d0e4b97e13c1f190e6618a9ff3f9db8421c80a8ec933b1acafe7e3275400ed6c

Sharing

Copy URL

Twitter E-mail

General

Target

d0e4b97e13c1f190e6618a9ff3f9db8421c80a8ec933b1acafe7e3275400ed6c
Size

1.3MB
MD5

06dd6fa8bf658d7e93534e8e7a872dfc
SHA1

f38229a24613ff99ef9aaf97b5392b537bb279b9
SHA256

d0e4b97e13c1f190e6618a9ff3f9db8421c80a8ec933b1acafe7e3275400ed6c
SHA512

9d84be20fbae11ee931fa0aa64cf410aae48a6b682725a0eb4a0db8f396246b5bf45f0689116c5f833bd3544993057acdc6764ab4b85dfe89bfe535456629e43
SSDEEP

12288:zZbGOkQ62kjo4Iqfv64mT4BzTEHTYL2Sz8WHzsTvEqnuDnuDF54wjjP9J:h5kfjWGzASzZHQTs+ui4wXP9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e4b97e13c1f190e6618a9ff3f9db8421c80a8ec933b1acafe7e3275400ed6c

Files

d0e4b97e13c1f190e6618a9ff3f9db8421c80a8ec933b1acafe7e3275400ed6c
.exe windows:5 windows x86 arch:x86

3acf1e323afbcbb6be278aecef6865f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\647497\out\Release\360DrvMgr.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
DeleteCriticalSection
DeviceIoControl
GetModuleFileNameA
OpenMutexW
SetLastError
GetTickCount
QueryPerformanceCounter
LocalAlloc
GetSystemPowerStatus
SetFilePointer
ReadFile
GetFileSizeEx
GetCurrentThread
VirtualAlloc
VirtualQuery
ResumeThread
GetThreadContext
SuspendThread
OpenThread
SetThreadPriority
GetThreadPriority
FlushInstructionCache
VirtualProtect
InterlockedIncrement
InterlockedDecrement
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetWindowsDirectoryW
lstrcmpiW
ReleaseSemaphore
OpenSemaphoreW
GetLocalTime
SetEvent
CreateEventW
WaitForMultipleObjects
WriteFile
lstrcmpiA
ResetEvent
OpenEventW
ExitProcess
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateFileA
HeapFree
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
DeleteFileW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
InitializeCriticalSectionAndSpinCount
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStdHandle
GetFileType
WriteConsoleW
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetCurrentThreadId
WideCharToMultiByte
GetLastError
CreateMutexW
QueryDosDeviceW
InitializeCriticalSection
GetLongPathNameW
GetDiskFreeSpaceExW
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
WaitForSingleObject
GetExitCodeProcess
OpenProcess
WritePrivateProfileStringW
GetCommandLineW
GetPrivateProfileIntW
InterlockedExchange
InterlockedCompareExchange
Sleep
lstrlenW
GetVersionExW
FreeResource
GetSystemWindowsDirectoryW
GetCurrentProcess
GetModuleHandleA
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
LoadLibraryW
LocalFree
lstrlenA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
SetStdHandle

user32

LoadCursorW
GetClassInfoExW
SetWindowRgn
GetCursorPos
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
FillRect
DrawIconEx
CopyRect
InvalidateRect
UnregisterClassA
ScreenToClient
PostQuitMessage
SetDlgItemTextW
DialogBoxParamW
CreateDialogParamW
InflateRect
GetWindowPlacement
IsWindowEnabled
IsWindowVisible
SetRect
LoadMenuW
DeleteMenu
EnableMenuItem
ModifyMenuW
DestroyMenu
GetWindowRect
GetDlgItem
MessageBoxW
GetActiveWindow
SetWindowTextW
MoveWindow
GetParent
CreateWindowExW
ReleaseDC
GetDC
FindWindowW
RegisterWindowMessageW
PostMessageW
UpdateLayeredWindow
RegisterClassExW
SetFocus
MonitorFromPoint
TrackPopupMenu
FindWindowExW
GetWindowThreadProcessId
SystemParametersInfoW
IsDlgButtonChecked
CheckDlgButton
ScrollWindow
DrawTextW
GetSubMenu
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
EnableWindow
RedrawWindow
PtInRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClientRect
DestroyIcon
EndDialog
GetSystemMetrics
LoadImageW
GetLastInputInfo
IsDialogMessageW
SendMessageW
KillTimer
SetTimer
UpdateWindow
IsIconic
LockSetForegroundWindow
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
IsWindow
ShowWindow
BringWindowToTop
SendMessageTimeoutW
GetClassInfoW
RegisterClassW
WaitForInputIdle
GetShellWindow
ExitWindowsEx
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
SetWindowPos

gdi32

SetTextColor
SetBkMode
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
BitBlt
CreateRectRgn
CreateFontW
EnumFontFamiliesW
ExtTextOutW
SetBkColor
SetViewportOrgEx
CreateDIBSection
StretchBlt
SetStretchBltMode
MoveToEx
LineTo
CreateSolidBrush
CombineRgn
CreatePen
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
DuplicateTokenEx
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegEnumKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteExW
ord165
ShellExecuteW
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringLen
VarUI4FromStr
SysStringByteLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathIsDirectoryW
AssocQueryStringW
PathIsRelativeW
StrStrIA
PathQuoteSpacesW
PathAddBackslashW
PathRemoveExtensionW
StrCmpIW
SHSetValueW
StrCmpW
PathStripPathW
PathAppendA
SHGetValueW
PathUnquoteSpacesW
PathAppendW
PathFileExistsW
SHSetValueA
PathCombineA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecW
StrStrIW
PathCombineW

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipCreateFromHDC
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipDisposeImage

psapi

GetModuleBaseNameW
GetProcessImageFileNameW

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 181KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3acf1e323afbcbb6be278aecef6865f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

psapi

Sections

.text Size: 558KB - Virtual size: 558KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 181KB - Virtual size: 198KB

.rsrc Size: 325KB - Virtual size: 324KB

.reloc Size: 100KB - Virtual size: 104KB

.text
Size: 558KB - Virtual size: 558KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 181KB - Virtual size: 198KB

.rsrc
Size: 325KB - Virtual size: 324KB

.reloc
Size: 100KB - Virtual size: 104KB