General

Malware Config

Signatures

Files

• 7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e.zip

  .zip

  Password: infected

• 7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e.exe

  .exe windows:5 windows x86 arch:x86

  Password: infected

  a8311b6d98c1262cc1ec0eab47dbfe32

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb

  Imports

  kernel32

  ExitThread

  CreateThread

  ExitProcess

  GetStartupInfoW

  RtlUnwind

  HeapReAlloc

  HeapSize

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringW

  GetStdHandle

  GetModuleFileNameA

  GetTimeFormatA

  GetDateFormatA

  HeapCreate

  HeapDestroy

  VirtualFree

  VirtualAlloc

  GetConsoleCP

  GetConsoleMode

  LCMapStringA

  SetHandleCount

  GetFileType

  GetStartupInfoA

  InitializeCriticalSectionAndSpinCount

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetStringTypeA

  GetStringTypeW

  IsDebuggerPresent

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  GetProcessHeap

  CreateFileA

  SetEnvironmentVariableA

  SetUnhandledExceptionFilter

  HeapAlloc

  TerminateProcess

  GetFileSizeEx

  LocalFileTimeToFileTime

  GetLocaleInfoW

  CompareStringA

  GetShortPathNameW

  SetEndOfFile

  FlushFileBuffers

  GlobalFlags

  GlobalAddAtomW

  GlobalFindAtomW

  lstrcmpiA

  GetTempFileNameW

  OpenMutexW

  ReleaseMutex

  HeapWalk

  HeapLock

  OpenThread

  HeapUnlock

  OutputDebugStringW

  SetFilePointerEx

  IsProcessorFeaturePresent

  GlobalDeleteAtom

  LoadLibraryA

  GetVersionExA

  UnhandledExceptionFilter

  HeapFree

  lstrlenA

  lstrcmpA

  CompareStringW

  TlsFree

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  GlobalHandle

  GlobalReAlloc

  TlsGetValue

  GetFullPathNameW

  GetLogicalDriveStringsW

  DeviceIoControl

  InterlockedExchange

  MoveFileW

  GetFileAttributesW

  RemoveDirectoryW

  FindClose

  FindNextFileW

  FindFirstFileW

  QueryPerformanceCounter

  SetFileAttributesW

  lstrcmpW

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  SetErrorMode

  SetEnvironmentVariableW

  GetCommandLineW

  ExpandEnvironmentStringsW

  lstrcmpiW

  lstrlenW

  SetFilePointer

  InterlockedIncrement

  ProcessIdToSessionId

  FreeResource

  GetSystemWindowsDirectoryW

  LocalAlloc

  SystemTimeToFileTime

  GetModuleHandleA

  GetTimeZoneInformation

  LocalFree

  GlobalFree

  CreateMutexW

  FreeConsole

  GetCurrentProcessId

  LoadLibraryExW

  GetTempPathW

  GetDriveTypeW

  GetWindowsDirectoryW

  GetUserDefaultUILanguage

  SetCurrentDirectoryW

  GetPrivateProfileStringW

  GetPrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  Sleep

  InterlockedCompareExchange

  GetVersionExW

  GetModuleFileNameW

  MultiByteToWideChar

  WriteFile

  ReadFile

  GetFileSize

  CreateFileW

  CopyFileW

  FreeLibrary

  LoadLibraryW

  GetModuleHandleW

  GetProcAddress

  InterlockedDecrement

  MulDiv

  GetCurrentProcess

  SetEvent

  CreateEventW

  ResetEvent

  GetTickCount

  WaitForSingleObject

  WideCharToMultiByte

  GetSystemTimeAsFileTime

  DeleteFileW

  GetVersion

  GetSystemDirectoryW

  SetLastError

  RaiseException

  DeleteCriticalSection

  InitializeCriticalSection

  CreateProcessW

  GetLastError

  OpenProcess

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  CloseHandle

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  FlushInstructionCache

  GetUserDefaultLCID

  user32

  GetWindowTextW

  GetWindowTextLengthW

  RedrawWindow

  DrawTextW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  SetWindowTextW

  GetWindow

  MonitorFromWindow

  MapWindowPoints

  IsRectEmpty

  IsDialogMessageW

  GetClientRect

  DrawIconEx

  DestroyIcon

  GetActiveWindow

  MessageBoxW

  InvalidateRect

  MonitorFromRect

  PostQuitMessage

  UnhookWindowsHookEx

  GetLastActivePopup

  GetSubMenu

  GetMenuItemCount

  GetMenuItemID

  GetMenuState

  ValidateRect

  CallNextHookEx

  SetWindowsHookExW

  GetSysColorBrush

  CheckMenuItem

  EnableMenuItem

  ModifyMenuW

  SetCursor

  GetDlgCtrlID

  GetKeyState

  GetWindowDC

  BeginPaint

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  DefWindowProcW

  CallWindowProcW

  GetWindowThreadProcessId

  FindWindowW

  SendMessageTimeoutW

  IsWindow

  KillTimer

  GetMenuCheckMarkDimensions

  DestroyWindow

  GetWindowPlacement

  ShowWindow

  SetTimer

  IsWindowVisible

  RegisterClassExW

  GetClassInfoExW

  SetMenu

  GetMessageTime

  GetTopWindow

  RemovePropW

  GetPropW

  SetPropW

  GetCapture

  WinHelpW

  DestroyMenu

  TabbedTextOutW

  DrawTextExW

  GrayStringW

  EndPaint

  SetCapture

  ReleaseCapture

  GetClassLongW

  SetClassLongW

  BringWindowToTop

  SwitchToThisWindow

  GetSystemMetrics

  CharNextW

  PeekMessageW

  DestroyAcceleratorTable

  InvalidateRgn

  FillRect

  CreateAcceleratorTableW

  GetSysColor

  GetClassNameW

  GetDlgItem

  IsChild

  LoadImageW

  LoadIconW

  GetDesktopWindow

  LoadCursorW

  CreateWindowExW

  EnableWindow

  GetParent

  SendMessageW

  SetWindowPos

  LoadStringW

  UnregisterClassA

  SetFocus

  IsWindowEnabled

  SetRectEmpty

  RegisterWindowMessageW

  GetDC

  ReleaseDC

  GetFocus

  CopyRect

  OffsetRect

  ClientToScreen

  GetMessagePos

  PtInRect

  ScreenToClient

  MoveWindow

  GetWindowRect

  GetMonitorInfoW

  AllowSetForegroundWindow

  GetForegroundWindow

  AttachThreadInput

  SetForegroundWindow

  SetActiveWindow

  SetMenuItemBitmaps

  IsIconic

  SystemParametersInfoA

  GetMenu

  AdjustWindowRectEx

  RegisterClassW

  PostMessageW

  GetKeyboardState

  keybd_event

  GetClassInfoW

  gdi32

  ScaleWindowExtEx

  PtVisible

  SetWindowExtEx

  SetMapMode

  RestoreDC

  SaveDC

  ExtTextOutW

  GetClipBox

  CreateBitmap

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  Escape

  TextOutW

  RectVisible

  GetStockObject

  BitBlt

  SetViewportOrgEx

  GetPixel

  CreateCompatibleBitmap

  CreateFontW

  SetTextColor

  SetBkColor

  CreateSolidBrush

  GetTextExtentPoint32W

  GetTextMetricsW

  GetObjectA

  GetObjectW

  SelectObject

  CreateCompatibleDC

  DeleteDC

  DeleteObject

  GetDeviceCaps

  winspool.drv

  ClosePrinter

  DocumentPropertiesW

  OpenPrinterW

  advapi32

  RegOpenKeyExA

  ConvertSidToStringSidW

  RegQueryValueExA

  RegDeleteValueW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegDeleteKeyW

  GetSidSubAuthority

  GetTokenInformation

  OpenProcessToken

  RegCreateKeyExW

  RegSetValueExW

  RegCloseKey

  RegQueryValueExW

  RegOpenKeyExW

  RegEnumKeyExA

  shell32

  SHOpenFolderAndSelectItems

  SHGetMalloc

  SHGetSpecialFolderLocation

  ord155

  ord190

  DragAcceptFiles

  DragFinish

  DragQueryFileW

  SHGetFileInfoW

  ShellExecuteExW

  ShellExecuteW

  SHGetPathFromIDListW

  ord680

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  ord165

  ole32

  OleLockRunning

  StringFromGUID2

  OleUninitialize

  OleInitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CoInitialize

  CoUninitialize

  CoGetClassObject

  CLSIDFromProgID

  CLSIDFromString

  CreateStreamOnHGlobal

  oleaut32

  VariantChangeType

  LoadTypeLi

  LoadRegTypeLi

  SysStringLen

  OleCreateFontIndirect

  VarUI4FromStr

  SysAllocStringLen

  VarBstrCmp

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayDestroy

  SafeArrayCreate

  SafeArrayGetUBound

  SafeArrayGetLBound

  VariantCopy

  SafeArrayCopy

  SafeArrayGetVartype

  DispCallFunc

  VariantInit

  VariantClear

  SysAllocString

  SysFreeString

  shlwapi

  StrCmpIW

  PathCompactPathW

  PathStripPathW

  ord437

  PathFindFileNameW

  PathIsDirectoryW

  PathAddBackslashW

  StrStrIW

  PathRemoveFileSpecW

  PathAppendW

  PathCombineW

  SHSetValueA

  SHGetValueA

  PathFileExistsW

  ColorHLSToRGB

  ColorRGBToHLS

  SHGetValueW

  wnsprintfW

  comctl32

  InitCommonControlsEx

  gdiplus

  GdipDeletePrivateFontCollection

  GdipNewPrivateFontCollection

  GdipDrawImageRectRectI

  GdipDrawLine

  GdipAddPathEllipseI

  GdipGetPathGradientPointCount

  GdipSetPathGradientSurroundColorsWithCount

  GdipSetPathGradientCenterColor

  GdipCreatePathGradientFromPath

  GdipCreateFromHWND

  GdipGetFontHeight

  GdipCreatePen2

  GdipDrawRectangleI

  GdipCreateLineBrushFromRect

  GdipAddPathRectangleI

  GdipPrivateAddMemoryFont

  GdipSetPenWidth

  GdipDrawEllipseI

  GdipSetPenDashOffset

  GdipAddPathLineI

  GdipSetPixelOffsetMode

  GdipDrawImageRectI

  GdipGetImageGraphicsContext

  GdipGetImagePixelFormat

  GdipDrawImagePointRectI

  GdipResetWorldTransform

  GdipCreateBitmapFromScan0

  GdipDrawPath

  GdipFillPath

  GdipSetSmoothingMode

  GdipGetSmoothingMode

  GdipResetClip

  GdipCreatePath

  GdipFillRectangleI

  GdipRotateWorldTransform

  GdipGetPixelOffsetMode

  GdipTranslateWorldTransform

  GdipSetClipRectI

  GdipSetTextRenderingHint

  GdipCreateFont

  GdipGetFontCollectionFamilyList

  GdipCreateLineBrushFromRectI

  GdipClosePathFigure

  GdipAddPathArcI

  GdipResetPath

  GdipDrawString

  GdipMeasureString

  GdipSetStringFormatAlign

  GdipSetStringFormatLineAlign

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipDeleteFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipDrawRectangle

  GdipDrawLineI

  GdipSetPenDashStyle

  GdipDeletePen

  GdipCreatePen1

  GdipBitmapSetPixel

  GdipBitmapGetPixel

  GdipGetImageHeight

  GdipGetImageWidth

  GdipCreateBitmapFromFile

  GdipCloneImage

  GdipDisposeImage

  GdipFillRectangle

  GdipCloneBrush

  GdipAlloc

  GdipFree

  GdipDeleteBrush

  GdipCreateSolidFill

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipCreateBitmapFromStream

  GdipSetPathGradientGammaCorrection

  GdipSetPathGradientCenterPoint

  GdipAddPathLine2

  GdipGetPathWorldBoundsI

  GdipAddPathPie

  GdipAddPathLine

  GdipAddPathArc

  GdipSaveImageToFile

  GdipGetImageEncoders

  GdipGetImageEncodersSize

  GdipSetInterpolationMode

  GdipCloneFontFamily

  GdipDeleteFontFamily

  GdipDeletePath

  GdipSetLinePresetBlend

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  wininet

  InternetCloseHandle

  HttpQueryInfoW

  InternetSetOptionW

  InternetReadFile

  InternetOpenUrlW

  DeleteUrlCacheEntryW

  InternetOpenW

  psapi

  GetModuleFileNameExW

  imm32

  ImmDisableIME

  rpcrt4

  NdrAsyncClientCall

  RpcAsyncInitializeHandle

  RpcStringBindingComposeW

  RpcBindingFromStringBindingW

  RpcAsyncCompleteCall

  RpcStringFreeW

  RpcBindingFree

  oleacc

  LresultFromObject

  CreateStdAccessibleObject

  wtsapi32

  WTSQuerySessionInformationW

  userenv

  GetUserProfileDirectoryW

  Sections

  .text

  Size: 731KB - Virtual size: 730KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 138KB - Virtual size: 137KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 24KB - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 391KB - Virtual size: 391KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 72KB - Virtual size: 72KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ