cf8969c5e9a1c85e71541883a7e9d486325afcc8625ef1432d5bf1397b6df3a6

Sharing

Copy URL

Twitter E-mail

General

Target

cf8969c5e9a1c85e71541883a7e9d486325afcc8625ef1432d5bf1397b6df3a6
Size

687KB
MD5

f8ec552d7a9d7036deeec0b45c37aa93
SHA1

024f0ddd0d4fcff87a5af2a9de59609796255722
SHA256

cf8969c5e9a1c85e71541883a7e9d486325afcc8625ef1432d5bf1397b6df3a6
SHA512

27e4298e0461563da3f7bcb9ed8024a91f6dface02bc6071b5e3448a51f12c6727bbe06880a64acbbcb5ebd136b7b3b2d84250950c58dd60acff8e409b6718b2
SSDEEP

12288:lTP8um6dNXHy7OeJXec5fqku0VUMCJanjBBdgEKJSTsJ7lj3C7cyZ9t:pP8uLdSiYqkYBAnj/dg6TC3RyZ9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf8969c5e9a1c85e71541883a7e9d486325afcc8625ef1432d5bf1397b6df3a6

Files

cf8969c5e9a1c85e71541883a7e9d486325afcc8625ef1432d5bf1397b6df3a6
.exe windows:5 windows x86 arch:x86

13f8a8ee634cc599bcef22445ba028ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\613736\out\Release\360ScreenCapture.pdb

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Process32NextW
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
WaitForSingleObject
TlsGetValue
GetFileSizeEx
ReadFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
DeleteFileW
GlobalLock
GlobalUnlock
TerminateProcess
GlobalAlloc
GlobalFree
LocalFree
WriteFile
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedCompareExchange
Sleep
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
CreateProcessW
CreateFileW
DeviceIoControl
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
CreateMutexW
OpenProcess
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
LCMapStringW
Process32FirstW
CloseHandle
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
GetLastError
GetCurrentThreadId
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetLastError
GetCommandLineW
LeaveCriticalSection
ExitProcess
EnterCriticalSection
lstrcpyW

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
ChangeClipboardChain
SendMessageW
SetClipboardViewer
SetWindowPos
GetSystemMetrics
GetWindowRect
GetParent
UnhookWindowsHookEx
GetWindowLongW
MessageBoxW
ShowWindow
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
DestroyWindow
CharNextW
SetWindowLongW
CallNextHookEx
ReleaseDC
GetDC
InvalidateRect
FillRect
InflateRect
GetClientRect
GetDlgItem
BeginPaint
EndPaint
GetKeyState
CallWindowProcW
IsWindow
FindWindowExW
UnregisterClassA
IntersectRect
SetWindowsHookExW
EqualRect
SetFocus
SetWindowTextW
GetSysColorBrush
SetCursor
ReleaseCapture
ScreenToClient
DrawTextW
UpdateWindow
RedrawWindow
CreateDialogParamW
SetClipboardData
GetWindow
PtInRect
IsWindowVisible
IsRectEmpty
KillTimer
MoveWindow
SetTimer
GetCursorPos
CopyRect
GetAsyncKeyState
SetClassLongW
PostMessageW
GetWindowTextW
SetRect
wsprintfW

gdi32

SelectPalette
RealizePalette
Ellipse
Polygon
GetPixel
SetROP2
SetBkMode
SetTextColor
GetDIBits
CreateDCW
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
MoveToEx
LineTo
RestoreDC
CreateDIBSection
CreateCompatibleBitmap
GetStockObject
CreateSolidBrush
CreatePen
Rectangle
EnumFontFamiliesExW
CreateFontW
EnumFontFamiliesW
CreateCompatibleDC
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
GetObjectW
DeleteObject
GetDeviceCaps

comdlg32

GetSaveFileNameW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExA

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
RevokeDragDrop

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathFileExistsW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW
PathCombineW
SHSetValueW
SHGetValueW
StrCmpIW
StrCmpW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipSetClipPath
GdipDrawPath
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathRectangle
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage
GdipFree

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13f8a8ee634cc599bcef22445ba028ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

psapi

wintrust

crypt32

Sections

.text Size: 474KB - Virtual size: 474KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 474KB - Virtual size: 474KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 81KB - Virtual size: 84KB