11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b.exe
Size

2.9MB
MD5

53218d44298f406baefb2fd052eeb0ef
SHA1

afc422b48b829f29ee2cb95eb9d5139b788a1727
SHA256

11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b
SHA512

88b81da7e8d3665b0a41cd272c50318b8090dc3240d88020255f079df1373e2cf5fb9f0249320fb7346a52a29d20de42a4385f75e1cf91a12aa40786eae1a12a
SSDEEP

49152:zT8+dJPn7Vud6KGavAZXJgfx1HmwPKtWKbF1mIgZ+wau1CObHeIp3hPI4OH+Mfsk:38ROupbHeI7gf+MfA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b.exe

Files

11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b.exe
.exe windows:5 windows x86 arch:x86

df4bc4eba11befc35a0abb7d7cd85672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\811476\out\Release\QHAccount.pdb

Imports

psapi

GetModuleFileNameExW

ws2_32

ntohl
inet_ntoa
ntohs
htons
htonl

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
OpenMutexW
TerminateProcess
LocalAlloc
CreateProcessW
GetModuleHandleA
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushInstructionCache
RaiseException
InterlockedIncrement
GetTempPathW
GetTempFileNameW
CompareFileTime
CompareStringW
ReleaseSemaphore
CreateSemaphoreW
MulDiv
CopyFileW
lstrcpyW
FreeConsole
GlobalFree
GetTimeZoneInformation
SetCurrentDirectoryW
OutputDebugStringW
GetFileAttributesExA
SetFileAttributesA
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineW
GetComputerNameExW
SetErrorMode
lstrcmpW
lstrlenA
lstrcmpiA
lstrcmpA
CreateWaitableTimerA
GetCurrentThreadId
OpenEventA
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetFileAttributesExW
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitProcess
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpiW
SetWaitableTimer
FreeResource
HeapFree
GetProcessHeap
CloseHandle
FreeLibrary
SystemTimeToFileTime
GetDiskFreeSpaceExW
FindClose
InterlockedExchange
CreateEventW
GetVersionExW
GetProcAddress
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WaitForSingleObject
WaitForMultipleObjects
GetVersion
GetLastError
LocalFree
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
InterlockedCompareExchange
GetFileSize
GetModuleFileNameW
GetPrivateProfileStringW
CreateThread
ResetEvent
ReadDirectoryChangesW
CreateFileW
GetShortPathNameW
OpenProcess
InterlockedDecrement
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
DeviceIoControl
MoveFileExW
GetFileAttributesW
DeleteFileW
GetStartupInfoA
GetSystemDirectoryW
GetConsoleCP
GetSystemWindowsDirectoryW
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
LoadLibraryW
InitializeCriticalSectionAndSpinCount

user32

CloseClipboard
EmptyClipboard
OpenClipboard
PostThreadMessageW
SetClassLongW
GetClassLongW
ReleaseCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
SetScrollInfo
GetScrollInfo
SetScrollPos
GetKeyState
GetDlgCtrlID
SetCursor
GetClipboardData
LoadImageW
PostQuitMessage
BringWindowToTop
SwitchToThisWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetTimer
KillTimer
IsWindowVisible
GetWindowThreadProcessId
GetSystemMetrics
LoadStringW
PostMessageW
IsWindow
UnregisterClassA
CreatePopupMenu
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CharNextW
PeekMessageW
DestroyAcceleratorTable
InvalidateRgn
FillRect
CreateAcceleratorTableW
RedrawWindow
GetSysColor
GetClassNameW
IsChild
SetClipboardData
HideCaret
GetWindowTextW
GetWindowTextLengthW
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetRectEmpty
IsRectEmpty
FindWindowW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
EnableWindow
GetParent
SendMessageW
SetWindowPos
SetFocus
IsWindowEnabled
RegisterWindowMessageW
GetDC
ReleaseDC
GetFocus
CopyRect
OffsetRect
ClientToScreen
GetMessagePos
PtInRect
ScreenToClient
IntersectRect
SetForegroundWindow
GetWindowRect
MoveWindow
UpdateLayeredWindow
FindWindowExW
MonitorFromPoint
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetActiveWindow
GetKeyboardState
keybd_event
GetDesktopWindow
MonitorFromRect
InvalidateRect
UpdateWindow
MessageBoxW
GetActiveWindow
GetClientRect
IsDialogMessageW
MapWindowPoints
MonitorFromWindow
GetWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
SetWindowTextW
DrawTextW
SetRect
InflateRect

gdi32

SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
GetObjectA
SetTextColor
GetObjectW
CreateRectRgnIndirect
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
CreateFontW
GetPixel
CreateCompatibleBitmap
SetViewportOrgEx
BitBlt
CreateDIBSection
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

ConvertSidToStringSidW
GetSidSubAuthority
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
CryptGenRandom
RegCreateKeyA

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ord680
ord165
SHGetFolderPathW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc

oleaut32

VariantClear
SysFreeString
SysAllocString
DispCallFunc
SafeArrayGetVartype
SafeArrayCopy
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
SysStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
VariantInit

shlwapi

SHGetValueA
SHDeleteValueA
SHSetValueA
ord437
PathStripPathW
PathCompactPathW
PathFileExistsA
PathCombineA
ColorRGBToHLS
ColorHLSToRGB
StrStrIA
PathAppendW
SHGetValueW
wnsprintfW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathCombineW
StrCmpIW
PathFindFileNameW
PathFindExtensionW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetPathGradientCenterPoint
GdipCreateBitmapFromStream
GdipDrawImagePointRectI
GdipCreateFromHWND
GdipGetFontHeight
GdipResetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetPathGradientGammaCorrection
GdipSetInterpolationMode
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipResetClip
GdipSetClipRectI
GdipSetTextRenderingHint
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDrawLine
GdipSetLinePresetBlend
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipGetPixelOffsetMode
GdipDrawEllipseI
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDrawPath
GdipFillPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCreateLineBrushFromRectI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDrawString
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipDeleteFontFamily
GdipSetPenWidth

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetGetConnectedState
InternetCrackUrlA
DeleteUrlCacheEntryW
InternetSetOptionW
InternetOpenW
InternetReadFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

GetUserProfileDirectoryW

dnsapi

DnsQuery_A
DnsFree

imm32

ImmDisableIME

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1019KB - Virtual size: 1018KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df4bc4eba11befc35a0abb7d7cd85672

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

version

userenv

dnsapi

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 282KB - Virtual size: 281KB

.data Size: 38KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1019KB - Virtual size: 1018KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 282KB - Virtual size: 281KB

.data
Size: 38KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1019KB - Virtual size: 1018KB

.reloc
Size: 95KB - Virtual size: 94KB