f853f6b0f6ac54ce1160709ba16e617527796a7f187fc85a4e8bdeda5ecce8e2

Sharing

Copy URL

Twitter E-mail

General

Target

f853f6b0f6ac54ce1160709ba16e617527796a7f187fc85a4e8bdeda5ecce8e2
Size

1.3MB
MD5

1c77b2b630661f0871f38990aed66f0a
SHA1

8ac7496d5ab4701f4e6cd4fedf1aef2311db2086
SHA256

f853f6b0f6ac54ce1160709ba16e617527796a7f187fc85a4e8bdeda5ecce8e2
SHA512

b1f96ad6aca54dd32d0715c7239768c02af272d5b616f110fb806f4ba85001980747bcd9242b2bd24d9c077e7251cabe661189def600ab5cb6b011f502a5a962
SSDEEP

24576:TnxiXyCB1/N0jLPmCjPsTdZTTXL2ltTgOm8UhDRb:DEz/ajLPmCjPsTdZTT72bTgOm8UhDRb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f853f6b0f6ac54ce1160709ba16e617527796a7f187fc85a4e8bdeda5ecce8e2

Files

f853f6b0f6ac54ce1160709ba16e617527796a7f187fc85a4e8bdeda5ecce8e2
.exe windows:5 windows x86 arch:x86

5c96992c3bb51797f800bfef4326dbc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\728998\out\Release\SDIS.pdb

Imports

kernel32

GetQueuedCompletionStatus
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
SetFileAttributesW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileTime
CreateFileMappingW
ExitProcess
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
VirtualQuery
VirtualProtect
DeviceIoControl
Thread32First
Thread32Next
OpenThread
RemoveDirectoryW
GetLongPathNameW
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
MapViewOfFileEx
InterlockedCompareExchange
GetVersionExW
GetSystemDirectoryW
SystemTimeToFileTime
GetModuleHandleA
SetFilePointerEx
GetThreadLocale
SetThreadLocale
GetNativeSystemInfo
ReleaseMutex
MapViewOfFile
PostQueuedCompletionStatus
UnmapViewOfFile
FlushViewOfFile
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetTimeZoneInformation
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetFileAttributesW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetSystemInfo
TerminateThread
CreateIoCompletionPort
SetEndOfFile
OpenFileMappingW
OpenMutexW
HeapFree
GetProcessHeap
HeapAlloc
GlobalSize
GlobalReAlloc
CreateWaitableTimerW
ResetEvent
SetWaitableTimer
GlobalUnlock
GlobalLock
CreateThread
GetFileSizeEx
LocalFree
lstrcpynW
ReadFile
GetFileSize
InterlockedExchange
FlushInstructionCache
MoveFileW
FreeResource
CopyFileW
GetExitCodeThread
GetCommandLineW
GlobalFree
GlobalAlloc
MoveFileExW
GetFileAttributesExW
DeleteFileW
lstrlenA
SetEvent
CreateEventW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MulDiv
FindClose
FindNextFileW
FindFirstFileW
InitializeCriticalSection
GetCurrentThreadId
SetErrorMode
GetExitCodeProcess
GetProcessId
GetCurrentProcess
TerminateProcess
LoadLibraryExW
RaiseException
lstrcmpiW
lstrlenW
CreateProcessW
GetStartupInfoW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
WaitForSingleObject
SetLastError
OutputDebugStringA
WideCharToMultiByte
GetTempPathW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
OutputDebugStringW
WriteFile
GetTickCount
GetModuleFileNameW
GetCurrentProcessId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryW
CreateMutexW
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

DestroyWindow
DefWindowProcW
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
IsWindow
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
CreateWindowExW
SetWindowLongW
GetWindowLongW
ShowWindow
PostThreadMessageW
CharNextW
GetDC
ReleaseDC
CloseDesktop
GetThreadDesktop
SendMessageW
GetUserObjectInformationW
CreateDesktopW
GetProcessWindowStation
EnumDesktopWindows
SetTimer
PostMessageW
KillTimer
EndDialog
FindWindowW
WaitForInputIdle
IsWindowVisible
SetWindowPos
SetForegroundWindow
SetActiveWindow
SetThreadDesktop
DialogBoxParamW
EnumThreadWindows
GetGUIThreadInfo
GetClientRect
GetWindowTextW
PrintWindow
UnregisterClassA
GetWindowRect
GetForegroundWindow
AttachThreadInput
BringWindowToTop
SetCursorPos
GetWindow
GetDlgCtrlID
GetParent
IsWindowEnabled
SetRectEmpty
PtInRect
SetCursor
LoadCursorW
SetRect
PostQuitMessage
GetClassInfoExW
GetLastInputInfo
GetCursorPos
SystemParametersInfoW
GetActiveWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
CopyRect
CallWindowProcW

gdi32

CreateHalftonePalette
GetPaletteEntries
GdiFlush
CreatePalette
SetDIBColorTable
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
CreateDCW
DeleteDC
BitBlt
GetObjectW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DPtoLP
GetDeviceCaps
DeleteObject
GetStockObject
SetBitmapBits

advapi32

GetSecurityInfo
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

SHGetFolderPathW
ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CoInitializeEx
CoLoadLibrary
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringByteLen
VarUI4FromStr
DispCallFunc
SysAllocStringByteLen
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathBuildRootW
PathGetDriveNumberW
PathIsPrefixW
PathFileExistsW
PathAppendW
PathCombineW
PathFindFileNameW
PathAddBackslashW
StrCmpNIW
StrCmpIW
PathRemoveFileSpecW
PathFindExtensionW
PathRenameExtensionW
PathMatchSpecW
PathIsDirectoryW
PathQuoteSpacesW
StrStrW
SHGetValueW
StrCmpW
SHSetValueW
PathCanonicalizeA
PathFindNextComponentA
StrStrIW
StrFormatByteSizeW
SHGetValueA
StrRChrW
PathIsRootW
ord176
PathCanonicalizeW
PathRemoveBackslashW
StrCpyNW
StrChrW

gdiplus

GdipCloneImage
GdiplusShutdown
GdipFree
GdipAlloc
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdiplusStartup

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

imm32

ImmDisableIME

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 895KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c96992c3bb51797f800bfef4326dbc5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

crypt32

imm32

wtsapi32

psapi

version

Sections

.text Size: 895KB - Virtual size: 894KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 25KB - Virtual size: 43KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 128KB - Virtual size: 128KB

.text
Size: 895KB - Virtual size: 894KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 25KB - Virtual size: 43KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 128KB - Virtual size: 128KB