d2b1737eaf8b350b00066c617a08a95f33e0c723a7ec3f57c44a08c90b2d9af2

Sharing

Copy URL

Twitter E-mail

General

Target

d2b1737eaf8b350b00066c617a08a95f33e0c723a7ec3f57c44a08c90b2d9af2
Size

2.4MB
MD5

9c32deb8780079214cd748bc4acdecf7
SHA1

abe4b289dc806da27b10125404843c980766e92b
SHA256

d2b1737eaf8b350b00066c617a08a95f33e0c723a7ec3f57c44a08c90b2d9af2
SHA512

3e95c5543f98cf21a74c107f3f011cf1817f66a830bdb1bca29139ae22c08ae9d7880c9bb80e3038ac65f3eb229e5d902aec89d2a4639dc848949205ec87694e
SSDEEP

12288:bjC4uGeKraJ9HgocWf9L8UUq836PcL5TdCM3faA:bjC4uGeB9HZ9Ic8mcL5TdCu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2b1737eaf8b350b00066c617a08a95f33e0c723a7ec3f57c44a08c90b2d9af2

Files

d2b1737eaf8b350b00066c617a08a95f33e0c723a7ec3f57c44a08c90b2d9af2
.exe windows:5 windows x86 arch:x86

47d9c05d55bbc3899f831347ecc6bf93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\820203\out\Release\

Imports

kernel32

CreateMutexA
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
lstrlenW
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
GetProcAddress
ReleaseMutex
GetLastError
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
Process32FirstW
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
Process32NextW
CloseHandle
InterlockedCompareExchange
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
FatalAppExitA
GetModuleFileNameW
GetCommandLineW
HeapCreate
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitProcess
GetStartupInfoW
CreateThread
ExitThread
FreeResource
GetVersionExW
GetSystemWindowsDirectoryW
lstrlenA
lstrcmpiA
lstrcmpA
LocalFree
GetConsoleMode
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileW
SetFilePointer
LoadLibraryW
ReadFile
DeviceIoControl
WriteFile
FlushFileBuffers
GetTempPathW
DeleteFileW
OpenMutexW
CreateMutexW
WaitForSingleObject
WideCharToMultiByte
GetSystemDirectoryW
CreateFileA

user32

GetActiveWindow
DefWindowProcW
FindWindowW
SendMessageTimeoutW
MessageBoxW
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
wsprintfW
CreateDialogParamW
GetParent
GetWindow
GetWindowRect
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
SendMessageW
SetWindowTextW
PostMessageW
PostQuitMessage
GetSystemMetrics
LoadImageW
CharNextW
SetWindowLongW
ShowWindow

advapi32

RegCreateKeyExW
OpenProcessToken
RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
GetTokenInformation
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExA
RegQueryValueExA

shell32

ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
ord165

ole32

CoInitializeEx
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
VariantInit
VariantClear

shlwapi

StrToIntExW
SHGetValueA
PathIsDirectoryW
PathAppendW
PathFileExistsW
PathCombineW
SHSetValueA
StrTrimA
StrCmpNIW
StrStrIA
PathRemoveExtensionW
StrStrIW
SHGetValueW
SHDeleteValueW
SHSetValueW
StrCmpIW
PathFindFileNameW

comctl32

InitCommonControlsEx

setupapi

SetupIterateCabinetW

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
HttpQueryInfoW
InternetCrackUrlW

ws2_32

htons
closesocket
gethostbyname
connect
inet_ntoa
send
recv
socket
WSAStartup
WSACleanup

version

VerQueryValueW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47d9c05d55bbc3899f831347ecc6bf93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

setupapi

wininet

ws2_32

version

iphlpapi

Sections

.text Size: 306KB - Virtual size: 305KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 9KB - Virtual size: 21KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 9KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 12KB - Virtual size: 11KB