07bff8a86d74760c
SHA1

ee4001d01ccd05064b2e5497e597a0f6ef7e620f
SHA256

0a219d9c58448f81d404246683cbb3c13395f20b971eb22b7e8780cb1f11cf7e
SHA512

7deb30aba487a30ee12dbb51e964fd079f474124ad393b22fa742aac739203a42a3c2cb9d9adc28a453d0b476f3466b62340de3823a854e1e60c35d9ce904369
SSDEEP

49152:R2wuVV4vbsT5Vd2hH+uE/lgY0kjfx1wkBrWs9tBM9Xq2ikIs:RCEYT5H5XBfn9rBUziA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a219d9c58448f81d404246683cbb3c13395f20b971eb22b7e8780cb1f11cf7e

Files

0a219d9c58448f81d404246683cbb3c13395f20b971eb22b7e8780cb1f11cf7e
.exe windows:5 windows x86 arch:x86

7c4dd18e65179f20c1c15668b8619c6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\750440\out\Release\SodaClip.pdb

Imports

shlwapi

PathRemoveArgsW
PathParseIconLocationW
PathMakePrettyW
PathGetDriveNumberW
StrStrIW
PathStripToRootW
PathIsUNCW
SHSetValueW
SHDeleteValueW
StrCpyNW
PathIsRootW
PathCanonicalizeW
ord176
PathRemoveFileSpecW
PathIsRelativeW
SHGetValueW
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
SHDeleteKeyW
StrStrIA

winmm

timeSetEvent
timeKillEvent

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawBezierI
GdipDrawLineI
GdipCreateLineBrushFromRectWithAngleI
GdipFillPath
GdipFillRectangle
GdipSetPixelOffsetMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipDeletePath
GdipTransformPath
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipMeasureString
GdipScaleMatrix
GdipIsOutlineVisiblePathPointI
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipDeleteStringFormat
GdipAlloc
GdipSetStringFormatAlign
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipResetPath
GdipClonePath
GdipCreateBitmapFromStream
GdipCreatePath
GdipCreateTexture
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdipDeleteMatrix
GdipCreateMatrix
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipDrawImageRectRectI
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeleteGraphics
GdipBitmapUnlockBits

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

msimg32

AlphaBlend

kernel32

UnhandledExceptionFilter
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
GetCPInfo
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWait
SetUnhandledExceptionFilter
SwitchToThread
CreateTimerQueue
GetCurrentThread
FreeLibraryAndExitThread
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
ExitProcess
GetFileType
PeekNamedPipe
FindFirstFileExW
GetACP
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
DeleteTimerQueueTimer
GetCurrentDirectoryW
GetProcessAffinityMask
QueryPerformanceFrequency
CreateFileW
GetFullPathNameW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
SetErrorMode
HeapAlloc
HeapReAlloc
HeapFree
DeviceIoControl
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
CreateEventW
Sleep
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
SetThreadAffinityMask
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetUserDefaultLCID
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
LockResource
HeapDestroy
HeapSize
GetProcessHeap
LoadResource
SizeofResource
WriteFile
SetFilePointer
OutputDebugStringW
FindResourceW
FindResourceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
InterlockedCompareExchange
GetFileSize
UnmapViewOfFile
lstrlenA
CreateFileMappingW
LoadLibraryW
MapViewOfFileEx
InterlockedExchange
GetCurrentThreadId
TerminateThread
GetExitCodeThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
MapViewOfFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LocalFree
InterlockedIncrement
InterlockedDecrement
SetFileAttributesW
DeleteFileW
GetFileSizeEx
ReadFile
SetFilePointerEx
GlobalAlloc
GlobalFree
OpenProcess
SetEndOfFile
FindClose
FlushViewOfFile
GetDriveTypeW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetVolumeInformationW
lstrlenW
GetFileAttributesExW
GetCurrentProcess
OpenThread
ResumeThread
lstrcmpiW
GetModuleHandleExW
OutputDebugStringA
ExpandEnvironmentStringsW
GetThreadLocale
SetThreadLocale
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleHandleA
GetTempPathW
GetVersionExW
GetCommandLineW
CopyFileW
GlobalLock
GlobalUnlock
GlobalSize
MoveFileW
CreateThread
GlobalReAlloc
LockFile
UnlockFile
FlushFileBuffers
GetFileTime
DuplicateHandle
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileAttributesW
WaitForMultipleObjects
FormatMessageW
GetEnvironmentVariableW
GetVersion
Beep
GetStdHandle
GetSystemTime
GetEnvironmentVariableA
QueryPerformanceCounter
FormatMessageA
LockFileEx
CreateFileMappingA
HeapCompact
DeleteFileA
GetVersionExA
LoadLibraryA
CreateFileA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
HeapCreate
TryEnterCriticalSection
GetBinaryTypeW
ProcessIdToSessionId
VerifyVersionInfoW
VerSetConditionMask
MulDiv

user32

SetCursor
IsZoomed
SetWindowRgn
GetSysColor
GetAsyncKeyState
GetClipboardData
EmptyClipboard
GetDesktopWindow
DrawTextW
UnionRect
UpdateLayeredWindow
GetUpdateRect
EndPaint
BeginPaint
ScreenToClient
GetPropW
SetPropW
LoadImageW
RegisterClassW
EnableWindow
MoveWindow
GetClientRect
UnhookWinEvent
SetWinEventHook
DestroyIcon
UnregisterHotKey
RegisterHotKey
SetWindowTextW
MapVirtualKeyW
SendInput
keybd_event
VkKeyScanW
SetKeyboardState
GetKeyboardState
MonitorFromRect
EnumChildWindows
ReleaseDC
GetDC
GetLastInputInfo
GetClipboardFormatNameW
GetGUIThreadInfo
SystemParametersInfoW
ClientToScreen
GetCaretPos
GetFocus
SetFocus
IsRectEmpty
CopyRect
GetCursorPos
ReleaseCapture
SetCapture
GetKeyState
PostThreadMessageW
RegisterClipboardFormatW
GetWindow
GetWindowTextW
SetClipboardData
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
CloseClipboard
OpenClipboard
IsClipboardFormatAvailable
FindWindowW
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
IsWindowVisible
LoadCursorW
KillTimer
SetTimer
GetClassInfoExW
UnregisterClassW
CallWindowProcW
GetWindowThreadProcessId
GetClassNameW
EnumWindows
InvalidateRect
GetForegroundWindow
SetActiveWindow
UpdateWindow
CharUpperW
BringWindowToTop
IsIconic
AttachThreadInput
SendMessageTimeoutW
EnumDisplayMonitors
PtInRect
OffsetRect
GetSystemMetrics
CharLowerW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
GetParent
IntersectRect
MapWindowPoints
GetWindowRect
SetForegroundWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SendMessageW
PostMessageW

gdi32

CreateFontIndirectW
CreateCompatibleBitmap
SelectPalette
RealizePalette
GetStockObject
GetDIBits
BitBlt
CreateDCW
CopyMetaFileW
GetObjectW
CreateDIBSection
CreateRoundRectRgn
StretchBlt
SaveDC
RestoreDC
GetWindowOrgEx
SetWindowOrgEx
CreateCompatibleDC
SelectObject
SetStretchBltMode
SetTextColor
SetBkColor
SetBkMode
GetObjectA
ExtSelectClipRgn
CreateRectRgnIndirect
DeleteObject
DeleteDC
GetDeviceCaps

comdlg32

GetFileTitleW
GetOpenFileNameW

advapi32

GetTokenInformation
AllocateAndInitializeSid
FreeSid
OpenProcessToken
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
RegCloseKey
StartServiceW
SetServiceObjectSecurity
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
ChangeServiceConfigW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
GetUserNameW

shell32

SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW
DragQueryFileA
DragQueryFileW

ole32

CoInitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
OleDuplicateData
OleInitialize
OleUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringLen
VarUI4FromStr
SysAllocString
LoadRegTypeLi
SysFreeString
LoadTypeLi
SysStringLen
VariantInit

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

Exports

Exports

??0ShellResourceRequestDetails@@QAE@XZ
??1ShellResourceRequestDetails@@QAE@XZ
??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c4dd18e65179f20c1c15668b8619c6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

winmm

comctl32

gdiplus

imm32

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

psapi

crypt32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 341KB - Virtual size: 340KB

.data Size: 47KB - Virtual size: 88KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 151KB - Virtual size: 152KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 341KB - Virtual size: 340KB

.data
Size: 47KB - Virtual size: 88KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 151KB - Virtual size: 152KB