C:\vmagent_new\bin\joblist\772492\out\Release\360TsLiveUpd.pdb
Static task
static1
Behavioral task
behavioral1
Sample
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
Resource
win10v2004-20240802-en
General
-
Target
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
-
Size
2.8MB
-
MD5
8f86128dfea02b5f1b28221aa0fbb391
-
SHA1
ac249d130db76607902fe00c467db5683ef531fd
-
SHA256
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe
-
SHA512
21162185db4bf61c0cf4d8a70cd302b4234cf91c57e113fead69264d30bbd61eb7382d4b9e6b5fa274de6e81beefa062792018700326b87c751597a453fa326d
-
SSDEEP
49152:wbkzSYl+aFUUhf3LIc3VEarMlonlT3ZGfdPjTV2sJ7CQUmhS:eoLX3VEarXs67
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe
Files
-
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe.exe.exe windows:5 windows x86 arch:x86
9e06a884a787798c5a0284c5a9621007
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
gethostbyname
inet_ntoa
kernel32
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
GetExitCodeThread
GetSystemInfo
GetModuleHandleA
GetModuleHandleExW
WideCharToMultiByte
ResetEvent
SetLastError
GetCurrentThreadId
InterlockedCompareExchange
QueryDosDeviceW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetExitCodeProcess
TerminateProcess
OpenProcess
InterlockedDecrement
GetShortPathNameW
GetVersion
GetPrivateProfileIntW
WritePrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
lstrcmpiW
GetComputerNameW
GetBinaryTypeW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetPrivateProfileStringW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetOverlappedResult
CreateThread
ExpandEnvironmentStringsA
FileTimeToSystemTime
CompareFileTime
GetSystemTimeAsFileTime
CreateRemoteThread
CopyFileW
lstrcmpiA
lstrlenA
Module32NextW
Module32FirstW
MoveFileW
CreateDirectoryW
GetLocalTime
FreeConsole
ReleaseSemaphore
GetTempPathW
GlobalFree
GetTimeZoneInformation
OpenMutexW
GetCommandLineW
Process32FirstW
CreateSemaphoreW
WritePrivateProfileSectionW
GetProcessTimes
CreateMutexA
FlushInstructionCache
InterlockedIncrement
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
UnmapViewOfFile
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
CreateMutexW
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
SetConsoleCtrlHandler
GetStringTypeA
ExitProcess
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetStdHandle
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitThread
RtlUnwind
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
GetFullPathNameW
Process32NextW
GetFileSize
CreateFileMappingW
MapViewOfFileEx
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FreeResource
InterlockedExchange
LoadLibraryExW
LoadLibraryW
GetCurrentProcess
GetSystemPowerStatus
GlobalMemoryStatusEx
HeapDestroy
GlobalMemoryStatus
Sleep
ProcessIdToSessionId
LoadLibraryA
FreeLibrary
GetSystemDirectoryW
GetDriveTypeW
CreateFileW
DeviceIoControl
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
TerminateThread
ReadDirectoryChangesW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
ResumeThread
SetEvent
WaitForSingleObject
lstrlenW
CloseHandle
UnlockFile
LockFile
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExW
GetModuleHandleW
GetProcAddress
GetLocaleInfoA
HeapReAlloc
HeapSize
ReleaseMutex
FileTimeToLocalFileTime
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
user32
MonitorFromWindow
MonitorFromPoint
SetFocus
SetActiveWindow
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetSystemMetrics
ExitWindowsEx
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
UnregisterClassA
AllowSetForegroundWindow
keybd_event
GetKeyboardState
MonitorFromRect
GetWindowRect
SetWindowPos
GetWindowLongW
UpdateWindow
InvalidateRect
SetWindowRgn
WaitForInputIdle
LoadStringW
PostMessageW
IsWindow
FindWindowW
SendMessageW
SendMessageTimeoutW
RegisterWindowMessageW
EnumDisplaySettingsW
DefWindowProcW
GetClassInfoW
RegisterClassW
CreateDialogParamW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsDialogMessageW
SetWindowLongW
PostQuitMessage
LoadImageW
GetParent
GetWindow
LoadIconW
GetClientRect
MapWindowPoints
KillTimer
SetTimer
DestroyWindow
GetDesktopWindow
WindowFromPoint
GetActiveWindow
MessageBoxW
GetMonitorInfoW
gdi32
CreatePolygonRgn
advapi32
LookupPrivilegeValueW
RegEnumKeyExA
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
ChangeServiceConfigW
ControlService
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegCreateKeyA
RegEnumValueW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
LookupAccountSidW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteKeyW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegDeleteValueW
AllocateAndInitializeSid
EqualSid
CryptImportKey
RegCreateKeyW
GetSidSubAuthority
DuplicateTokenEx
GetTokenInformation
RegOpenKeyW
OpenEventLogW
ReadEventLogW
CloseEventLog
OpenProcessToken
AdjustTokenPrivileges
FreeSid
CryptAcquireContextW
CryptGetKeyParam
CryptDecrypt
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
shell32
ord680
ord165
ShellExecuteW
CommandLineToArgvW
SHParseDisplayName
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHBindToParent
SHGetDataFromIDListW
ExtractIconExW
SHGetFileInfoW
SHGetFolderPathW
Shell_NotifyIconW
ole32
CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
oleaut32
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
shlwapi
StrCmpNIW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathRemoveExtensionW
AssocQueryStringW
PathUnquoteSpacesW
StrChrW
StrCmpNW
PathAddBackslashW
StrStrIA
SHSetValueA
SHDeleteValueA
StrCmpW
PathStripPathW
PathStripToRootW
ord437
StrCpyW
StrCatW
SHGetValueA
PathFindExtensionW
StrCmpIW
PathAppendW
PathFileExistsW
SHDeleteValueW
StrToIntExW
SHSetValueW
SHGetValueW
wnsprintfW
StrStrIW
PathCombineW
SHDeleteKeyW
comctl32
InitCommonControlsEx
psapi
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
wininet
HttpQueryInfoW
InternetReadFile
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetOpenW
InternetSetOptionW
powrprof
GetPwrCapabilities
wintrust
WTHelperProvDataFromStateData
WinVerifyTrust
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
userenv
GetUserProfileDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock
crypt32
CryptProtectData
CryptUnprotectData
CertGetNameStringW
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 170KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 82KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ