d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d

Sharing

Copy URL

Twitter E-mail

General

Target

d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
Size

1.7MB
MD5

9bb354ef015296fb6fa8532a19db0729
SHA1

4e2bdc58be34c327edf09f3d1f1ec391a52d0a67
SHA256

d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
SHA512

f4633cbd5379f4f8d45f336e403a84ada72ddc21f7e123344ffe95ede6fd75c206dc84a59570e91b45140e9146138bdf2ab1d3bdd960bef822f0d8fcd8cbb308
SSDEEP

24576:2UsgU2g/vBGiXTH5A2PyMuWdsL7P6QQhxKIEUmsxdvpDV8LBnmbTZxil3BMzlueF:2UtU2WKwHuNH+HK8Xdv1lbTZKMzlueF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d

Files

d752daf1abb774492abf542fdebb0f0171c88433f906e07a3bee276100802a5d
.exe windows:5 windows x86 arch:x86

02260c87335b6de48d2e31cacc21685b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\681301\out\Release\360UHelper.pdb

Imports

kernel32

GetTickCount
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeResource
WritePrivateProfileStringW
GetFileAttributesW
SetFileAttributesW
GetVersion
GetFileTime
RemoveDirectoryW
InterlockedCompareExchange
lstrlenA
CopyFileW
CreateThread
InterlockedExchange
GetModuleHandleA
GetSystemInfo
SuspendThread
ExitThread
SetFilePointer
GetStartupInfoW
IsBadReadPtr
SetCurrentDirectoryW
GetFileType
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
SetLastError
FlushInstructionCache
SetEvent
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
CreateEventW
GetUserDefaultLCID
GetCommandLineW
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStartupInfoA
SetHandleCount
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
ExitProcess
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
Sleep
UnmapViewOfFile
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
MapViewOfFile
CreateFileMappingW
ReleaseMutex
WaitForSingleObject
CreateMutexW
WriteFile
GlobalFree
GlobalAlloc
GetFileSizeEx
GetVersionExW
ReadFile
GetFileSize
CreateDirectoryW
CreateProcessW
GetCurrentProcessId
CloseHandle
DeviceIoControl
CreateFileW
WideCharToMultiByte
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
FreeLibrary
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindResourceExW
LockResource
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetLocaleInfoA

user32

GetWindowRect
PostMessageW
GetParent
DestroyWindow
MessageBoxW
UnregisterClassA
GetActiveWindow
DefWindowProcW
CharNextW
DrawTextW
GetWindowThreadProcessId
GetForegroundWindow
EndDialog
EnableWindow
FindWindowExW
AttachThreadInput
EnumWindows
SetActiveWindow
CopyRect
SetWindowsHookExW
UnhookWindowsHookEx
SetCursor
DrawIconEx
CallNextHookEx
GetKeyState
GetCaretPos
IsWindowVisible
SetLayeredWindowAttributes
UpdateLayeredWindow
GetWindowDC
GetCapture
InvalidateRect
GetDlgItem
SetRect
wsprintfW
IsWindow
GetClassNameW
SetForegroundWindow
SendMessageTimeoutW
ReleaseDC
GetDC
FillRect
PtInRect
IntersectRect
OffsetRect
SendMessageW
CreateWindowExW
KillTimer
SetTimer
GetWindowLongW
RegisterWindowMessageW
GetFocus
IsChild
IsDialogMessageW
PostQuitMessage
SetWindowPos
SetWindowLongW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetWindowTextW
MoveWindow
ShowWindow
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
BringWindowToTop
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateDialogParamW
RedrawWindow
DestroyAcceleratorTable
GetDesktopWindow
CallWindowProcW
InvalidateRgn
ReleaseCapture
SetCapture
ClientToScreen
UpdateWindow
GetClassLongW
DialogBoxParamW
SwitchToThisWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
ScreenToClient
GetCursorPos
WindowFromPoint
FindWindowW
IsIconic
GetSystemMetrics
LoadImageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
GetSysColor
CreateAcceleratorTableW

gdi32

CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
GetTextColor
GetObjectW
BitBlt
SetStretchBltMode
StretchBlt
GetDeviceCaps
GetStockObject
GetClipBox
ExcludeClipRect
SetViewportOrgEx
OffsetViewportOrgEx
TextOutW
SetTextColor
SetBkMode
CreateCompatibleBitmap
GetTextExtentPoint32W
IntersectClipRect
GetTextMetricsW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExA

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
SysStringLen
VariantClear
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCmp
SysAllocStringLen
OleCreateFontIndirect
SysAllocString

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathIsDirectoryW
PathFindFileNameW
SHSetValueW
PathFileExistsW
PathAppendW
SHGetValueA
PathIsRelativeW
SHSetValueA

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmAssociateContext

gdiplus

GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipReleaseDC
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture2
GdipAddPathEllipseI
GdipDeletePath
GdipCreatePath
GdipGraphicsClear
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipFillPath

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02260c87335b6de48d2e31cacc21685b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

imm32

gdiplus

wintrust

crypt32

netapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 293KB - Virtual size: 293KB

.data Size: 29KB - Virtual size: 57KB

.rsrc Size: 78KB - Virtual size: 78KB

.reloc Size: 149KB - Virtual size: 152KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 293KB - Virtual size: 293KB

.data
Size: 29KB - Virtual size: 57KB

.rsrc
Size: 78KB - Virtual size: 78KB

.reloc
Size: 149KB - Virtual size: 152KB