e6089c8a24b25862256453ee1579fb895aa16d7637875eab498e76ac40010d51

Sharing

Copy URL

Twitter E-mail

General

Target

e6089c8a24b25862256453ee1579fb895aa16d7637875eab498e76ac40010d51
Size

1002KB
MD5

c39909e2636306b7c78e4ad202b587fa
SHA1

fb8582622cf050c739dc4c1df93e318888d3bb9b
SHA256

e6089c8a24b25862256453ee1579fb895aa16d7637875eab498e76ac40010d51
SHA512

b63c78ec5181b2600408cce09e742b1ccfdcf3bf3029e24182a7ae093de4f64e1e7cc3972d23d4a0251080e23b55a952155ef642915f251e5bf2666bf8136441
SSDEEP

12288:UGadU5lhDh2+iwU1rtZxSPxsvetZ25p5eo9TOhSYPwTGgAAL6rWXaFwWLlzoo:Cd2CPib25p59Tcnoo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6089c8a24b25862256453ee1579fb895aa16d7637875eab498e76ac40010d51

Files

e6089c8a24b25862256453ee1579fb895aa16d7637875eab498e76ac40010d51
.exe windows:5 windows x86 arch:x86

d451d54dd76dfe00eceb44b00f5d1e15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\727206\out\Release\ModuleUpdate.pdb

Imports

kernel32

FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
TerminateProcess
CopyFileW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetLongPathNameW
WideCharToMultiByte
GetVersionExW
GetLocalTime
GetFileSizeEx
GlobalFree
GlobalAlloc
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
GetFileAttributesExW
UnlockFile
ReadFile
GetFileSize
LockFile
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentThreadId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetTempPathW
GetModuleHandleA
FlushFileBuffers
SetLastError
GetConsoleCP
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStdHandle
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetStartupInfoW
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
GetTempFileNameW
DeleteFileW
lstrlenA
OutputDebugStringW
DebugBreak
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrlenW
InterlockedIncrement
LoadLibraryW
GetCurrentProcess
FreeEnvironmentStringsW
FlushInstructionCache
GetCommandLineW
FreeLibrary
CloseHandle
Sleep
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetCurrentProcessId
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetModuleFileNameA
RaiseException
CreateFileW
DeviceIoControl
GetConsoleMode

user32

PeekMessageW
ShowWindow
CharLowerW
CharNextW
LoadStringW
SetWindowLongW
RegisterClassW
GetClassInfoW
MessageBoxW
GetActiveWindow
wvsprintfW
GetMessageW
PostMessageW
MoveWindow
GetClientRect
RedrawWindow
SetDlgItemTextW
GetDlgItem
SetLayeredWindowAttributes
LoadImageW
GetSystemMetrics
PostQuitMessage
BringWindowToTop
IsIconic
InvalidateRect
RegisterWindowMessageW
IsWindowVisible
TranslateMessage
DispatchMessageW
CreateDialogParamW
DefWindowProcW
SendMessageTimeoutW
IsWindow
UnregisterClassA
DestroyWindow
SetForegroundWindow
CharUpperW
ScreenToClient
TrackMouseEvent
SetCursor
GetCursorPos
SetRect
PtInRect
DrawTextW
CallWindowProcW
CopyRect
EndPaint
BeginPaint
GetDC
ReleaseDC
FindWindowExW
GetWindowThreadProcessId
GetWindowTextW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
SendMessageW
KillTimer
SetTimer
SetWindowPos
SetWindowTextW
GetWindowLongW

gdi32

LineTo
MoveToEx
StretchBlt
SetStretchBltMode
GetObjectW
SetBkColor
ExtTextOutW
RestoreDC
SaveDC
SetBkMode
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
DeleteObject
CreateFontW
EnumFontFamiliesW
CreatePen

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathCombineW
StrCmpW
PathIsRelativeW
PathFileExistsW
SHGetValueW
PathAppendW
SHSetValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipDrawImagePointRectI
GdipDeleteBrush
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipCloneBrush
GdipFillPieI
GdipFillRectangleI
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateTexture
GdipAlloc
GdipFree
GdipCreateSolidFill

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d451d54dd76dfe00eceb44b00f5d1e15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wintrust

crypt32

psapi

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 376KB - Virtual size: 375KB

.reloc Size: 93KB - Virtual size: 96KB

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 376KB - Virtual size: 375KB

.reloc
Size: 93KB - Virtual size: 96KB