085112663c81eeb4e8c1475b045e3c2ab57d5389702c327efd18d75289a205c9

Sharing

Copy URL Twitter E-mail

General

Target

085112663c81eeb4e8c1475b045e3c2ab57d5389702c327efd18d75289a205c9
Size

2.5MB
MD5

63f6cdf96c0884e385ecc2407e19941e
SHA1

feb74678575cde016b408ed527d2b4f17d9c28b5
SHA256

085112663c81eeb4e8c1475b045e3c2ab57d5389702c327efd18d75289a205c9
SHA512

15ff68684aa04bc15332c9c050e1855bb4f644c97bfc72eb859b951e412f8d87c409dec7d85b6975df1b96c8717e88a21b9ae4c542d88e7a471055dadf0ac2be
SSDEEP

24576:kcUeDQnva690sc7W0EvIkts6e8wzwiJEKm9z8+pxZ8B:kve4va690pW0Bm/wjJ1V+pD8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
085112663c81eeb4e8c1475b045e3c2ab57d5389702c327efd18d75289a205c9

Files

085112663c81eeb4e8c1475b045e3c2ab57d5389702c327efd18d75289a205c9
.exe windows:5 windows x86 arch:x86

a726184da50465af5c2b4377e699acf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\765910\out\Release\PopwndTracker.pdb

Imports

kernel32

FindNextFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
GetExitCodeProcess
WaitForSingleObject
GetTempPathW
ReadProcessMemory
GlobalMemoryStatus
RemoveDirectoryW
SetFileAttributesW
TlsSetValue
TlsGetValue
Sleep
InterlockedCompareExchange
TlsFree
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
TerminateProcess
MoveFileW
MoveFileExW
SetEnvironmentVariableW
CreateMutexA
ReleaseMutex
GetDriveTypeW
Module32NextW
Module32FirstW
ExpandEnvironmentStringsW
GetCommandLineW
GetDiskFreeSpaceExW
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeviceIoControl
InterlockedExchange
OpenSemaphoreW
LocalFree
ReleaseSemaphore
CompareFileTime
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
MulDiv
GetCurrentThread
GetModuleHandleExW
SetCurrentDirectoryW
SetEvent
CreateEventW
ResetEvent
OpenMutexW
TerminateThread
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
FindFirstFileW
ProcessIdToSessionId
HeapWalk
HeapLock
HeapUnlock
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
lstrcmpiA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
TlsAlloc
IsValidCodePage
GetOEMCP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
lstrcmpA
FreeResource
GetSystemWindowsDirectoryW
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedIncrement
FindClose
WideCharToMultiByte
LoadLibraryA
InitializeCriticalSection
GetACP
GetLogicalDriveStringsW
QueryDosDeviceW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetCurrentProcess
FlushInstructionCache
RaiseException
lstrcmpW
GetModuleHandleA
OutputDebugStringW
CopyFileW
GetModuleFileNameW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
WriteFile
SetFilePointer
GetVersion
GetSystemDirectoryW
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetFileSizeEx
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateMutexW
GetLastError
GetPrivateProfileIntW
GetCurrentProcessId
WritePrivateProfileSectionW
GetWindowsDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
DeleteFileW
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetPrivateProfileSectionW
GetTickCount
GetVersionExW
GetLongPathNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW

user32

GetWindowRgn
EqualRect
IsIconic
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ChildWindowFromPoint
GetDC
PrintWindow
SendMessageTimeoutW
FindWindowW
SendMessageW
UnregisterClassA
SetParent
MonitorFromPoint
PostMessageW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
ShowWindow
SetWindowLongW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharNextW
CharLowerBuffW
WaitForInputIdle
SetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
EnumThreadWindows
SetWindowPos
SwitchToThisWindow
BringWindowToTop
GetWindowRect
EnumDisplaySettingsW
MessageBoxW
GetParent
GetWindowLongW
CallNextHookEx
ReleaseCapture
SetCapture
UnhookWindowsHookEx
PostQuitMessage
SetCursor
mouse_event
SetWindowsHookExW
InflateRect
ClientToScreen
DrawIconEx
GetActiveWindow
LoadIconW
OffsetRect
GetDesktopWindow
GetWindowDC
ReleaseDC
InvalidateRect
IsWindowVisible
GetClassNameW
GetWindowTextW
SetLayeredWindowAttributes
IsWindow
CallWindowProcW
MoveWindow
SetWindowTextW
PtInRect
SetFocus
KillTimer
SetTimer
GetCursorPos
ScreenToClient
CopyRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClientRect
EndDialog
DialogBoxParamW
SetWindowRgn

gdi32

GetDeviceCaps
SetDIBColorTable
StretchBlt
SetBrushOrgEx
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
BitBlt
GetObjectW
GetDIBits
DeleteObject
CreateRoundRectRgn
SetStretchBltMode
StretchDIBits
GetRgnBox
GetTextExtentPoint32W
SelectObject
DeleteDC

advapi32

RegOpenKeyExA
IsValidSid
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
FreeSid
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
OpenThreadToken
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetEntriesInAclW
RegQueryValueExA
RegEnumKeyExA
LookupPrivilegeValueW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW
CommandLineToArgvW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
SysStringLen
VarBstrCat
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
DispCallFunc
SysFreeString
SysAllocString
VarUI4FromStr
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

StrToIntExW
StrTrimA
SHDeleteValueW
SHDeleteKeyW
PathGetArgsW
SHSetValueA
PathFindExtensionW
PathRemoveExtensionW
wnsprintfW
PathUnquoteSpacesW
SHGetValueA
StrStrIA
StrStrIW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveBackslashW
SHGetValueW
SHSetValueW
PathCombineW
PathAppendW
StrCmpIW
StrCmpNIW
StrCmpNW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

ws2_32

select

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a726184da50465af5c2b4377e699acf1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

imm32

gdiplus

wintrust

crypt32

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 18KB - Virtual size: 39KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 18KB - Virtual size: 39KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB