d068eedc12cb31362da05213eb584125fb9f477f2c09e3f76bbac7aa3e6606e3

Sharing

Copy URL Twitter E-mail

General

Target

d068eedc12cb31362da05213eb584125fb9f477f2c09e3f76bbac7aa3e6606e3
Size

15.1MB
MD5

035957ddc66906ca4fdaba72aebb3bb6
SHA1

1d14aa3e74bc343cab875cc5dca3d14573b3603e
SHA256

d068eedc12cb31362da05213eb584125fb9f477f2c09e3f76bbac7aa3e6606e3
SHA512

c6b44da327e1ef1ec108466f7968a1bc9ec824aec440de03237051f8c1caac2912ada6d2bb5e29f980813aeb2dbb839d5ce41a522ab579e33dfe22f68606203e
SSDEEP

393216:+jIzYlhNx8ffFQTeO/1ZtFb3ky7xfCU7T+Qfg+3/:TzYQ9hO/LQyNzTtf/3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d068eedc12cb31362da05213eb584125fb9f477f2c09e3f76bbac7aa3e6606e3

Files

d068eedc12cb31362da05213eb584125fb9f477f2c09e3f76bbac7aa3e6606e3
.exe windows:5 windows x86 arch:x86

37dfafedeb8f49b60e02115726cec993

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\802551\out\Release\SetupX.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
GetTempPathW
InterlockedDecrement
GetDiskFreeSpaceExW
CreateEventW
OpenProcess
TerminateProcess
MoveFileExW
GetTickCount
lstrlenW
RemoveDirectoryW
SetEvent
FlushInstructionCache
RaiseException
WriteFile
ResetEvent
WaitForMultipleObjects
lstrcmpiW
InterlockedIncrement
SetErrorMode
SetCurrentDirectoryW
DuplicateHandle
GetFileType
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
GetVersionExW
GetSystemWindowsDirectoryW
SetEnvironmentVariableA
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryExW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
HeapCreate
LCMapStringW
GetStartupInfoA
GetCurrentThreadId
IsValidCodePage
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CompareStringW
CreateDirectoryW
FreeResource
GetSystemDirectoryW
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetACP
FormatMessageW
WideCharToMultiByte
GetLastError
CreateMutexW
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
DeviceIoControl
GetCurrentProcessId
CreateFileW
SetFilePointer
ReadFile
CloseHandle
GetProcAddress
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetHandleCount
InterlockedCompareExchange
FreeLibrary
SetStdHandle

user32

GetActiveWindow
MessageBoxW
FindWindowW
UnregisterClassA
IsIconic
ShowWindow
wsprintfW
GetWindowThreadProcessId
CharNextW
CreateWindowExW
LoadCursorW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DestroyWindow
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PostThreadMessageW
PostQuitMessage
PostMessageW
DisableProcessWindowsGhosting
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextW
SendMessageW
GetSystemMetrics
LoadImageW
GetClassInfoExW
GetParent
GetWindow
GetWindowLongW
GetWindowRect
LoadStringW

advapi32

RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
ord165
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
DispCallFunc

shlwapi

PathIsDirectoryW
SHDeleteValueW
PathFindFileNameW
SHSetValueW
SHDeleteKeyW
StrStrIW
StrCmpNIW
PathFindExtensionW
StrCmpIW
PathRemoveBackslashW
PathIsRootW
PathAppendW
PathRemoveFileSpecW
SHGetValueW
PathCombineW
PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msi

ord217
ord173

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.1MB - Virtual size: 20.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37dfafedeb8f49b60e02115726cec993

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

version

msi

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 20.1MB - Virtual size: 20.1MB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 20.1MB - Virtual size: 20.1MB

.reloc
Size: 32KB - Virtual size: 31KB