1b072aaf82f6b10e09c295cc2687decd6077858c8821160be428427d9eb7dc3c

Sharing

Copy URL

Twitter E-mail

General

Target

1b072aaf82f6b10e09c295cc2687decd6077858c8821160be428427d9eb7dc3c
Size

2.2MB
MD5

443d76217154bc633d8d1cc9037d38b3
SHA1

698d2a444f9cd04f5da405fb585b3276b425d27e
SHA256

1b072aaf82f6b10e09c295cc2687decd6077858c8821160be428427d9eb7dc3c
SHA512

0a6c90f813c6c76bb311e1f4c24fc2bd6ca6cd2a6f33235c909ca8447c5171ac219f2ba2b781cb3fe3855ea14abee8c9b3fafb95e1fc4d1433e4c0c1ab6151f8
SSDEEP

49152:K69FikjsYvjmNN4TuF2sFgiIIb0TCV9ul:X9sYvjEVlb0TCVI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b072aaf82f6b10e09c295cc2687decd6077858c8821160be428427d9eb7dc3c

Files

1b072aaf82f6b10e09c295cc2687decd6077858c8821160be428427d9eb7dc3c
.dll regsvr32 windows:5 windows x86 arch:x86

8a750bf910e26f401e6725747d15674a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\641453\out\Release_i18n\safemon.pdb

Imports

kernel32

GetSystemInfo
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
lstrcmpiA
OutputDebugStringW
GetShortPathNameW
Sleep
GetCommandLineW
LoadLibraryExW
GetPrivateProfileIntW
TlsGetValue
GetTickCount
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetPrivateProfileIntA
CreateThread
CreateFileA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
GetVersionExA
CreateDirectoryA
SetEndOfFile
SetUnhandledExceptionFilter
GetSystemDirectoryA
CreateRemoteThread
VirtualAlloc
VirtualFree
IsBadStringPtrW
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
GetPrivateProfileSectionW
CreateEventW
SetEvent
WaitForMultipleObjects
GlobalSize
GlobalLock
GlobalUnlock
GetProcessHeap
HeapAlloc
lstrcpynW
lstrcmpA
OpenFileMappingW
GetLocalTime
IsDebuggerPresent
OpenMutexW
GetModuleHandleA
CreateDirectoryW
CopyFileW
IsBadCodePtr
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
CreateProcessW
GetExitCodeThread
GetTempPathW
GetTempFileNameW
HeapFree
GetEnvironmentVariableW
ResetEvent
lstrcmpW
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
CreateMutexW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetPrivateProfileStringW
SetFilePointer
GetVersionExW
FreeResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SuspendThread
LocalAlloc
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
LocalFree
SearchPathW
VirtualQuery
GetLongPathNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetFileAttributesExW
lstrcpynA
WideCharToMultiByte
lstrlenW
TerminateProcess
MultiByteToWideChar
InterlockedCompareExchange
lstrlenA
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetLastError
RaiseException
lstrcmpiW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetCurrentThread
SetErrorMode
IsBadReadPtr
TlsSetValue
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
TlsFree
TlsAlloc
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
SetThreadContext
GetThreadContext
ResumeThread
DeviceIoControl
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
InterlockedExchange
DebugBreak

user32

CallWindowProcW
SetParent
SetWindowPos
IsWindow
ShowWindow
GetClientRect
MoveWindow
GetWindowLongW
GetSystemMetrics
RedrawWindow
SetWindowLongW
GetParent
DefWindowProcW
GetWindowRect
UnregisterClassA
ScreenToClient
InvalidateRect
EnumChildWindows
IsWindowVisible
DestroyWindow
GetClassNameW
FindWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
PostQuitMessage
EnumThreadWindows
EndDialog
DialogBoxParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
EndPaint
BeginPaint
AppendMenuW
TrackPopupMenu
CreatePopupMenu
DrawTextW
RegisterWindowMessageW
InflateRect
OffsetRect
CopyRect
KillTimer
SetTimer
SendMessageW
GetWindowTextW
SetWindowTextW
SetRectEmpty
SetRect
DrawIconEx
PostMessageW
PtInRect
GetDC
ReleaseDC
GetCursorPos
wsprintfW
FindWindowW
LoadImageW
CharNextW
SendMessageTimeoutW
UnhookWindowsHookEx
BroadcastSystemMessageW
SetWindowsHookExW
CallNextHookEx

gdi32

CreateFontIndirectW
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetStockObject
BitBlt
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
SetViewportOrgEx
CreateCompatibleBitmap
CreateBitmap
SetPixel
PatBlt

advapi32

RegQueryValueExA
CryptAcquireContextW
LookupAccountNameW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
CryptGenRandom
CryptReleaseContext
RegQueryValueExW

shell32

ord51
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
StringFromCLSID
StringFromGUID2
GetHGlobalFromStream
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
SysAllocStringLen
VariantClear
SysFreeString
DispCallFunc
SysStringLen
LoadTypeLi
VariantInit
VarUI4FromStr
LoadRegTypeLi
SysAllocString
VarBstrCmp

shlwapi

StrCmpW
StrChrW
StrDupW
PathIsDirectoryW
PathFindExtensionW
StrCmpNIA
PathRemoveFileSpecW
StrCmpNW
UrlGetPartW
StrCmpNIW
StrStrIA
PathGetArgsW
UrlUnescapeW
PathFileExistsA
PathRemoveFileSpecA
PathCombineA
StrStrW
PathMatchSpecW
SHSetValueW
SHDeleteKeyW
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRootW
PathIsPrefixW
UrlGetPartA
StrDupA
StrChrA
wnsprintfW
PathAppendW
PathFindFileNameW
StrRChrIW
StrRStrIW
StrChrIW
StrCmpIW
StrStrIW
SHGetValueW
PathFileExistsW
StrCpyNW
PathCombineW

psapi

EnumProcessModules
GetModuleInformation
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

AccessibleObjectFromPoint

urlmon

UrlMkSetSessionOption
UrlMkGetSessionOption

ws2_32

htonl
ntohl
WSASetLastError
getpeername
inet_ntoa
inet_addr

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

Exports

Exports

AlphaBlend
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSafeVedioVersion
GetUrlSiteType
IsTraystupidRealRunning
SetMailGuardCallback
SetNetpayGuardState
SetSafeVedioVersion
SetWDPayProPopWndState
Start
StartF
Stop
Update
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc
safemon_100
safemon_101
safemon_102
safemon_103
safemon_104
safemon_105
safemon_106
safemon_107
safemon_108
safemon_109
safemon_110
safemoninit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a750bf910e26f401e6725747d15674a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

oleacc

urlmon

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 187KB - Virtual size: 188KB

.data Size: 52KB - Virtual size: 152KB

.share Size: 512B - Virtual size: 4KB

.SHARE Size: 512B - Virtual size: 4KB

.rsrc Size: 882KB - Virtual size: 881KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 187KB - Virtual size: 188KB

.data
Size: 52KB - Virtual size: 152KB

.share
Size: 512B - Virtual size: 4KB

.SHARE
Size: 512B - Virtual size: 4KB

.rsrc
Size: 882KB - Virtual size: 881KB