833a4a08ac2010bad8b238de0569dd926375b095f528e839af005654d476753e

Sharing

Copy URL

Twitter E-mail

General

Target

833a4a08ac2010bad8b238de0569dd926375b095f528e839af005654d476753e
Size

2.1MB
MD5

4dc19289b55e8e2993139fd0b07796c7
SHA1

ea882847f477d2fad0a5be1d8553d9b21a92f90c
SHA256

833a4a08ac2010bad8b238de0569dd926375b095f528e839af005654d476753e
SHA512

9488c3f626ec84497d20471573ebe136855a8d3d06ded789b835178efae37408cd12d97fe82347c0e12d2dce59f380d91d15cfbfe69a3a4951b6f851835e11df
SSDEEP

49152:U7ds9WB8RXDZaTy0uE4oNUS0f2WQOTMwLmtXVblTm:4d/GaLuE4BS0uWEFu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833a4a08ac2010bad8b238de0569dd926375b095f528e839af005654d476753e

Files

833a4a08ac2010bad8b238de0569dd926375b095f528e839af005654d476753e
.exe windows:5 windows x86 arch:x86

405c12ca22f6c36b6b3f756ead7d611a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\726983\out\Release\SoftupNotify.pdb

Imports

kernel32

GlobalLock
GlobalUnlock
GetTempPathW
GetTempFileNameW
InterlockedCompareExchange
InterlockedExchange
SetEndOfFile
CopyFileW
SystemTimeToFileTime
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
SetFileTime
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenEventW
MapViewOfFile
FlushViewOfFile
DeviceIoControl
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
SetThreadLocale
GetVersionExW
GetWindowsDirectoryA
GetSystemDirectoryW
GetModuleHandleA
GlobalMemoryStatusEx
lstrcmpA
OpenThread
SuspendThread
ResumeThread
OutputDebugStringA
GetNativeSystemInfo
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetFilePointerEx
EnumResourceNamesW
FreeResource
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
LoadLibraryExA
FindResourceExA
UpdateResourceA
GetModuleFileNameA
CreateFileA
ExpandEnvironmentStringsA
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
WaitForMultipleObjects
FindNextFileW
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetSystemTimes
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcmpiA
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceCounter
RemoveDirectoryA
DeleteFileA
FileTimeToSystemTime
OpenEventA
OpenMutexW
ReleaseMutex
SetThreadPriority
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
RtlUnwind
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
SetEvent
ResetEvent
GetLocalTime
MoveFileA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetSystemInfo
CreateEventW
GetFileAttributesExW
lstrcpynW
GlobalSize
GlobalReAlloc
GlobalFree
GlobalAlloc
GetFullPathNameW
FindFirstFileW
MulDiv
MoveFileW
FreeConsole
GetConsoleWindow
AllocConsole
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
Sleep
GetStartupInfoW
LoadLibraryExW
lstrcmpiW
ReadFile
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetLastError
MultiByteToWideChar
lstrlenA
CreateThread
TerminateProcess
WaitForSingleObject
GetModuleHandleW
GetTickCount
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
ExitProcess
GetFileSize
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
OpenFileMappingW
MapViewOfFileEx
GetLongPathNameW
GetFileSizeEx
WritePrivateProfileStringW
RemoveDirectoryW
LocalFree
OpenProcess
GetFileAttributesW
MoveFileExW
CreateDirectoryW
CreateEventA
FindClose
lstrlenW
GetCommandLineW
LoadLibraryW
GetCurrentProcessId
GetProcAddress
FreeLibrary
WriteFile
InitializeCriticalSection
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
GetFileTime

user32

IsWindow
MessageBoxW
SendMessageTimeoutW
FindWindowW
DefWindowProcW
CharNextW
SetWindowLongW
DialogBoxParamW
GetActiveWindow
DestroyWindow
UnregisterClassA
GetWindowTextA
SetPropW
OffsetRect
BeginPaint
EndPaint
CreatePopupMenu
AppendMenuW
SetActiveWindow
SetForegroundWindow
MessageBoxA
IsChild
FindWindowA
GetClassNameA
WaitForInputIdle
LoadStringA
GetWindowTextW
GetSystemMetrics
GetCursorInfo
SetCursorPos
ShowCursor
GetWindowRect
SetWindowPos
GetDC
ReleaseDC
GetClassNameW
FindWindowExW
EnumWindows
GetWindowThreadProcessId
SendMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetWindowLongW
CallWindowProcW
SetWindowTextW
SetTimer
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
KillTimer
CopyRect
InflateRect
GetCursorPos
ScreenToClient
ShowWindow
PostMessageW
EndDialog
WindowFromPoint
GetLastInputInfo
PtInRect
RegisterWindowMessageW
LoadIconW
PostQuitMessage
MoveWindow
GetPropW
CreateIconIndirect
GetIconInfo
IsWindowVisible
SetCursor
IsDialogMessageW
PostThreadMessageW
MonitorFromPoint
DestroyMenu
TrackPopupMenu
GetSubMenu
ClientToScreen
UpdateLayeredWindow
LoadMenuW
GetDesktopWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetAsyncKeyState
mouse_event
keybd_event
GetDlgItem
MsgWaitForMultipleObjects
SystemParametersInfoW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectW
CreateDIBSection
GetDIBits
GetBitmapBits
BitBlt
SetBkColor
ExtTextOutW
DPtoLP
CreateBitmap

advapi32

RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueW
ConvertSidToStringSidW
IsValidSid
LookupAccountNameW
GetUserNameW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

SHCreateDirectoryExA
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathA

ole32

PropVariantClear
CoLoadLibrary
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SysAllocStringByteLen
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

shlwapi

PathRemoveFileSpecA
PathStripPathW
PathIsRelativeW
PathIsRootW
StrToInt64ExA
StrRStrIW
StrRChrW
PathFileExistsA
StrCpyNW
PathCanonicalizeW
PathUnquoteSpacesW
PathQuoteSpacesW
StrFormatByteSizeW
PathFindNextComponentA
PathCanonicalizeA
PathAppendA
ord176
StrStrIA
SHGetValueA
PathFindFileNameA
PathRemoveExtensionA
StrCmpNIA
StrRStrIA
PathIsDirectoryA
StrFormatByteSizeA
PathAddBackslashA
ord12
StrStrA
PathIsRelativeA
SHStrDupW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
SHSetValueW
StrCmpIW
PathAddBackslashW
StrCmpNIW
StrChrW
StrStrIW
SHDeleteValueW
PathIsPrefixW
StrDupW
PathFindExtensionW
PathIsDirectoryW
SHDeleteKeyW
SHSetValueA

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFile
GdipFree
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDrawImagePointRectI
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipImageRotateFlip
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc

comctl32

_TrackMouseEvent
InitCommonControlsEx

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

setupapi

SetupIterateCabinetW

netapi32

Netbios

psapi

GetModuleFileNameExW

msi

ord173
ord217

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

405c12ca22f6c36b6b3f756ead7d611a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

iphlpapi

imm32

version

wintrust

setupapi

netapi32

psapi

msi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 339KB - Virtual size: 339KB

.data Size: 36KB - Virtual size: 58KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 188KB - Virtual size: 192KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 339KB - Virtual size: 339KB

.data
Size: 36KB - Virtual size: 58KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 188KB - Virtual size: 192KB