816b8ecb3bfdf7e2a2d98ad351d2af1dbe66bff96c477bab15dc53068b49738d

Sharing

Copy URL

Twitter E-mail

General

Target

816b8ecb3bfdf7e2a2d98ad351d2af1dbe66bff96c477bab15dc53068b49738d
Size

1.3MB
MD5

81d08d232815561c5e856b2fd0ae32c0
SHA1

55474ee20a75c02b01c5df9fdc52b3bf74ff79cb
SHA256

816b8ecb3bfdf7e2a2d98ad351d2af1dbe66bff96c477bab15dc53068b49738d
SHA512

e9956916c1b74dadd295c115e79a8d84f82515b882a179681458595389f7118017bbead4c84bbd6961fdd4499ec7c703e472af5f5f3cd027558f9140e840ce4a
SSDEEP

24576:6p7MMN/5Lgud/1h6ubKhivWOE7ilnUAHyjM8ldTXZlo82qdQXqu:65LgydhhWj2UAsMATX752q8x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
816b8ecb3bfdf7e2a2d98ad351d2af1dbe66bff96c477bab15dc53068b49738d

Files

816b8ecb3bfdf7e2a2d98ad351d2af1dbe66bff96c477bab15dc53068b49738d
.exe windows:5 windows x86 arch:x86

e24669703d3a5d5ef0051126dd0d09b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\861958\out\Release\SDIS.pdb

Imports

kernel32

GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
SetFileAttributesW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileTime
CreateFileMappingW
ExitProcess
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
VirtualQuery
VirtualProtect
DeviceIoControl
Thread32First
Thread32Next
lstrcmpA
OpenThread
RemoveDirectoryW
GetLongPathNameW
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
MapViewOfFileEx
InterlockedCompareExchange
GetSystemDirectoryW
SystemTimeToFileTime
GetModuleHandleA
SetFilePointerEx
GetThreadLocale
SetThreadLocale
GetNativeSystemInfo
ReleaseMutex
FindClose
GetQueuedCompletionStatus
FindFirstFileW
GetVersion
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetTimeZoneInformation
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetFileAttributesW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
PostQueuedCompletionStatus
GetSystemInfo
TerminateThread
FindNextFileW
CreateIoCompletionPort
GetVersionExW
OpenFileMappingW
MapViewOfFile
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
GetCurrentThreadId
SetErrorMode
GetExitCodeProcess
GetProcessId
OpenMutexW
HeapFree
GetProcessHeap
HeapAlloc
GlobalSize
GlobalReAlloc
CreateWaitableTimerW
ResetEvent
SetWaitableTimer
GlobalUnlock
GlobalLock
CreateThread
GetFileSizeEx
LocalFree
lstrcpynW
ReadFile
GetFileSize
InterlockedExchange
FlushInstructionCache
MoveFileW
FreeResource
CopyFileW
GetExitCodeThread
GetCommandLineW
GlobalFree
GlobalAlloc
MoveFileExW
GetFileAttributesExW
DeleteFileW
lstrlenA
SetEvent
CreateEventW
InitializeCriticalSection
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentProcess
TerminateProcess
LoadLibraryExW
RaiseException
lstrcmpiW
lstrlenW
CreateProcessW
GetStartupInfoW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
WaitForSingleObject
SetLastError
OutputDebugStringA
WideCharToMultiByte
GetTempPathW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
OutputDebugStringW
WriteFile
Sleep
GetTickCount
GetModuleFileNameW
GetCurrentProcessId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryW
CreateMutexW
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MulDiv

user32

DestroyWindow
DefWindowProcW
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
IsWindow
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
CreateWindowExW
SetWindowLongW
GetWindowLongW
ShowWindow
PostThreadMessageW
CharNextW
GetDC
ReleaseDC
CloseDesktop
GetThreadDesktop
SendMessageW
GetUserObjectInformationW
CreateDesktopW
GetProcessWindowStation
EnumDesktopWindows
SetTimer
PostMessageW
KillTimer
EndDialog
FindWindowW
WaitForInputIdle
IsWindowVisible
SetWindowPos
SetForegroundWindow
SetActiveWindow
SetThreadDesktop
DialogBoxParamW
EnumThreadWindows
GetGUIThreadInfo
GetClientRect
GetWindowTextW
PrintWindow
UnregisterClassA
GetWindowRect
GetForegroundWindow
AttachThreadInput
BringWindowToTop
SetCursorPos
GetWindow
GetDlgCtrlID
GetParent
IsWindowEnabled
SetRectEmpty
PtInRect
SetCursor
LoadCursorW
SetRect
PostQuitMessage
GetClassInfoExW
GetLastInputInfo
GetCursorPos
SystemParametersInfoW
GetActiveWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
CopyRect
CallWindowProcW

gdi32

CreateHalftonePalette
GetPaletteEntries
GdiFlush
CreatePalette
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
GetStockObject
CreateDCW
DeleteDC
BitBlt
GetObjectW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DPtoLP
GetDeviceCaps
DeleteObject
SetBitmapBits
SetDIBColorTable

advapi32

RegOpenKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
GetSecurityInfo

shell32

SHGetFolderPathW
ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CoInitializeEx
CoLoadLibrary
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringByteLen
VarUI4FromStr
DispCallFunc
SysAllocStringByteLen
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathBuildRootW
PathGetDriveNumberW
SHSetValueA
PathFileExistsW
PathAppendW
PathCombineW
PathFindFileNameW
PathAddBackslashW
StrCmpNIW
StrCmpIW
PathRemoveFileSpecW
PathFindExtensionW
PathRenameExtensionW
PathMatchSpecW
PathIsDirectoryW
PathQuoteSpacesW
StrStrW
SHGetValueW
StrCmpW
SHSetValueW
PathCanonicalizeA
PathFindNextComponentA
StrStrIW
StrFormatByteSizeW
SHGetValueA
StrRChrW
PathIsRootW
ord176
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
StrCpyNW
StrChrW

gdiplus

GdipCloneImage
GdiplusShutdown
GdipFree
GdipAlloc
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDisposeImage
GdiplusStartup

crypt32

CryptStringToBinaryA

imm32

ImmDisableIME

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

Sections

.text
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e24669703d3a5d5ef0051126dd0d09b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

crypt32

imm32

wtsapi32

psapi

version

netapi32

Sections

.text Size: 964KB - Virtual size: 964KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 26KB - Virtual size: 46KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 139KB - Virtual size: 140KB

.text
Size: 964KB - Virtual size: 964KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 26KB - Virtual size: 46KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 139KB - Virtual size: 140KB