C:\vmagent_new\bin\joblist\563777\out\Release\360zipUpdate.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3b749a256a910c8a7c0e928d67739a9f60e833f05993fe8e0747a67fabc8cc3e.exe
Resource
win7-20240221-en
windows7-x64
10 signatures
150 seconds
General
-
Target
3b749a256a910c8a7c0e928d67739a9f60e833f05993fe8e0747a67fabc8cc3e
-
Size
732KB
-
MD5
35d02880cbd2859bb276bb2379cb8e10
-
SHA1
951cc4f032fd988a25b1ceda202f03797daab367
-
SHA256
3b749a256a910c8a7c0e928d67739a9f60e833f05993fe8e0747a67fabc8cc3e
-
SHA512
9f9283b6be1c00780ccd45474f2558bd32a0ff1c803ae57ae4d4fe4ab7f5c5022f88a545f9807219c902b7e49bf4580fb30612faa11fb8c1e51c6a39dd5d830d
-
SSDEEP
12288:Ei0NjlGoLZoaT3KemwubOvu5Sb44OeG3SUBFNPG4kaWH9j:EipuzT6Wuwu5Sb4XkYjPGIk9j
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3b749a256a910c8a7c0e928d67739a9f60e833f05993fe8e0747a67fabc8cc3e
Files
-
3b749a256a910c8a7c0e928d67739a9f60e833f05993fe8e0747a67fabc8cc3e.exe windows:5 windows x86 arch:x86
0892e3a8610ee567d783e2fecdb76aca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
lstrlenW
WritePrivateProfileStringW
FlushInstructionCache
GetTempPathW
RaiseException
GetPrivateProfileIntW
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
FindClose
LockResource
CreateEventW
lstrcmpiW
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
DeleteFileW
LocalFree
GetModuleFileNameA
CreateProcessW
MoveFileExW
OutputDebugStringW
OpenProcess
CloseHandle
CreateFileW
DeviceIoControl
GetCurrentProcessId
WaitForMultipleObjects
WideCharToMultiByte
SetFilePointer
SetEndOfFile
GetTickCount
WriteFile
ReadFile
GetFileSizeEx
GetCurrentThread
GetThreadContext
VirtualQuery
SetThreadPriority
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
SuspendThread
ResumeThread
MultiByteToWideChar
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetModuleFileNameW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
SetHandleCount
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetConsoleMode
GetConsoleCP
CompareStringW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStartupInfoW
GetStdHandle
GetFileType
WriteConsoleW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
MulDiv
LeaveCriticalSection
GetVersionExW
ExitProcess
SizeofResource
Sleep
LoadLibraryW
GetSystemDirectoryW
InitializeCriticalSection
GetPrivateProfileStringW
GetModuleHandleW
SetEvent
InterlockedCompareExchange
WaitForSingleObject
GetSystemWindowsDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
FreeResource
FindFirstFileW
CreateMutexW
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetTempFileNameW
LocalAlloc
user32
GetWindow
UnregisterClassA
DispatchMessageW
GetMonitorInfoW
DefWindowProcW
LoadCursorW
RegisterClassExW
IntersectRect
MoveWindow
SetWindowRgn
SetTimer
ScreenToClient
PostQuitMessage
TrackPopupMenu
PostMessageW
DrawTextW
KillTimer
GetSubMenu
SetForegroundWindow
GetWindowInfo
WindowFromPoint
GetForegroundWindow
LoadIconW
OffsetRect
InvalidateRect
LoadMenuW
GetAncestor
GetDesktopWindow
GetCursorPos
IsWindow
FindWindowExW
CreateWindowExW
GetSystemMetrics
IsWindowVisible
SendMessageW
DestroyMenu
GetWindowThreadProcessId
GetShellWindow
EndPaint
DestroyWindow
GetWindowRect
GetMessageW
CharNextW
DialogBoxParamW
GetParent
GetClientRect
BeginPaint
GetDC
TranslateMessage
GetWindowLongW
PeekMessageW
ReleaseDC
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
SetWindowPos
ShowWindow
CreateDialogParamW
GetActiveWindow
MessageBoxW
MapWindowPoints
SetWindowTextW
gdi32
CreateDIBSection
CreateCompatibleDC
GetObjectW
SetStretchBltMode
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush
DeleteDC
GetDeviceCaps
CreateRoundRectRgn
CreateFontW
advapi32
RegQueryValueExA
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
shell32
ord680
ShellExecuteExW
ShellExecuteW
ord165
Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
ole32
OleInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
oleaut32
SysAllocString
SysStringLen
VariantClear
SysAllocStringByteLen
VariantInit
VarUI4FromStr
SysStringByteLen
SysFreeString
shlwapi
StrStrIA
StrCmpIW
PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
StrStrIW
PathAppendW
PathCombineW
psapi
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
Sections
.text Size: 308KB - Virtual size: 307KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 161KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 91KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE