d562d5c82a852bc6deff6f52ce4dcfe3

Sharing

Copy URL Twitter E-mail

General

Target

d562d5c82a852bc6deff6f52ce4dcfe3
Size

10.3MB
MD5

d562d5c82a852bc6deff6f52ce4dcfe3
SHA1

b7250355927963eb7be5d8e19547e00c5f64f19e
SHA256

0a2e82eb490e423986a5327c27c30950aa6778bf8285593a0b56cbe1f59944f9
SHA512

0cadae17657edcfba3405a33713afeccbc19a50bc12ef23b5883c32b1c9ae0ca3ba444f0a39671eefbe862ffeb0ef4e0e4c81cb044914d1c792f2d1f55a1f034
SSDEEP

196608:h37V7HGtkkCk6xPrwk9Xg6co58MgJJNMU2seEpl+gzPBVBX75GsvsTg:h3lHEkkqNgFo583qmlFVBL5FsTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d562d5c82a852bc6deff6f52ce4dcfe3

Files

d562d5c82a852bc6deff6f52ce4dcfe3
.exe windows:5 windows x86 arch:x86

899dd3f5bbe05c2d8665a3c748aef26c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\443379\out\Release\360IA.pdb

Imports

kernel32

CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
DeviceIoControl
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
TerminateProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapDestroy
HeapSize
GetProcessHeap
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetCurrentDirectoryW
LoadLibraryW
DeleteFileW
GetPrivateProfileStringW
SetFilePointer
ReadFile
WriteFile
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
GetFileSize
OutputDebugStringW
GetVersion
lstrcmpiW
DeleteCriticalSection
LocalFree
GetCurrentThreadId
FlushInstructionCache
InitializeCriticalSection
CreateFileA
GetVersionExW
GetModuleHandleA
FlushFileBuffers
GetFileAttributesW
FreeResource
MoveFileW
QueueUserWorkItem
CreateProcessW
GetFileSizeEx
GlobalAlloc
GlobalFree
GetStartupInfoW
GetSystemTime
GetLongPathNameW
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
LocalFileTimeToFileTime
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlUnwind
QueryPerformanceCounter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
GetCurrentProcessId
CreateFileW
InitializeSListHead
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
SystemTimeToFileTime
SetFilePointerEx

comctl32

InitCommonControlsEx

Sections

.text
Size: 530KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

899dd3f5bbe05c2d8665a3c748aef26c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

Sections

.text Size: 530KB - Virtual size: 532KB

.rdata Size: 86KB - Virtual size: 88KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 652KB - Virtual size: 652KB

.text
Size: 530KB - Virtual size: 532KB

.rdata
Size: 86KB - Virtual size: 88KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 652KB - Virtual size: 652KB