00125f55cf9d30c12b410a82e8d589faf30f318f0612b35f716dd5e4d61adbc4

Sharing

Copy URL

Twitter E-mail

General

Target

00125f55cf9d30c12b410a82e8d589faf30f318f0612b35f716dd5e4d61adbc4
Size

411KB
MD5

14cb47990c6483cd4c681ac92caa9c59
SHA1

03314a80cff17bfb295efe09f3aceb5eb65b0137
SHA256

00125f55cf9d30c12b410a82e8d589faf30f318f0612b35f716dd5e4d61adbc4
SHA512

0631f6bb294ec0a58ea1f5751990b610dc621a65fe9ede8df177099b411329f5b6e17e6cca68ca5a0163d39665aa3b608f3c6fa9c2373953f46feb10d0c9595b
SSDEEP

6144:l9YB0B+nXtcT+o9Da9ggccICr2NYpByXHe21L14r31I6b4p9RvY3Yy9t3:MBRVyDwg9vypByXHe21hk3P4pOYy95

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00125f55cf9d30c12b410a82e8d589faf30f318f0612b35f716dd5e4d61adbc4

Files

00125f55cf9d30c12b410a82e8d589faf30f318f0612b35f716dd5e4d61adbc4
.exe windows:5 windows x86 arch:x86

0d1c59d77e94d554a4ed3cb3dfc2207b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\691354\out\Release\defaultsoftset.pdb

Imports

kernel32

MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
ExitProcess
TerminateProcess
InitializeCriticalSection
DeviceIoControl
CreateFileW
GetCurrentProcessId
CreateProcessW
LoadLibraryW
CloseHandle
lstrlenW
GetCurrentThreadId
SetLastError
SetCurrentDirectoryW
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
WaitForSingleObject
GetFileSizeEx
ReadFile
SetFilePointerEx
InterlockedDecrement
LocalFileTimeToFileTime
SystemTimeToFileTime
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
InterlockedIncrement
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
GetCommandLineW
CreateMutexW
GetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetModuleFileNameA
GetStdHandle
WriteFile
LoadLibraryA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
GetModuleHandleW
GetStartupInfoW
Sleep
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcAddress

user32

LoadIconW
RegisterWindowMessageW
GetCursorPos
DrawTextW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetWindowLongW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
GetDC
CallWindowProcW
GetWindowLongW
SetWindowTextW
ScreenToClient
IsDialogMessageW
IsWindow
CreateWindowExW
DefWindowProcW
FindWindowW
ShowWindow
SetForegroundWindow
CharNextW
LoadImageW
PrivateExtractIconsW
LoadBitmapW
GetIconInfo
DrawIconEx
DestroyIcon
GetActiveWindow
MessageBoxW
SendMessageW
CopyRect
PtInRect
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos

gdi32

GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
GetStockObject
DeleteDC

advapi32

RegCreateKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW
ExtractIconExW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
DispCallFunc
SysAllocString
VarUI4FromStr

shlwapi

PathAppendW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
StrCmpIW
SHGetValueW
StrCmpW
PathFindExtensionW
PathIsDirectoryW
PathCombineW

comctl32

InitCommonControlsEx

gdiplus

GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imm32

ImmDisableIME

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d1c59d77e94d554a4ed3cb3dfc2207b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

imm32

wintrust

crypt32

Sections

.text Size: 240KB - Virtual size: 239KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 75KB - Virtual size: 76KB

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 75KB - Virtual size: 76KB