7ad55a7653a8f880845d9e5d265cbe2612239aab49d53d83c0688bd80bafcfce

Sharing

Copy URL Twitter E-mail

General

Target

7ad55a7653a8f880845d9e5d265cbe2612239aab49d53d83c0688bd80bafcfce
Size

4.2MB
MD5

f9471eaca1ab5ca784e1d57a5fd0abfd
SHA1

f18cd1fc60d16c892064a42ea13c12f25745c801
SHA256

7ad55a7653a8f880845d9e5d265cbe2612239aab49d53d83c0688bd80bafcfce
SHA512

b0dbdced6a060d4fb318d339f10a7eec759c0f93f582b70b432b226406e3a258345a7f71ce6748c1bb091d9865044cb2510810d19224b00f731cdc667b173ff1
SSDEEP

98304:yn7JD3uUP8MwH5zNrjLWa2uBivNtxZ+DU:ytD3R8MwZzNrxL88U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ad55a7653a8f880845d9e5d265cbe2612239aab49d53d83c0688bd80bafcfce

Files

7ad55a7653a8f880845d9e5d265cbe2612239aab49d53d83c0688bd80bafcfce
.exe windows:5 windows x86 arch:x86

e00f4dfba4d7fcb392e643bbf26f5457

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\730374\out\Release\SoftMgrLite.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
InterlockedCompareExchange
Thread32First
HeapDestroy
HeapCreate
Thread32Next
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
QueryPerformanceFrequency
QueryPerformanceCounter
PulseEvent
GlobalMemoryStatusEx
MapViewOfFileEx
GetThreadLocale
SetThreadLocale
SetFilePointerEx
FlushViewOfFile
GlobalFree
RemoveDirectoryW
IsBadReadPtr
GetVolumeInformationW
GetProcessHeap
Process32FirstW
Process32NextW
GetNativeSystemInfo
ResetEvent
CreateIoCompletionPort
TerminateThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateSemaphoreW
ReleaseSemaphore
OpenFileMappingW
SetThreadAffinityMask
GetCurrentThread
DuplicateHandle
SetThreadPriority
CreateMutexW
SetFileTime
GetFileTime
VirtualQuery
GetStdHandle
OpenMutexW
ReleaseMutex
FlushFileBuffers
LoadLibraryA
GetPrivateProfileStructW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
ExitProcess
GetTimeZoneInformation
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
IsProcessorFeaturePresent
HeapSize
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetModuleFileNameA
CreateDirectoryW
WritePrivateProfileStructW
GetExitCodeThread
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx
GetStartupInfoW
GetWindowsDirectoryW
WaitForMultipleObjects
GetSystemInfo
GetFileSize
InterlockedExchange
CreateProcessW
ExpandEnvironmentStringsW
GetFileAttributesExW
MoveFileExW
GetFileSizeEx
SetSystemPowerState
GetDriveTypeW
GetLogicalDriveStringsW
SetProcessWorkingSetSize
SystemTimeToFileTime
GetLocalTime
lstrcmpW
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetTempFileNameW
GetTempPathW
GetCommandLineW
GetExitCodeProcess
GetProcessId
SetLastError
GetTickCount
CreateThread
CreateEventW
SetEvent
lstrlenA
GetEnvironmentVariableW
lstrcmpiA
lstrcmpA
WideCharToMultiByte
lstrcpyW
FlushInstructionCache
GetVersion
DeviceIoControl
TerminateProcess
WritePrivateProfileStringW
OpenEventW
GetCurrentThreadId
GetVersionExW
SetErrorMode
CopyFileW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
OutputDebugStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
VirtualProtect
GetModuleHandleA
WaitForSingleObject
GetCurrentProcess
SetFilePointer
WriteFile
GetLastError
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
OpenProcess
LeaveCriticalSection
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcessId
MulDiv
GetModuleFileNameW
Sleep
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLongPathNameW
CloseHandle

user32

InvalidateRgn
FillRect
ReleaseCapture
ScreenToClient
CreateAcceleratorTableW
RedrawWindow
GetSysColor
EndPaint
BeginPaint
GetWindowTextLengthW
RegisterWindowMessageW
SetActiveWindow
UpdateWindow
keybd_event
PostQuitMessage
UnhookWinEvent
CopyRect
UnregisterClassA
FindWindowW
IsWindow
FindWindowExW
EnumWindows
GetClassNameW
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
UnhookWindowsHookEx
IntersectRect
EqualRect
GetDC
ReleaseDC
GetSystemMetrics
CharNextW
DefWindowProcW
DispatchMessageW
SetWindowsHookExW
UnregisterHotKey
WaitForInputIdle
wsprintfW
GetAncestor
GetWindowInfo
EnumChildWindows
ChildWindowFromPointEx
IsIconic
SetLayeredWindowAttributes
DrawIconEx
IsClipboardFormatAvailable
GetForegroundWindow
SetForegroundWindow
LockWorkStation
ExitWindowsEx
GetIconInfo
LoadStringW
LoadIconW
LoadStringA
EndMenu
CreatePopupMenu
TrackPopupMenu
AppendMenuW
DestroyMenu
MonitorFromPoint
GetMonitorInfoW
GetMenuItemCount
GetMenuStringW
GetMenuItemID
GetMenuDefaultItem
LoadMenuW
GetSubMenu
CheckMenuItem
DeleteMenu
SetWindowRgn
AttachThreadInput
BringWindowToTop
DrawTextW
SetCursor
InflateRect
LoadImageW
DestroyIcon
PrivateExtractIconsW
OpenClipboard
CloseClipboard
SetWinEventHook
SendNotifyMessageW
InvalidateRect
GetDesktopWindow
DestroyAcceleratorTable
GetClipboardData
IsChild
GetFocus
TrackMouseEvent
LoadCursorW
GetClassInfoExW
GetKeyNameTextW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
GetActiveWindow
CallWindowProcW
GetParent
SetWindowPos
ShowWindow
IsWindowVisible
GetWindowRect
UpdateLayeredWindow
GetDlgItem
SetRectEmpty
MoveWindow
IsRectEmpty
WindowFromPoint
OffsetRect
GetWindow
RegisterClassExW
CreateWindowExW
SendMessageTimeoutW
GetClientRect
PrintWindow
KillTimer
SetTimer
GetCursorPos
PtInRect
PostMessageW
SetFocus
SetRect
SystemParametersInfoW
SetWindowTextW
GetDoubleClickTime
RegisterHotKey
MapWindowPoints
MonitorFromWindow
IsWindowEnabled
CallNextHookEx
ClientToScreen
SetCapture
MsgWaitForMultipleObjects
GetShellWindow
GetCapture
GetWindowTextW
GetLastInputInfo
EnableWindow
MapVirtualKeyW

gdi32

StretchBlt
SetStretchBltMode
SetPixel
CombineRgn
CreateRectRgn
Rectangle
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
SetTextColor
SetBkMode
GetTextColor
SelectClipRgn
CreateRoundRectRgn
CreateFontW
GetCurrentObject
GetObjectType
CreateSolidBrush
BitBlt
GetDeviceCaps
DeleteObject
CreateCompatibleDC
SelectObject
GetBitmapBits
SetBitmapBits
DeleteDC
CreateCompatibleBitmap
GetObjectW
SetTextCharacterExtra
SetBkColor
TextOutW
ExtCreatePen
MoveToEx
LineTo
SetViewportOrgEx
CreateDIBSection
CreateFontIndirectW
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegNotifyChangeKeyValue
RegEnumKeyW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

shell32

SHBindToParent
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
ord18
SHAddToRecentDocs
ord155
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
DragFinish
SHParseDisplayName

ole32

OleUninitialize
CoLoadLibrary
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

StrCmpNIW
UrlGetPartW
PathIsRootW
PathIsRelativeW
PathFindExtensionW
SHSetValueA
SHGetValueA
PathIsNetworkPathW
PathCombineW
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
StrCpyW
SHSetValueW
StrCpyNW
PathIsDirectoryW
PathCanonicalizeW
ord176
StrCmpIW
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

gdiplus

GdipCreateTexture2I
GdipTranslateTextureTransform
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipBitmapGetPixel
GdipScaleTextureTransform
GdipGetImageGraphicsContext
GdipFillEllipse
GdipCreatePen1
GdiplusStartup
GdipGetImagePixelFormat
GdiplusShutdown
GdipDeletePen
GdipDrawRectangleI
GdipCreateLineBrushFromRectI
GdipCreateBitmapFromStream
GdipFillPath
GdipFillEllipseI
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipSetInterpolationMode
GdipDeletePath
GdipCreatePath
GdipGetAllPropertyItems
GdipGetPropertySize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectRect
GdipDrawImageRectI
GdipFillRectangleI
GdipBitmapLockBits
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDrawString
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetSolidFillColor
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage

iphlpapi

GetIpAddrTable
GetAdaptersAddresses
GetAdaptersInfo

imm32

ImmReleaseContext
ImmAssociateContext
ImmDisableIME
ImmGetContext

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleInformation
GetProcessImageFileNameW
GetModuleFileNameExW

wininet

InternetOpenW
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetCrackUrlW
InternetConnectW

setupapi

SetupIterateCabinetW

msi

ord173
ord217

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 65KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e00f4dfba4d7fcb392e643bbf26f5457

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

crypt32

gdiplus

iphlpapi

imm32

netapi32

version

psapi

wininet

setupapi

msi

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 681KB - Virtual size: 680KB

.data Size: 65KB - Virtual size: 93KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 251KB - Virtual size: 252KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 681KB - Virtual size: 680KB

.data
Size: 65KB - Virtual size: 93KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 251KB - Virtual size: 252KB