c39ff398feeeffb99587359e89c21e5fd6d0871c2ca9e129a20eb7ea7d00c33e

Sharing

Copy URL

Twitter E-mail

General

Target

c39ff398feeeffb99587359e89c21e5fd6d0871c2ca9e129a20eb7ea7d00c33e
Size

1.1MB
MD5

dff4e2676206e01a608a2c3c56ff9f1b
SHA1

164196b424c277e5f0a366a5d18ad8490e9cb868
SHA256

c39ff398feeeffb99587359e89c21e5fd6d0871c2ca9e129a20eb7ea7d00c33e
SHA512

75b2b76704d88acc73910cad15b69d06c02db66d7eee2294d0013c935b2e5191ee19c9cf13b1665013b5b06813d0e8b97307b67ecb60f59afbb4e7b97d917bd7
SSDEEP

24576:jSpIXpdCHJ2DwLt3h3d0pJaaA7og4867HlZ6bYNkJ9B:lCHJbQaaAqT7FZAYNg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c39ff398feeeffb99587359e89c21e5fd6d0871c2ca9e129a20eb7ea7d00c33e

Files

c39ff398feeeffb99587359e89c21e5fd6d0871c2ca9e129a20eb7ea7d00c33e
.exe windows:5 windows x86 arch:x86

e6e8b58a0ef8f399f0ee99e5a8f2f67f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\550263\out\Release\PurifySoft.pdb

Imports

kernel32

GetModuleHandleA
FindClose
GetFullPathNameW
FindFirstFileW
GetFileAttributesExW
FindNextFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
GetExitCodeProcess
OpenThread
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetProcessId
QueryInformationJobObject
MoveFileExW
SearchPathW
lstrcmpW
VirtualQuery
VirtualFree
VirtualAlloc
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
Thread32First
HeapDestroy
HeapCreate
Thread32Next
VirtualProtect
SuspendThread
GetSystemTimeAsFileTime
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetSystemInfo
SystemTimeToFileTime
SetFileAttributesW
DeleteFileW
TerminateProcess
GlobalAlloc
GlobalFree
OpenEventW
OpenFileMappingW
DeviceIoControl
CreateEventW
FileTimeToSystemTime
GetProcessHeap
CreateSemaphoreW
ReleaseSemaphore
GetThreadLocale
SetThreadLocale
GetWindowsDirectoryW
MulDiv
GetCurrentProcessId
GetLocalTime
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetVersionExW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetFileAttributesW
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
ResetEvent
CreateThread
FreeResource
GetDriveTypeW
GetLogicalDriveStringsW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetLongPathNameW
LocalFree
TlsGetValue
TlsSetValue
LoadLibraryW
GetTickCount
SetLastError
GetPrivateProfileIntW
GetPrivateProfileStringW
SetFilePointer
EnterCriticalSection
OutputDebugStringW
ExitProcess
CreateMutexW
SetErrorMode
Sleep
GetModuleFileNameW
LoadLibraryExW
RaiseException
lstrcmpiW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FreeLibrary
GetCommandLineW
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetLastError
MultiByteToWideChar
lstrlenA
GetFileSizeEx
DeleteCriticalSection
InitializeCriticalSection
SetEndOfFile
WriteFile
WideCharToMultiByte
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
GetFileSize
CreateFileW
LocalAlloc
CreateProcessW
InterlockedCompareExchange
SetEvent
InterlockedExchange
GetConsoleCP
WaitForSingleObject
LeaveCriticalSection

user32

DefWindowProcW
KillTimer
PostQuitMessage
SetTimer
ReleaseDC
TranslateMessage
GetMessageW
PeekMessageW
IsWindow
MoveWindow
SetWindowPos
MapWindowPoints
SetWindowLongW
GetWindowLongW
CallWindowProcW
CharNextW
UnregisterClassA
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
ShowWindow
DestroyWindow
RegisterClassExW
GetDC
GetIconInfo
SendMessageW
EnumDesktopWindows
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
SetFocus
SetActiveWindow
WaitForInputIdle
SetParent
LoadStringW
PostMessageW
OffsetRect
ScreenToClient
EndDialog
DialogBoxParamW
RegisterClassW
GetClassInfoW
IsWindowVisible
FindWindowW
EqualRect
SendMessageTimeoutW
PtInRect
GetCursorPos
SetForegroundWindow
ClientToScreen
CopyRect
PostThreadMessageW
CreateWindowExW
LoadCursorW
GetClassInfoExW
DispatchMessageW

gdi32

DPtoLP
CreateFontIndirectW
GetDeviceCaps
GetBitmapBits
GetDIBits
DeleteDC
DeleteObject
GetObjectW

advapi32

RegCreateKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
LookupAccountSidW
GetTokenInformation
DuplicateToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameW
RegEnumValueW
RegEnumKeyW
RegOpenKeyW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
ord165

ole32

CoLoadLibrary
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadTypeLi
SysStringLen
LoadRegTypeLi
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
DispCallFunc
VarUI4FromStr
SafeArrayGetVartype
SafeArrayCopy
VariantCopy
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock

shlwapi

PathCanonicalizeW
StrCmpIW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFindExtensionW
PathIsDirectoryW
StrCmpNIW
StrStrW
StrRStrIW
SHDeleteValueW
PathIsPrefixW
SHSetValueW
SHGetValueW
StrStrIW
PathAddBackslashW
StrToIntW
PathCombineW
PathAppendW
PathFileExistsW
PathFindFileNameW

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

imm32

ImmDisableIME

psapi

GetModuleInformation
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

version

VerQueryValueW

msi

ord217
ord173

Sections

.text
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6e8b58a0ef8f399f0ee99e5a8f2f67f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

imm32

psapi

version

msi

Sections

.text Size: 765KB - Virtual size: 764KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 25KB - Virtual size: 41KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 123KB - Virtual size: 124KB

.text
Size: 765KB - Virtual size: 764KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 25KB - Virtual size: 41KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 123KB - Virtual size: 124KB