6805497e223ee769fd81b04d1581714ed5089aad0f835720d399ee773ca848d8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6805497e223ee769fd81b04d1581714ed5089aad0f835720d399ee773ca848d8.exe
Size

9.0MB
MD5

f77e04112096e43d652b2ff422a8b6b5
SHA1

35c9a842305dbfb426b88098e77a6f1e493d96a7
SHA256

6805497e223ee769fd81b04d1581714ed5089aad0f835720d399ee773ca848d8
SHA512

17c595bcce2ecb77be90f03fc27c785709811756617e22f80f25564b24cb05c799600eb59e73722bee41c29978b5b446b638fb756f9aa877c5b8c8bbbf733b6d
SSDEEP

196608:9NgyBQ5L2VvblsSWlQIOorFaqCVcWBvTi7w9YtZre:9VtByQIO8CVdgre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6805497e223ee769fd81b04d1581714ed5089aad0f835720d399ee773ca848d8.exe

Files

6805497e223ee769fd81b04d1581714ed5089aad0f835720d399ee773ca848d8.exe
.exe windows:5 windows x86 arch:x86

d8ab2ebe34302214fb591786c1224cb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\683178\out\Release\360PrivacyGuard.pdb

Imports

kernel32

GetLocaleInfoW
LocalFileTimeToFileTime
GetFileSizeEx
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetStartupInfoW
RtlUnwind
HeapReAlloc
HeapSize
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
CompareStringA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GlobalFlags
lstrcmpiA
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
SetFilePointerEx
IsProcessorFeaturePresent
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
lstrcmpA
CompareStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetACP
FormatMessageW
ExitProcess
GetFullPathNameW
lstrcmpW
SetErrorMode
SetEnvironmentVariableW
lstrcpyW
lstrlenA
GetCommandLineW
GlobalUnlock
GlobalLock
GetTempFileNameW
GlobalAlloc
InterlockedIncrement
GetTimeZoneInformation
GlobalFree
FreeConsole
GetTempPathW
SetCurrentDirectoryW
MulDiv
CreateSemaphoreW
ReleaseSemaphore
GetSystemTimeAsFileTime
RaiseException
FlushInstructionCache
GetModuleHandleA
CreateProcessW
LocalAlloc
GetTickCount
TerminateProcess
OpenMutexW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentThreadId
FreeResource
lstrcmpiW
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
DeviceIoControl
MoveFileExW
GetFileAttributesW
DeleteFileW
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
ReadFile
GetFileSize
GetModuleFileNameW
GetWindowsDirectoryW
GetPrivateProfileStringW
CreateThread
CreateFileW
GetShortPathNameW
OpenProcess
InterlockedDecrement
FindNextFileW
FindFirstFileW
SetEvent
LoadLibraryW
InterlockedCompareExchange
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalFree
GetLastError
GetVersion
CloseHandle
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
GetVersionExW
CreateEventW
InterlockedExchange
FindClose
FreeLibrary
GetStartupInfoA

user32

SetCursor
GetWindowTextW
GetWindowTextLengthW
RedrawWindow
ScreenToClient
GetMessagePos
PtInRect
DrawTextW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowTextW
GetWindow
MonitorFromWindow
MapWindowPoints
IsRectEmpty
IsDialogMessageW
GetClientRect
DrawIconEx
DestroyIcon
GetActiveWindow
MessageBoxW
InvalidateRect
LoadIconW
GetDesktopWindow
keybd_event
GetKeyboardState
SetActiveWindow
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
AllowSetForegroundWindow
GetMonitorInfoW
GetWindowRect
MoveWindow
ClientToScreen
OffsetRect
CopyRect
GetFocus
ReleaseDC
GetDC
RegisterWindowMessageW
SetRectEmpty
IsWindowEnabled
SetFocus
SetWindowPos
SendMessageW
GetParent
EnableWindow
CreateWindowExW
LoadCursorW
GetClassInfoExW
GetDlgCtrlID
GetKeyState
IsWindow
GetWindowDC
BeginPaint
EndPaint
SetCapture
ReleaseCapture
GetClassLongW
SetClassLongW
BringWindowToTop
SwitchToThisWindow
PostMessageW
LoadStringW
UnregisterClassA
GetSystemMetrics
GetWindowThreadProcessId
IsWindowVisible
SetWindowLongW
GetWindowLongW
DefWindowProcW
DestroyMenu
TabbedTextOutW
DrawTextExW
CallWindowProcW
FindWindowW
SendMessageTimeoutW
KillTimer
GrayStringW
DestroyWindow
OpenClipboard
EmptyClipboard
CloseClipboard
GetClipboardData
FindWindowExW
CallNextHookEx
SetClipboardViewer
ChangeClipboardChain
SetWindowsHookExW
UnhookWindowsHookEx
CharNextW
PeekMessageW
DestroyAcceleratorTable
InvalidateRgn
FillRect
CreateAcceleratorTableW
GetSysColor
GetClassNameW
GetDlgItem
IsChild
LoadImageW
PrivateExtractIconsW
PostQuitMessage
GetCursorPos
GetLastActivePopup
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
GetSysColorBrush
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsIconic
SystemParametersInfoA
GetMenu
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
SetMenu
GetMessageTime
GetTopWindow
RemovePropW
GetPropW
SetPropW
GetCapture
WinHelpW
RegisterClassExW
SetTimer
ShowWindow
GetWindowPlacement

gdi32

SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
CreateBitmap
GetStockObject
BitBlt
SetViewportOrgEx
GetPixel
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
GetObjectA
GetObjectW
SelectObject
CreateCompatibleDC
DeleteDC
ScaleWindowExtEx
DeleteObject
CreateFontW
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA

shell32

DragQueryFileW
DragFinish
ExtractIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ord680
ShellExecuteExW
SHGetFileInfoW
SHGetFolderPathW
DragAcceptFiles
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
RevokeDragDrop
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
DispCallFunc
SafeArrayGetVartype
SafeArrayCopy
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType

shlwapi

StrStrW
StrRStrIW
PathRemoveBackslashW
ColorHLSToRGB
ColorRGBToHLS
PathCompactPathW
PathStripPathW
ord437
SHSetValueA
SHGetValueA
StrCmpNIW
StrStrIA
PathAddBackslashW
PathAppendW
SHGetValueW
wnsprintfW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
StrCmpIW
PathCombineW
PathFileExistsW
StrStrIW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipFillPath
GdipDrawPath
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetPixelOffsetMode
GdipAddPathLineI
GdipSetPenDashOffset
GdipDrawEllipseI
GdipSetPenWidth
GdipGetPixelOffsetMode
GdipAddPathRectangleI
GdipCreateLineBrushFromRect
GdipDrawRectangleI
GdipCreatePen2
GdipSetLinePresetBlend
GdipDeleteFontFamily
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipCreateFont
GdipSetTextRenderingHint
GdipSetClipRectI
GdipResetClip
GdipGetFontHeight
GdipCreateFromHWND
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipDrawString
GdipGetPathGradientPointCount
GdipAddPathEllipseI
GdipDrawLine
GdipDrawImageRectRectI
GdipNewPrivateFontCollection
GdipFillRectangleI
GdipPrivateAddMemoryFont
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipResetWorldTransform
GdipDrawImagePointRectI
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipAddPathArc
GdipAddPathLine
GdipAddPathPie
GdipGetPathWorldBoundsI
GdipAddPathLine2
GdipSetPathGradientCenterPoint
GdipSetPathGradientGammaCorrection
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipFillRectangle
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawLineI
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRectI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDeletePrivateFontCollection
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipFree
GdipCreateFromHDC
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipSetPathGradientSurroundColorsWithCount
GdipGetImageHeight

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
DeleteUrlCacheEntryW
InternetReadFile

psapi

GetModuleFileNameExW

wtsapi32

WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW

imm32

ImmDisableIME

rpcrt4

NdrAsyncClientCall
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingFree

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 736KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8ab2ebe34302214fb591786c1224cb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

wininet

psapi

wtsapi32

userenv

imm32

rpcrt4

oleacc

Sections

.text Size: 736KB - Virtual size: 740KB

.rdata Size: 175KB - Virtual size: 176KB

.data Size: 22KB - Virtual size: 56KB

.rsrc Size: 8.1MB - Virtual size: 8.1MB

.text
Size: 736KB - Virtual size: 740KB

.rdata
Size: 175KB - Virtual size: 176KB

.data
Size: 22KB - Virtual size: 56KB

.rsrc
Size: 8.1MB - Virtual size: 8.1MB