46479b4171fe041bd32f9411dd5966af868e32a035d5e5fd7aa52cc475adb41d

Sharing

Copy URL

Twitter E-mail

General

Target

46479b4171fe041bd32f9411dd5966af868e32a035d5e5fd7aa52cc475adb41d
Size

574KB
MD5

99bf438a698366730ef86629532ba2af
SHA1

53bb311759baf412cb71098119d412f040f4da9e
SHA256

46479b4171fe041bd32f9411dd5966af868e32a035d5e5fd7aa52cc475adb41d
SHA512

c0825944ae1b94ff76cdb0be244107a4a877ad933b75e87fd55cd6c7c2f86d4775a41e111f50dd2c479cf996b94a62d826ba4085b5b308473c045cb757ecbceb
SSDEEP

12288:mLXO7qAPn3Gtt10hojUBXf3SUiw+o5Za5891:cXO7qFttjjURqe9c5891

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46479b4171fe041bd32f9411dd5966af868e32a035d5e5fd7aa52cc475adb41d

Files

46479b4171fe041bd32f9411dd5966af868e32a035d5e5fd7aa52cc475adb41d
.exe windows:5 windows x86 arch:x86

a5aefb419b4225349afed1071e1a3534

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\545725\out\Release\360ExtLoader.pdb

Imports

kernel32

EnterCriticalSection
LoadLibraryW
OutputDebugStringW
GetStdHandle
WriteFile
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCommandLineW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryExW
GetModuleHandleW
CreateFileW
DeviceIoControl
GetCurrentProcessId
GetLocalTime
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetFileAttributesExW
SetFilePointerEx
SetFilePointer
GetTickCount
DeleteFileW
SetEndOfFile
GetFileAttributesW
SetFileAttributesW
MoveFileExW
CreateThread
Sleep
WaitForSingleObject
SetEvent
ResetEvent
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetProcAddress
GetCurrentThread
GetThreadContext
VirtualQuery
GetCurrentProcess
SetThreadPriority
FlushInstructionCache
LeaveCriticalSection
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
GetSystemDirectoryW
WideCharToMultiByte
ReadFile
GetModuleFileNameW
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateEventW
VirtualFree
FindClose
FreeLibrary
GetLastError
CreateMutexW
DeleteCriticalSection
CloseHandle
HeapCreate
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleFileNameA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InitializeCriticalSection
VirtualAlloc
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetLastError
TlsGetValue
TlsSetValue
HeapUnlock
HeapLock
HeapWalk
ReleaseMutex
TlsAlloc
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement

user32

FindWindowW
EndPaint
IsWindow
PostThreadMessageW
DefWindowProcW
DestroyWindow
PeekMessageW
DrawTextW
GetClientRect
BeginPaint
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
SendMessageW
InvalidateRect
KillTimer

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

shlwapi

PathCombineW
StrStrIW
StrStrIA
PathAppendW
PathFileExistsW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 158KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5aefb419b4225349afed1071e1a3534

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 158KB - Virtual size: 171KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 158KB - Virtual size: 171KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 86KB - Virtual size: 88KB