703c6682e0492d5d801eecbdbd5ccb56f0fda2ec2dc846204bdf96b7150b241a

Sharing

Copy URL

Twitter E-mail

General

Target

703c6682e0492d5d801eecbdbd5ccb56f0fda2ec2dc846204bdf96b7150b241a
Size

782KB
MD5

ed26d530ae3e931e21f036dfc659d756
SHA1

6a03cd0c753a1794ea5daa63e3beb6fb0a3b1ea7
SHA256

703c6682e0492d5d801eecbdbd5ccb56f0fda2ec2dc846204bdf96b7150b241a
SHA512

161d53e3cd968c646c9861d6d15037022ce4fdf60fb45cd369484d8d313bdcc03f5c5e7a204020e7b45954997d984b83e76ac114e0f8a32507a638bce619af8f
SSDEEP

12288:MQrNOrBcZjsdRh1ssPLwkRm92aQrZdy+tL7dLqkhpXNTGpDNr4+4GH0luhRi7bKY:rO9w6PLoqe+tf11zTGpRk+40kGQbKH9S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
703c6682e0492d5d801eecbdbd5ccb56f0fda2ec2dc846204bdf96b7150b241a

Files

703c6682e0492d5d801eecbdbd5ccb56f0fda2ec2dc846204bdf96b7150b241a
.exe windows:5 windows x86 arch:x86

c707dda9baf2c14c26bf3300ae299186

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\vmagent_new\bin\joblist\674769\out\Release\360FeedBack.pdb

Imports

kernel32

WaitForSingleObject
GetSystemInfo
GetModuleHandleA
CreateThread
GetSystemWindowsDirectoryW
FreeResource
SetFilePointer
ReadFile
InterlockedCompareExchange
GetStartupInfoW
MulDiv
CopyFileW
OutputDebugStringW
GetPrivateProfileStringW
CreateEventW
SetEvent
GetTickCount
GlobalMemoryStatusEx
GetVersion
GetEnvironmentVariableW
GetLocalTime
SetCurrentDirectoryW
lstrcpynW
SystemTimeToFileTime
GetModuleHandleExW
lstrcpyW
LocalFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetVersionExW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DebugBreak
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
ExitProcess
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetFileSizeEx
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
GetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetUnhandledExceptionFilter
GetCommandLineW
Sleep
FindNextFileW
FindFirstFileW
FindClose
GetTempPathW
GetTempFileNameW
DeleteFileW
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
CreateProcessW
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
CreateMutexW
LoadLibraryW
InterlockedIncrement
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetCurrentProcess
TerminateProcess
InterlockedExchange
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetCurrentProcessId
CreateFileW
DeviceIoControl
CloseHandle
VirtualQuery

user32

EmptyClipboard
CloseClipboard
SetWindowsHookExW
SetWindowLongW
UnregisterClassA
IsIconic
SetForegroundWindow
GetClassInfoW
RegisterClassW
ShowWindow
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DestroyWindow
MessageBoxW
SetRectEmpty
wsprintfW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
GetActiveWindow
CreateDialogParamW
DefWindowProcW
ScreenToClient
GetClipboardData
OpenClipboard
ChangeClipboardChain
SetClipboardViewer
PostMessageW
SetActiveWindow
GetCursorPos
CallWindowProcW
GetSystemMetrics
LoadImageW
KillTimer
DialogBoxParamW
OffsetRect
CopyRect
SetFocus
SetTimer
PostQuitMessage
FindWindowExW
SetWindowTextW
IsWindowVisible
ReleaseDC
GetDC
MoveWindow
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
GetClientRect
SendMessageW
GetWindowLongW
EndDialog
IsWindow
GetWindowRect
GetParent

gdi32

EnumFontFamiliesW
DeleteObject
CreateFontW
DeleteDC
GetTextExtentPoint32W
GetDeviceCaps
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemAlloc
RevokeDragDrop
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
SysFreeString
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
DispCallFunc
VariantChangeType
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString

shlwapi

PathFindExtensionW
StrCmpW
SHSetValueW
PathRelativePathToW
PathCanonicalizeW
PathFindFileNameW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathIsRelativeW
PathFileExistsW
PathFileExistsA
SHGetValueA
PathCombineA
StrCmpIW
PathAppendA

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptBinaryToStringA

psapi

EnumProcesses

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c707dda9baf2c14c26bf3300ae299186

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

crypt32

psapi

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 14KB - Virtual size: 34KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 101KB - Virtual size: 104KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 14KB - Virtual size: 34KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 101KB - Virtual size: 104KB