537ac214e935870d038fc26afc06ad191a1a98914edd25cb11627f8ad9559e7bN

Sharing

Copy URL Twitter E-mail

General

Target

537ac214e935870d038fc26afc06ad191a1a98914edd25cb11627f8ad9559e7bN
Size

8.1MB
MD5

88a660e217f59a0a90565dd5228dd5c0
SHA1

43b04cf3f071d00a4f6b22fa5d9a4d8e4bca9dea
SHA256

537ac214e935870d038fc26afc06ad191a1a98914edd25cb11627f8ad9559e7b
SHA512

bf913902051d4ac0de5233e8e2e15b8b798c57f2a1fe4cb749b4f2d423691870e5fcbfea072e9fa9c13dc9c24c74e65c3b78693539a7ce68b3a22f5d9ded955c
SSDEEP

98304:iop7aDWhfxYweLQ9L3lL2XmbEGoTJ/GfF8x8ZJuuJnmX:Bp7jfxoIyRGoN/G982K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
537ac214e935870d038fc26afc06ad191a1a98914edd25cb11627f8ad9559e7bN

Files

537ac214e935870d038fc26afc06ad191a1a98914edd25cb11627f8ad9559e7bN
.exe windows:5 windows x86 arch:x86

179a3cde8b4b4bf2a65d4f7781308308

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\RM-Agent_Release_VS_2008_9_8_13\bin\release\winagent.pdb

Imports

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetMalloc
ShellExecuteW
ShellExecuteA
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetFolderPathA

advapi32

GetNumberOfEventLogRecords
OpenEventLogA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
GetOldestEventLogRecord
OpenProcessToken
RegSetValueExW
RegEnumValueA
RegDeleteValueW
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegEnumKeyA
QueryServiceConfigA
EnumServicesStatusA
GetUserNameA
ChangeServiceConfigA
OpenSCManagerA
QueryServiceStatus
StartServiceA
CloseServiceHandle
OpenServiceA
RegCreateKeyExA
ReadEventLogA
CloseEventLog
InitiateSystemShutdownExA
IsTextUnicode
DeleteService
OpenSCManagerW
ChangeServiceConfig2A
CreateServiceA
ChangeServiceConfig2W
ControlService
GetUserNameW
SetEntriesInAclA
SetNamedSecurityInfoA
ConvertStringSidToSidA
GetNamedSecurityInfoA
RegCreateKeyA
LogonUserA
LsaRemoveAccountRights
LsaOpenPolicy
LsaAddAccountRights
LookupAccountNameW
LsaClose
LsaNtStatusToWinError
RegEnumKeyExW
RegConnectRegistryA
RegOpenKeyExW
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
OpenServiceW
GetTokenInformation
LookupPrivilegeValueW
LookupAccountSidA
LookupAccountSidW
GetSecurityDescriptorOwner
IsValidSid
EnumServicesStatusExW
EnumDependentServicesW
AdjustTokenPrivileges
GetAclInformation
QueryServiceConfig2W
EqualSid
GetAce
QueryServiceObjectSecurity
ChangeServiceConfigW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
QueryServiceConfigW
GetSecurityDescriptorDacl
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA

kernel32

ReadFileEx
ResetEvent
OpenThread
OpenMutexA
Process32Next
CreateEventW
OpenEventA
DeviceIoControl
GetSystemInfo
SetNamedPipeHandleState
WaitForMultipleObjects
OpenEventW
CreateWaitableTimerA
MoveFileExW
CreateDirectoryW
CopyFileW
GetLongPathNameA
GetTempFileNameA
FreeLibrary
CompareFileTime
GetProcessTimes
LoadLibraryA
InterlockedIncrement
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc
GetLogicalDrives
GetDriveTypeA
GetLocalTime
LoadLibraryW
GetSystemWindowsDirectoryA
LoadLibraryExA
LocalFileTimeToFileTime
GetFileSize
SetCurrentDirectoryA
GetCurrentDirectoryA
FileTimeToSystemTime
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
GetCurrentThread
GetDiskFreeSpaceA
SetVolumeLabelA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
lstrcpyA
DeleteFileW
CreateDirectoryA
lstrcmpiA
CreateToolhelp32Snapshot
Module32First
ReadProcessMemory
WritePrivateProfileSectionA
LocalAlloc
WriteFile
InterlockedDecrement
lstrlenA
GetTimeZoneInformation
GetPrivateProfileIntW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileStringW
ReleaseMutex
CreateMutexA
MoveFileA
RemoveDirectoryA
MoveFileExA
GetExitCodeThread
CreateNamedPipeA
CreateFileW
Thread32Next
TerminateProcess
GetExitCodeProcess
Thread32First
CreateNamedPipeW
ConnectNamedPipe
CreateThread
DeleteFileA
GetCurrentProcessId
CreateProcessA
CreateEventA
OpenProcess
FlushConsoleInputBuffer
GlobalMemoryStatus
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
CreateIoCompletionPort
QueueUserAPC
GetQueuedCompletionStatus
SleepEx
FormatMessageW
ExpandEnvironmentStringsW
GetSystemTimes
PostQueuedCompletionStatus
InterlockedExchangeAdd
GetThreadLocale
GetVersion
FindResourceA
SizeofResource
lstrcpynA
MapViewOfFileEx
GetStringTypeExW
GetStringTypeExA
lstrlenW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetFullPathNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
VirtualAlloc
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
GlobalAlloc
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetUserDefaultLangID
WritePrivateProfileStringA
CloseHandle
GetVersionExA
GetDiskFreeSpaceExA
GetFileTime
FindNextFileA
RemoveDirectoryW
GlobalMemoryStatusEx
FindClose
FreeEnvironmentStringsA
GetStdHandle
TerminateThread
DisconnectNamedPipe
SetFileAttributesA
GetProcAddress
HeapSize
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetFileType
SetStdHandle
FlushFileBuffers
SetEndOfFile
SetEnvironmentVariableA
SetFileTime
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetCPInfo
DuplicateHandle
ResumeThread
ExitThread
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
GetStartupInfoA
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
GetFileAttributesW
GetFileAttributesA
CreatePipe
ReadFile
FileTimeToLocalFileTime
SystemTimeToFileTime
GetCompressedFileSizeA
GetComputerNameW
CancelWaitableTimer
SetHandleInformation
Process32First
SetWaitableTimer
CreateProcessW
SetFilePointer
GetThreadIOPendingFlag
ExitProcess
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
WinExec
MapViewOfFile
GetCompressedFileSizeW
GetTickCount
GetCurrentProcess
SetErrorMode
FindFirstFileW
CreateFileA
GetComputerNameA
CreateMutexW
GetModuleFileNameW
GetLastError
MultiByteToWideChar
GetACP
WideCharToMultiByte
FormatMessageA
GetNumberFormatA
GetLocaleInfoA
GetTempPathA
GetCurrentThreadId
GetPrivateProfileIntA
GetCommandLineW
LocalFree
GlobalFree
Sleep
SetEvent
CopyFileA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
ReleaseSemaphore

user32

DialogBoxParamA
LoadCursorA
SetWindowTextA
MessageBoxW
PostMessageA
ShowWindow
EndDialog
GetWindowLongA
SetWindowLongA
GetClientRect
GetParent
SetCursor
ModifyMenuA
GetMenuItemCount
EnumChildWindows
GetMenuStringA
GetWindowTextA
GetMenuItemID
SendMessageA
GetDlgCtrlID
UpdateWindow
SystemParametersInfoA
CheckRadioButton
SetWindowPos
GetSysColor
ReleaseDC
CreateWindowExA
GetDC
LoadIconA
GetWindowRect
DestroyWindow
GetProcessWindowStation
GetUserObjectInformationW
GetUserObjectSecurity
LoadStringW
LoadStringA
GetDlgItemTextA
wsprintfW
SetDlgItemTextA
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
SendMessageW
EnableWindow
LoadImageA
wsprintfA
GetDesktopWindow
MessageBoxA
MoveWindow
CallWindowProcA
GetSystemMetrics
DestroyCursor
DefWindowProcA
SetPropA
RemovePropA
CreateCursor
GetPropA
DrawTextA
ScreenToClient
DispatchMessageA
CharToOemBuffA
OemToCharBuffA
SetTimer
PostQuitMessage
KillTimer
GetSubMenu
DeleteMenu
GetMenu
EnableMenuItem
GetLastInputInfo
DrawMenuBar
InsertMenuA
EnumThreadWindows
SetFocus
SetWindowTextW
IsWindowEnabled
GetMessageA
PostThreadMessageA
TranslateMessage
PeekMessageA

ole32

OleRun
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoFreeUnusedLibraries
CoCreateInstance

oleaut32

SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayGetVartype
SafeArrayLock
VariantChangeType
SysAllocStringLen
VariantInit
SafeArrayUnlock
VariantClear

wintrust

WinVerifyTrust

iphlpapi

SendARP

psapi

GetProcessMemoryInfo

secur32

DeleteSecurityContext
AcceptSecurityContext
CompleteAuthToken
FreeCredentialsHandle
AcquireCredentialsHandleA
InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
GetUserNameExA

pdh

PdhGetFormattedCounterValue
PdhAddCounterW
PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData
PdhEnumObjectItemsW
PdhGetDefaultPerfCounterW
PdhLookupPerfNameByIndexW

wininet

InternetCrackUrlW
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestW
InternetSetOptionA
InternetConnectW
InternetReadFile
InternetGetLastResponseInfoA
HttpQueryInfoA

ws2_32

closesocket
socket
WSACleanup
htons
accept
WSAAddressToStringA
listen
WSASocketA
WSAGetLastError
WSASetLastError
__WSAFDIsSet
freeaddrinfo
bind
setsockopt
getsockname
ntohs
gethostbyaddr
WSASend
WSARecv
getaddrinfo
htonl
ntohl
ioctlsocket
getpeername
shutdown
recv
send
sendto
inet_ntoa
recvfrom
gethostname
inet_addr
WSAStartup
connect
select
gethostbyname
getsockopt

comctl32

ord17
CreatePropertySheetPageA
PropertySheetA
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy

gdi32

GetTextExtentPoint32A
SetTextColor
SetBkColor
GetTextFaceA
SelectObject
GetTextMetricsA
CreateSolidBrush
GetDeviceCaps
CreateFontIndirectA
SetBkMode
CreateBrushIndirect
DeleteObject
GetStockObject
DeleteDC
GetBitmapBits
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA

comdlg32

GetOpenFileNameA

activeds

ord9

netapi32

NetApiBufferFree
NetWkstaTransportEnum

shlwapi

PathRemoveBackslashA
SHDeleteKeyW

msi

ord88
ord66
ord141
ord205
ord45
ord113
ord190
ord70
ord169

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 415KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 651KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

179a3cde8b4b4bf2a65d4f7781308308

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

advapi32

kernel32

user32

ole32

oleaut32

wintrust

iphlpapi

psapi

secur32

pdh

wininet

ws2_32

comctl32

gdi32

comdlg32

activeds

netapi32

shlwapi

msi

version

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 415KB - Virtual size: 472KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 651KB - Virtual size: 652KB

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 415KB - Virtual size: 472KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 651KB - Virtual size: 652KB