19899506b2ba6e63b119a3efa972b5f29dcd521088a0e9650ac0c75f1763a207

Sharing

Copy URL Twitter E-mail

General

Target

19899506b2ba6e63b119a3efa972b5f29dcd521088a0e9650ac0c75f1763a207
Size

523KB
MD5

38c258921025d862b71500c335278444
SHA1

b3a86da7b3141c58cb36c9cf6cf8657fcac2d773
SHA256

19899506b2ba6e63b119a3efa972b5f29dcd521088a0e9650ac0c75f1763a207
SHA512

c96b5b4276393c782f804c360b41f40d0029cdd7b010349b0ac08551732e086de068cda691963b596616fc467af25a07187b228bfe6599e63cccb40c9f7d6e83
SSDEEP

12288:7GenW9jIqFwG5oQsPmNU9L39Pr0BqHUvoLMb/1NLV9a:hnPqroQsPx99r0IHux/1hV9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19899506b2ba6e63b119a3efa972b5f29dcd521088a0e9650ac0c75f1763a207

Files

19899506b2ba6e63b119a3efa972b5f29dcd521088a0e9650ac0c75f1763a207
.exe windows:5 windows x86 arch:x86

e52e209dd25447f4c70a29a975910c63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\630124\out\Release\360PatchMgr.pdb

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
GetStartupInfoW
CreateProcessW
GetVersionExW
GetFileAttributesW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
ReadProcessMemory
WriteProcessMemory
VirtualQuery
GetVolumePathNameW
LocalFree
ReadFile
WriteFile
FlushFileBuffers
DeleteFileW
GetModuleHandleExW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjects
OpenProcess
SetEnvironmentVariableW
OpenEventW
GlobalMemoryStatusEx
GetFileSizeEx
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
MoveFileExW
ExpandEnvironmentStringsW
GetExitCodeProcess
GetEnvironmentVariableW
CreateFileMappingW
FindFirstFileW
FindClose
LockResource
FlushInstructionCache
VirtualAllocEx
ReleaseMutex
SetFilePointer
FreeResource
DeleteCriticalSection
GetLongPathNameW
GetThreadLocale
EnumUILanguagesW
lstrcmpA
SetFileAttributesW
GetFileSize
VerSetConditionMask
SystemTimeToFileTime
lstrcmpiA
VerifyVersionInfoW
GetStringTypeW
ExitProcess
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
SizeofResource
GetModuleFileNameW
GetProcessHeap
HeapSize
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
CreateDirectoryW
HeapDestroy
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFullPathNameW
FindNextFileW
CreateFileW

user32

UpdateWindow
GetSystemMetrics
PtInRect
GetActiveWindow
MoveWindow
PostThreadMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
IsWindow
GetDlgItem
KillTimer
PostMessageW
InvalidateRect
DefWindowProcW
ShowWindow
SetTimer
EndPaint
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
EndDialog
UnregisterClassW
DialogBoxParamW
SetWindowLongW
BeginPaint

advapi32

CryptReleaseContext
RegEnumValueW
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
GetLengthSid
CopySid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegLoadKeyW
RegUnLoadKeyW
RegFlushKey
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
CryptGetHashParam
CryptImportKey
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptVerifySignatureW
CryptDecrypt
CryptAcquireContextW
RegEnumKeyW
CryptDestroyKey
RegQueryInfoKeyW

shell32

CommandLineToArgvW
ord680
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoGetMalloc
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VarBstrCat
SysAllocString
SysAllocStringByteLen

comctl32

InitCommonControlsEx

ntdll

RtlNtStatusToDosError
NtOpenFile
ZwClose
NtCreateFile
RtlGetLastNtStatus
NtClose
RtlImageNtHeader
ZwQueryDirectoryFile
RtlDosPathNameToNtPathName_U
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
RtlFreeUnicodeString
ZwQuerySymbolicLinkObject
LdrVerifyImageMatchesChecksum
NtDeleteKey
NtSetInformationFile
NtReadFile
NtQueryInformationFile
NtQuerySystemInformation
RtlAdjustPrivilege

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupOpenInfFileW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Status
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupCloseInfFile

msvcrt

memcmp
memcpy
memset
??3@YAXPAX@Z
_errno
??_V@YAXPAX@Z
calloc
free
??2@YAPAXI@Z
isspace
_wcsnicmp
_wcsicmp
malloc
wcsstr
??_U@YAPAXI@Z
wcstoul
_beginthreadex
_wtoi
iswdigit
wcsrchr
_mbscmp
_msize
realloc
tolower
strtoul
wcschr
strtol
_strlwr
_strtoui64
memmove
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
__wgetmainargs
__setusermatherr
_initterm
__p__commode
_strnicmp
_memicmp
_stricmp
__CxxFrameHandler
___lc_codepage_func
__pctype_func
___mb_cur_max_func
wcstol
localeconv
_wcslwr
_mbslwr
iswctype
__set_app_type
_wcmdln
_control87
_XcptFilter
_fmode
mbtowc
___lc_handle_func
strrchr
_isctype
abort
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_wcstoui64

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e52e209dd25447f4c70a29a975910c63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

ntdll

setupapi

msvcrt

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 3KB - Virtual size: 271KB

.rsrc Size: 144KB - Virtual size: 144KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 3KB - Virtual size: 271KB

.rsrc
Size: 144KB - Virtual size: 144KB