fae60ee7ff0745577b05560953bb29e9a39f1bcd2457618925f98cfa4a6bf802

Sharing

Copy URL

Twitter E-mail

General

Target

fae60ee7ff0745577b05560953bb29e9a39f1bcd2457618925f98cfa4a6bf802
Size

197KB
MD5

e1ebae44f8fafac408f35ca0e3e5b429
SHA1

e2fce8be4eafbac82d5e1687c4a6716ea24b0a93
SHA256

fae60ee7ff0745577b05560953bb29e9a39f1bcd2457618925f98cfa4a6bf802
SHA512

d2e48b1e05d65e17e275074b3c4ee1d97affabaf4c43bb05f3533b924c1aa7b37887a603c5afe90e09af83310e2c6064131845eaf66a5476e20b9b8786e69a47
SSDEEP

6144:esZb7E18Q8WI9sPOMg3q/pQ3NbRvZFIvcdaQa:esZVWI9sPO7RvIvP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fae60ee7ff0745577b05560953bb29e9a39f1bcd2457618925f98cfa4a6bf802

Files

fae60ee7ff0745577b05560953bb29e9a39f1bcd2457618925f98cfa4a6bf802
.exe windows:5 windows x86 arch:x86

810e846bbf55863781fa97174d57293d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\730161\out\Release\EaInstHelper.pdb

Imports

kernel32

DeleteCriticalSection
GetProcessHeap
InitializeCriticalSection
DeviceIoControl
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
FreeLibrary
InitializeCriticalSectionAndSpinCount
HeapFree
LocalFree
GetCommandLineW
GetCurrentProcessId
MoveFileExW
GetTickCount
CopyFileW
DeleteFileW
GetProcAddress
GetModuleHandleW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateFileW
SetFileAttributesW
CreateDirectoryW
GetModuleHandleExW
ExitProcess
Sleep
TerminateProcess
RtlUnwind
TlsFree
GetSystemDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
CreateMutexW
WaitForSingleObject
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
ReadFile
GetFileSizeEx
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateFileA
SetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent

advapi32

CreateServiceW
RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
DeleteService
RegCreateKeyExW
QueryServiceConfig2W
RegOpenKeyExW
ChangeServiceConfig2W
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegOpenKeyW
RegCloseKey

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW
SHGetValueW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

msvcrt

_XcptFilter
_fmode
_isatty
fflush
_iob
?terminate@@YAXXZ
_wcmdln
__set_app_type
_msize
__CxxFrameHandler
realloc
memcpy
_CxxThrowException
memcmp
__p__commode
_initterm
__setusermatherr
__wgetmainargs
??2@YAPAXI@Z
memset
memmove
_errno
rand
srand
malloc
free
??3@YAXPAX@Z
_control87
fwrite
fputc
___lc_codepage_func
_lock
_unlock
__pctype_func
tolower
___mb_cur_max_func
wcstol
strtol
localeconv
iswctype
calloc
mbtowc
___lc_handle_func
strrchr
_CIlog10
ceil
_clearfp
_wcstoui64
_fileno

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

810e846bbf55863781fa97174d57293d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

version

psapi

msvcrt

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 262KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 67KB - Virtual size: 68KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 262KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 67KB - Virtual size: 68KB