c1206aa40b60e7741b4aba7150c42399ba325d94f09f1d48d156ab4a02d6baab

Sharing

Copy URL

Twitter E-mail

General

Target

c1206aa40b60e7741b4aba7150c42399ba325d94f09f1d48d156ab4a02d6baab
Size

974KB
MD5

88e3da5c16b2c9fa64c65bae5a5cd97c
SHA1

f6c3773ee6fa3a62f345297399ce5a8e5bcc7939
SHA256

c1206aa40b60e7741b4aba7150c42399ba325d94f09f1d48d156ab4a02d6baab
SHA512

70328781352162836a93c5adec88576918359f8a4f6c2f85acec21003171966ef53854012d751423b05bcd428cafd466d1e687331fa2b0c3bfe3afe7729b0d8a
SSDEEP

24576:9D1y0fHcTnUUc7/WUSKe8mq70auXS64ae7exZtB996:20dbuM0a763e7Y6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1206aa40b60e7741b4aba7150c42399ba325d94f09f1d48d156ab4a02d6baab

Files

c1206aa40b60e7741b4aba7150c42399ba325d94f09f1d48d156ab4a02d6baab
.exe windows:5 windows x86 arch:x86

61441a2390e94d42a24c7aa4d03a28a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\548182\out\Release\Release\LiveUpdate360.pdb

Imports

kernel32

GetFileAttributesW
GetCurrentThreadId
InterlockedDecrement
GetLastError
TerminateProcess
CloseHandle
ReleaseMutex
SetLastError
GetModuleFileNameW
OpenProcess
CreateMutexW
SetCurrentDirectoryW
RemoveDirectoryW
SetErrorMode
DeleteFileA
lstrlenW
GetVersionExW
GetCommandLineW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetTempFileNameW
GetTempPathW
Process32NextW
CreateToolhelp32Snapshot
GetPrivateProfileIntW
SetUnhandledExceptionFilter
GetCurrentThread
GetLocalTime
GetTickCount
ReadFile
SetFilePointer
GetFileType
InitializeCriticalSection
WritePrivateProfileStringW
WriteFile
Process32FirstW
GetPrivateProfileStringW
GetFileSize
Sleep
MoveFileW
SystemTimeToFileTime
GetSystemTime
GetFileAttributesExW
CreateThread
DeviceIoControl
InterlockedIncrement
lstrcmpiW
SetEndOfFile
GetFileSizeEx
WaitForSingleObject
CreateDirectoryW
VirtualQuery
VirtualAlloc
GetSystemInfo
VirtualFree
ResumeThread
GetThreadContext
SuspendThread
OpenThread
SetThreadPriority
GetThreadPriority
VirtualProtectEx
LoadLibraryExW
InterlockedCompareExchange
HeapFree
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetFullPathNameA
FlushFileBuffers
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FindFirstFileA
GetDriveTypeA
GetStdHandle
WriteConsoleW
ExitThread
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
ExitProcess
RtlUnwind
GetStartupInfoW
lstrcmpiA
lstrcmpA
SleepEx
GetVersionExA
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
GetModuleHandleW
GetSystemDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetCurrentProcessId
LoadLibraryW
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
HeapDestroy
HeapReAlloc
HeapSize
CreateFileA
FormatMessageA
GetSystemDirectoryA
GetModuleHandleA
SetEvent
GetSystemTimeAsFileTime
GetProcAddress
GetProcessHeap
LocalFileTimeToFileTime
SetFilePointerEx
TlsGetValue
OutputDebugStringW
TlsSetValue
HeapUnlock
HeapLock
TlsFree
TlsAlloc
HeapWalk
FreeLibrary

user32

GetActiveWindow
UnregisterClassA
MessageBoxW
FindWindowW
CreateWindowExW
PostMessageW
GetWindowThreadProcessId
IsHungAppWindow
RegisterClassExW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
GetClassInfoExW
SetWindowLongW
ShowWindow
SendMessageTimeoutW
SetForegroundWindow
LockSetForegroundWindow
DefWindowProcW
wsprintfW
DestroyIcon
CreatePopupMenu
OffsetRect
InvalidateRect
UpdateWindow
EnableWindow
CopyRect
PtInRect
GetAsyncKeyState
DialogBoxParamW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetClientRect
MapWindowPoints
SetWindowPos
ScreenToClient
CharNextW
EndDialog
CallWindowProcW
DestroyMenu
GetSystemMenu
DeleteMenu
GetCursorPos
IsWindowVisible
TrackPopupMenu
PostQuitMessage
WindowFromPoint
IsWindow
IsChild
KillTimer
SetTimer
SetWindowTextW
SendMessageW
GetWindowLongW
MonitorFromPoint
GetMonitorInfoW
AppendMenuW
LoadImageW

advapi32

RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegEnumKeyExA

shell32

ShellExecuteW
ExtractIconExW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantCopy
VarUI4FromStr
DispCallFunc
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

SHSetValueA
SHGetValueA
PathAppendW
PathCombineW
SHGetValueW
PathRemoveFileSpecW
StrStrIW
PathFindFileNameW
wvnsprintfW
StrStrIA
PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW

ws2_32

freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
getpeername
bind
htons
htonl
setsockopt
ioctlsocket
socket
gethostbyname
getsockopt
getsockname
send
recv
ntohs
WSAStartup
inet_addr
sendto
closesocket
recvfrom
WSACleanup
WSAGetLastError
getaddrinfo

Sections

.text
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 171KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61441a2390e94d42a24c7aa4d03a28a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

version

ws2_32

Sections

.text Size: 579KB - Virtual size: 579KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 171KB - Virtual size: 189KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 97KB - Virtual size: 100KB

.text
Size: 579KB - Virtual size: 579KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 171KB - Virtual size: 189KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 97KB - Virtual size: 100KB