03a8b34f2723026f751a7a1235b5b1e636bc3b249feb544cb33f12c72ec23652

Sharing

Copy URL

Twitter E-mail

General

Target

03a8b34f2723026f751a7a1235b5b1e636bc3b249feb544cb33f12c72ec23652
Size

3.8MB
MD5

e42ba647afdce9058d301f56da1b1003
SHA1

5a86ec5f96a21f85d8c774ea4a7998a5e5f63684
SHA256

03a8b34f2723026f751a7a1235b5b1e636bc3b249feb544cb33f12c72ec23652
SHA512

525cd7d741c7b6e2b72a5d9a78a65709ebbb16a41d3f57d437e98a90227dd43f5cb278a56b04e68aa942856fcbb498201b264f5fa294884c56d13ddb8e7d920c
SSDEEP

49152:LfINtH363dZShZ+IzmJCKFfbu+1S8MMjYGDTu9LK0kj3iVdzbzB7cJf9:7Sot81yoKFfbu+1S8dAK0kj3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a8b34f2723026f751a7a1235b5b1e636bc3b249feb544cb33f12c72ec23652

Files

03a8b34f2723026f751a7a1235b5b1e636bc3b249feb544cb33f12c72ec23652
.exe windows:5 windows x86 arch:x86

f8ddee0b25288c1227143376101496be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\731227\out\Release\SoftMgr.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
CopyFileW
OpenThread
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
SystemTimeToFileTime
LocalFileTimeToFileTime
QueryInformationJobObject
GetLocalTime
GetFileSize
FreeResource
OpenEventW
CreateThread
lstrcpynW
GetStartupInfoW
MoveFileW
VirtualQuery
GetSystemTimeAsFileTime
FindFirstFileA
FindNextFileA
FormatMessageA
GetModuleFileNameA
LoadLibraryExA
RemoveDirectoryW
DeviceIoControl
GetVolumeInformationW
HeapAlloc
GetProcessHeap
HeapFree
OpenFileMappingW
MapViewOfFileEx
GetWindowsDirectoryA
GetModuleHandleA
GetThreadLocale
SetThreadLocale
SetFilePointerEx
ExpandEnvironmentStringsA
CreateFileA
OutputDebugStringA
lstrcpyW
GetProcessId
lstrcmpA
SuspendThread
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
ProcessIdToSessionId
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
MoveFileA
GetFileTime
GetFileAttributesA
GetSystemTimes
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcmpiA
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesW
GetVersion
UpdateResourceW
EndUpdateResourceW
FindResourceExA
UpdateResourceA
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceCounter
DuplicateHandle
RemoveDirectoryA
DeleteFileA
CreateEventA
OpenEventA
OpenMutexW
ReleaseMutex
SetThreadPriority
SetFileTime
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreatePipe
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
RtlUnwind
GetDateFormatA
GetTimeFormatA
CreateProcessA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExW
WaitForMultipleObjects
GetLongPathNameW
SearchPathW
InterlockedCompareExchange
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetDriveTypeW
GetLogicalDriveStringsW
GetWindowsDirectoryW
GetSystemDirectoryW
GetExitCodeProcess
MapViewOfFile
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
CreateDirectoryW
WritePrivateProfileStringW
GetTempFileNameW
GetTempPathW
lstrcmpW
MulDiv
LocalFree
LocalAlloc
GetNativeSystemInfo
ResetEvent
GetExitCodeThread
GlobalMemoryStatusEx
GetSystemInfo
TerminateThread
GetCommandLineW
GlobalAddAtomW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileSizeEx
GetFileAttributesExW
lstrlenA
OpenProcess
GetEnvironmentVariableW
SetEvent
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
ExpandEnvironmentStringsW
LoadLibraryW
GetTickCount
FlushInstructionCache
WideCharToMultiByte
GetCurrentThreadId
Sleep
GetPrivateProfileIntW
OutputDebugStringW
WriteFile
SetErrorMode
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
MultiByteToWideChar
EnterCriticalSection
CloseHandle
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetLastError
ReadFile
SetFilePointer
CreateFileW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
CreateEventW
WaitForSingleObject
BeginUpdateResourceA

user32

DestroyMenu
MsgWaitForMultipleObjects
UnregisterClassA
CharNextW
FindWindowW
SetForegroundWindow
MessageBoxW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
SetWindowLongW
GetActiveWindow
SendMessageTimeoutW
DialogBoxParamW
GetWindowLongW
CallWindowProcW
ClientToScreen
GetWindowRect
ShowWindow
GetDlgItem
GetForegroundWindow
SetRect
SubtractRect
EndDialog
EqualRect
InflateRect
AttachThreadInput
IsChild
DestroyAcceleratorTable
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
CreateAcceleratorTableW
GetSysColor
GetClassNameW
EndPaint
BeginPaint
RegisterWindowMessageW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
wsprintfW
SetParent
WindowFromPoint
GetIconInfo
CreateIconIndirect
GetClassInfoW
RegisterClassW
ExitWindowsEx
IntersectRect
TrackMouseEvent
IsRectEmpty
LoadIconW
SetCursor
MessageBoxA
SetTimer
UpdateLayeredWindow
KillTimer
PostMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SendMessageW
IsWindow
CopyRect
GetMessageW
TranslateMessage
DispatchMessageW
WaitForInputIdle
GetWindowPlacement
FindWindowExW
SetFocus
GetWindowThreadProcessId
SendMessageA
GetDesktopWindow
IsWindowEnabled
EnableWindow
SetWindowPos
SetActiveWindow
BringWindowToTop
IsWindowVisible
PeekMessageW
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
RedrawWindow
UpdateWindow
MoveWindow
GetWindowTextA
SetWindowTextW
SystemParametersInfoW
OffsetRect
CreatePopupMenu
CreateDialogParamW
PtInRect
ScreenToClient
GetCursorPos
UnregisterHotKey
RegisterHotKey
PostQuitMessage
IsZoomed
GetSystemMetrics
LoadImageW
DestroyIcon
InvalidateRect
GetWindowTextLengthW
GetWindowTextW
GetFocus
FindWindowA
GetClassNameA
MonitorFromPoint
AppendMenuW
TrackPopupMenu
keybd_event
mouse_event
GetAsyncKeyState
ShowCursor
SetCursorPos
GetCursorInfo
LoadStringA
EnumWindows
EnumDesktopWindows
GetLastInputInfo

gdi32

CreateSolidBrush
GetDIBits
BitBlt
CreateFontIndirectW
DPtoLP
GetObjectW
GetStockObject
SetTextColor
CreateCompatibleBitmap
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
SetBkMode
SetStretchBltMode
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
GetBitmapBits
CreateBitmap

advapi32

RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegEnumValueW
LookupAccountNameW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW
RegEnumKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
DuplicateToken
ConvertSidToStringSidW

shell32

SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHAppBarMessage
DragAcceptFiles
SHGetSpecialFolderPathW
ord165
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitializeEx
StringFromCLSID
CoLoadLibrary

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VarUI4FromStr
VariantInit
VarBstrCmp
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
LoadTypeLi
LoadRegTypeLi
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantClear

shlwapi

StrFormatByteSizeW
PathQuoteSpacesW
SHDeleteKeyW
UrlIsW
PathUnquoteSpacesW
StrStrW
SHDeleteValueW
ord176
PathCanonicalizeW
StrRChrW
PathAppendA
PathRemoveExtensionW
PathStripPathW
StrChrW
PathRemoveBackslashW
StrToInt64ExA
PathFindExtensionW
PathIsDirectoryW
PathRemoveFileSpecA
SHSetValueW
StrToIntW
StrCmpIW
StrCmpW
StrStrIW
PathFindFileNameW
PathAppendW
SHGetValueW
PathCombineW
PathRemoveFileSpecW
StrCmpNIW
PathFileExistsW
PathAddBackslashW
PathBuildRootW
PathGetDriveNumberW
PathIsRootW
PathIsPrefixW
StrStrIA
StrCpyNW
UrlGetPartW
StrCmpNIA
StrRStrIA
StrRStrIW
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
SHGetValueA
PathIsDirectoryA
StrFormatByteSizeA
PathIsRelativeW
PathAddBackslashA
ord12
StrStrA
SHSetValueA
SHStrDupW
PathIsRelativeA

gdiplus

GdipFree
GdipSetPropertyItem
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipBitmapSetResolution
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipCloneBitmapAreaI
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetImageFlags
GdipGetImageRawFormat
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetPropertySize
GdipGetAllPropertyItems
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipSetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipAlloc

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CertGetNameStringW
CryptStringToBinaryA
CryptBinaryToStringA

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

iphlpapi

GetNetworkParams

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW
EnumProcessModules

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_ntoa

wininet

InternetCrackUrlW

msi

ord173
ord217

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

setupapi

SetupIterateCabinetW

netapi32

Netbios

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 86KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8ddee0b25288c1227143376101496be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

crypt32

comctl32

msimg32

iphlpapi

version

psapi

urlmon

ws2_32

wininet

msi

wtsapi32

wintrust

setupapi

netapi32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 612KB - Virtual size: 611KB

.data Size: 86KB - Virtual size: 123KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 294KB - Virtual size: 296KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 612KB - Virtual size: 611KB

.data
Size: 86KB - Virtual size: 123KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 294KB - Virtual size: 296KB