d302da335cd5c5563cc7f21343af82a98de4ce094a478c1510661f9f5d18a63a

Sharing

Copy URL Twitter E-mail

General

Target

d302da335cd5c5563cc7f21343af82a98de4ce094a478c1510661f9f5d18a63a
Size

419KB
MD5

6a36fe74171d513e1f009cf114c0be5b
SHA1

d231d1da7202c12e5ec10e8d8a194a5780d8df6c
SHA256

d302da335cd5c5563cc7f21343af82a98de4ce094a478c1510661f9f5d18a63a
SHA512

7985101f5677612265310980259176976e4c4d54ccd58a269b0b96b6058f997c4093d8203c984656fe3b54e7af77f490f66bb03f2d338c816382fc241a003fb0
SSDEEP

6144:FssYBmQ9ykxESRnHFyLTzqw2Rl6KjRmpTyzMqrRXVHysylNAJ1Np9aN:kxykxpRnHcz2RnCyzhRFSRaJt9aN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d302da335cd5c5563cc7f21343af82a98de4ce094a478c1510661f9f5d18a63a

Files

d302da335cd5c5563cc7f21343af82a98de4ce094a478c1510661f9f5d18a63a
.exe windows:5 windows x86 arch:x86

e0b9a8ff7b78a0497f110a033180f8ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\615391\out\Release\360SwitchTips.pdb

Imports

kernel32

LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
SetErrorMode
LockResource
FindResourceExW
SetCurrentDirectoryW
GetCurrentProcess
FlushInstructionCache
SetLastError
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateMutexW
CloseHandle
WideCharToMultiByte
GetTickCount
SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
CreateFileW
DeviceIoControl
GetCurrentProcessId
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
GetSystemDirectoryW
SetFilePointer
ReadFile
FindResourceW
HeapDestroy
HeapAlloc
LoadResource
GetModuleHandleExW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
GetLocaleInfoW
GetConsoleMode
SizeofResource
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
HeapCreate
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsAlloc
ReleaseMutex
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
WriteFile
SetFilePointerEx
GetProcAddress
GetConsoleCP
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LoadLibraryW

user32

CreateWindowExW
FindWindowW
IsIconic
SetWindowLongW
LoadCursorW
TranslateMessage
GetClassInfoExW
RegisterClassExW
DestroyWindow
MessageBoxW
GetActiveWindow
DefWindowProcW
PeekMessageW
GetMessageW
PostMessageW
BringWindowToTop
SetForegroundWindow
LoadImageW
GetSystemMetrics
SendMessageW
SetWindowPos
GetWindowLongW
DispatchMessageW
ShowWindow
CharNextW
UnregisterClassA
wsprintfW
CallWindowProcW
SwitchToThisWindow
SetActiveWindow
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
GetLastInputInfo
KillTimer
PostQuitMessage
SetTimer
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
DisableProcessWindowsGhosting
SetWindowTextW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExA
RegDeleteKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr

shlwapi

SHSetValueW
PathAppendW
PathAddBackslashW
PathFileExistsW
StrCmpNIW
SHGetValueW
PathCombineW
PathRemoveFileSpecW
PathIsRelativeW
PathCanonicalizeW

comctl32

InitCommonControlsEx

version

VerQueryValueW

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e0b9a8ff7b78a0497f110a033180f8ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 9KB - Virtual size: 22KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 78KB - Virtual size: 80KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 9KB - Virtual size: 22KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 78KB - Virtual size: 80KB