VisionClient[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

VisionClient.rar
Size

19.7MB
MD5

c011d2c05a19c4a025987b3b94f785a6
SHA1

4372012a1916f31092d5dffcfc6d707cf666b834
SHA256

6f6124093c36d17e8db39ed2c9d50ba06dcad9db1d39c2912377ea25e5e58781
SHA512

37a77af38cddc51e7c8445d730f7cd2ceb542719d700da130e48dc115509ee48d274e30268fa40a40512ef3ae85a98fc2e0b0d711f12de252616f02ba6449cc0
SSDEEP

393216:6FHYXD5iZ9iFKB9di8UX7ZT7YEBTWhaho79MdAJ/mKyizYrt5CVvQLqVoAQP/c:1iTr9di8UXB8EBSQh+9ikmKy0q5CVomP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vision.dll

Files

VisionClient.rar
.rar
VisionLoader.jar
.jar
vision.dll
.dll windows:6 windows x64 arch:x64

ca688b8ae6109bd6193e6ad4ca961098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

MessageBoxA

advapi32

GetUserNameA

msvcp140

_Query_perf_counter

wininet

HttpQueryInfoA

bcrypt

BCryptOpenAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

fwrite

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sqrtf

Sections

.text
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8Ek
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.|Hc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.?9*
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vision.exe
.exe windows:6 windows x64 arch:x64

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:55:0a:09:09:b6:50:f7:25:94:11:61:1d:62:6b:56
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

15/11/2023, 00:00

Not After

14/11/2026, 23:59

Subject

SERIALNUMBER=33061,CN=BİTWİSE YAZILIM İNTERNET VE TİCARET LİMİTED ŞİRKETİ,O=BİTWİSE YAZILIM İNTERNET VE TİCARET LİMİTED ŞİRKETİ,ST=Kocaeli,C=TR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025452

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:ad:9f:dd:d6:3a:c1:7c:43:1c:b2:af:ff:43:42:9e:33:b6:bb:b4
Signer

Actual PE Digest

6b:ad:9f:dd:d6:3a:c1:7c:43:1c:b2:af:ff:43:42:9e:33:b6:bb:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

Size: 587KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 309KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 33KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 918KB - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca688b8ae6109bd6193e6ad4ca961098

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

wininet

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 129KB

.rdata Size: - Virtual size: 29KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 5KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.8Ek Size: - Virtual size: 8.2MB

.|Hc Size: 7KB - Virtual size: 7KB

.?9* Size: 13.4MB - Virtual size: 13.4MB

.reloc Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 469B

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

7c:55:0a:09:09:b6:50:f7:25:94:11:61:1d:62:6b:56Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6b:ad:9f:dd:d6:3a:c1:7c:43:1c:b2:af:ff:43:42:9e:33:b6:bb:b4Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 587KB - Virtual size: 1.2MB

Size: 309KB - Virtual size: 542KB

Size: 4KB - Virtual size: 32KB

Size: 33KB - Virtual size: 56KB

Size: 2KB - Virtual size: 4KB

Size: 512B - Virtual size: 45B

Size: 5KB - Virtual size: 11KB

Size: 512B - Virtual size: 36B

Size: 27KB - Virtual size: 31KB

Size: 918KB - Virtual size: 929KB

Size: 3KB - Virtual size: 6KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 113KB - Virtual size: 113KB

.themida Size: - Virtual size: 10.2MB

.boot Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: - Virtual size: 129KB

.rdata
Size: - Virtual size: 29KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 5KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.8Ek
Size: - Virtual size: 8.2MB

.|Hc
Size: 7KB - Virtual size: 7KB

.?9*
Size: 13.4MB - Virtual size: 13.4MB

.reloc
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 469B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

7c:55:0a:09:09:b6:50:f7:25:94:11:61:1d:62:6b:56
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6b:ad:9f:dd:d6:3a:c1:7c:43:1c:b2:af:ff:43:42:9e:33:b6:bb:b4
Signer

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 113KB - Virtual size: 113KB

.themida
Size: - Virtual size: 10.2MB

.boot
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 16B - Virtual size: 4KB