a86f30b0a7ceab42806adb4b34f51d6314cb98e7d91329e9a0c70303b97f93cf

Sharing

Copy URL

Twitter E-mail

General

Target

a86f30b0a7ceab42806adb4b34f51d6314cb98e7d91329e9a0c70303b97f93cf
Size

1.3MB
MD5

6a2c6332001cb9e08558de21dd47c926
SHA1

bab3f097a47c408d2635fc223dd8018be8f9ae63
SHA256

a86f30b0a7ceab42806adb4b34f51d6314cb98e7d91329e9a0c70303b97f93cf
SHA512

a75287834590ecdc15ef1ff6a259d68524f124ca33befaad9a227a1ad4a2a9c1ea19fda48c5a70ba535af0064fe32cdea0d97e722e6b3406e3a43f5a25d9bd41
SSDEEP

24576:FImwbMlPqFnSVn1Kg8Yez70USKnKjBU4gerkoYI9Yw2QaXV/pNTf6msHHEz9/:8oljKg2zIUIa4P6Ck/3TSmOU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a86f30b0a7ceab42806adb4b34f51d6314cb98e7d91329e9a0c70303b97f93cf

Files

a86f30b0a7ceab42806adb4b34f51d6314cb98e7d91329e9a0c70303b97f93cf
.exe windows:5 windows x86 arch:x86

7414581e8d6ec35aad6fdd8b3433d3f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\531319\out\Release\360DrvUpdateTip.pdb

Imports

kernel32

Process32FirstW
CreateToolhelp32Snapshot
DeleteCriticalSection
WriteFile
CreateFileW
MoveFileW
GetFileSizeEx
GetLocalTime
SetFilePointer
GetFileSize
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetVersion
DeviceIoControl
SetFileAttributesW
GetFileAttributesExW
GetModuleFileNameA
OpenMutexW
SetLastError
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
LocalAlloc
lstrlenA
RaiseException
FlushInstructionCache
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
lstrcmpiW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
WaitForMultipleObjects
ReadFile
SystemTimeToFileTime
CreateFileA
DeleteFileA
GetACP
FormatMessageW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
GetWindowsDirectoryW
GetEnvironmentVariableW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryW
SetEnvironmentVariableW
GetExitCodeProcess
GetVersionExW
Process32NextW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetShortPathNameW
GetCurrentDirectoryW
SetVolumeLabelW
InterlockedCompareExchange
SetFileTime
GetFileAttributesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
FindClose
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapCreate
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FatalAppExitA
GetStdHandle
IsValidCodePage
GetOEMCP
GetCurrentThread
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
RtlUnwind
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrcmpiA
lstrcmpA
GetSystemDirectoryW
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
GetLastError
CreateMutexW
QueryDosDeviceW
InitializeCriticalSection
GetLongPathNameW
GetCurrentProcess
GetDiskFreeSpaceExW
GetStartupInfoW
CreateProcessW
FindFirstFileW
OpenProcess
FindNextFileW
Sleep
GetCommandLineW
InterlockedExchange
LocalFree
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleA
GetSystemInfo
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
CloseHandle
LoadLibraryW
GetModuleFileNameW
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
EnumSystemLocalesA
GetCurrentProcessId
WaitForSingleObject
GetDriveTypeW
FindNextFileA

user32

LoadMenuW
MessageBoxW
GetActiveWindow
PostQuitMessage
DispatchMessageW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
FindWindowW
UnregisterClassA
RegisterWindowMessageW
PostMessageW
GetWindowThreadProcessId
FindWindowExW
ExitWindowsEx
GetShellWindow
WaitForInputIdle
RegisterClassW
GetClassInfoW
SetWindowLongW
GetMessageW
CharNextW
DestroyWindow
CreateDialogParamW
DefWindowProcW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
SendMessageTimeoutW
IsWindow
GetDC
GetWindowRect
ModifyMenuW
DestroyMenu
GetMonitorInfoW
UpdateLayeredWindow
ReleaseDC
EndPaint
BeginPaint
CallWindowProcW
LoadCursorW
SetWindowRgn
IsWindowVisible
LoadImageW
MoveWindow
SetWindowTextW
SystemParametersInfoW
BringWindowToTop
FillRect
GetClientRect
ClientToScreen
GetSystemMetrics
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
GetSubMenu
TrackPopupMenu
GetLastInputInfo
CopyRect
GetWindowLongW
IsDialogMessageW
SendMessageW
GetDlgItem
KillTimer
SetTimer
ShowWindow
UpdateWindow
SetWindowPos
IsIconic
MonitorFromPoint

gdi32

DeleteDC
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CombineRgn
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDeviceCaps
BitBlt

advapi32

RegEnumKeyExW
RegEnumKeyExA
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
DuplicateTokenEx
RegSetValueExW
RegDeleteValueW
GetAclInformation
GetAce
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW
ShellExecuteW
SHFileOperationW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysStringLen
SysAllocString

shlwapi

SHGetValueA
SHSetValueA
StrToIntExW
PathAppendW
PathFileExistsW
PathCombineW
StrCmpIW
PathFileExistsA
StrStrIA
StrFormatByteSizeW
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRelativeW
SHGetValueW
StrStrW
StrStrA
AssocQueryStringW
PathIsDirectoryW
PathIsRootW
SHDeleteKeyW
PathRemoveFileSpecA
SHSetValueW
SHDeleteValueW
StrStrIW
PathStripPathW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

gdiplus

GdipGetImageHeight
GdipDisposeImage
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipLoadImageFromStream
GdipGetImageWidth
GdipLoadImageFromStreamICM

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

setupapi

SetupIterateCabinetW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

dbghelp

MiniDumpWriteDump

ws2_32

closesocket
socket
connect
WSAStartup
htons
gethostbyname
shutdown
WSAGetLastError

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 1005KB - Virtual size: 1005KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7414581e8d6ec35aad6fdd8b3433d3f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

setupapi

dbghelp

ws2_32

wintrust

crypt32

Sections

.text Size: 1005KB - Virtual size: 1005KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 18KB - Virtual size: 32KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 104KB - Virtual size: 108KB

.text
Size: 1005KB - Virtual size: 1005KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 18KB - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 104KB - Virtual size: 108KB