Static task
static1
Behavioral task
behavioral1
Sample
c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7.exe
Resource
win10v2004-20230220-en
General
-
Target
c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7
-
Size
1.0MB
-
MD5
5f9aa4efdcf74ba74cbe9775e48ac9c4
-
SHA1
17935238785d0f8339611143c2fac2ec2c6e749a
-
SHA256
c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7
-
SHA512
5d6e7e02a05d3ec925aeaf2328979895920352d0bbb601f5155656371ec191326eb6a7e78e6cf51474b1a80b8318a09051fa27ffc78b12e6463481fece0445c2
-
SSDEEP
24576:piCctHUPWXf5by2xmnW39Rs5pYolDwzoOCLyT7CSUH55z1bQIZUi1Vb:MCcbyemn69Rs5iol2oRLyT7o591bTZU8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7
Files
-
c22211d750cdf72d2558ab7c1d4469c127ce8f02735678d2b69780879a1d1ff7.exe windows x86
8d14d4831fede2af4e255deb684482f8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
gdiplus
GdiplusShutdown
GdiplusStartup
imm32
ImmDisableIME
kernel32
Sleep
MultiByteToWideChar
CreateMutexW
GetLastError
CloseHandle
SetFilePointer
WriteFile
GetModuleFileNameW
CreateFileW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
VirtualQuery
GetLogicalDriveStringsW
QueryDosDeviceW
GetUserDefaultLangID
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
GetACP
WideCharToMultiByte
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
GetDriveTypeW
LocalFree
WaitForMultipleObjects
GetModuleHandleW
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetFileAttributesW
GetDiskFreeSpaceW
GetVolumeInformationW
FindResourceW
LoadResource
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
SetEvent
ResetEvent
CreateEventW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapAlloc
OpenProcess
FindClose
FindNextFileW
GetFullPathNameW
CreateDirectoryW
SetFileTime
GetSystemDirectoryW
lstrlenW
GetTempPathW
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetFileSize
SetEndOfFile
ReadFile
GetFileTime
GetFileSizeEx
FileTimeToSystemTime
InterlockedExchangeAdd
GetTickCount
ResumeThread
FormatMessageW
InterlockedExchange
SetLastError
GlobalMemoryStatusEx
ReleaseMutex
InitializeCriticalSectionAndSpinCount
DecodePointer
DeviceIoControl
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
GetModuleHandleExW
msvcp120
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
msvcr120
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__CxxFrameHandler3
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_except1
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
swscanf_s
wcstoul
_beginthreadex
_vswprintf_c_l
sprintf
_wcsnicmp
wcsncpy
tolower
memchr
_splitpath_s
_stricmp
?terminate@@YAXXZ
calloc
_wtoi
_localtime64
_mktime64
strstr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_errno
srand
rand
towupper
_vsnwprintf
wcsstr
towlower
wcschr
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
fclose
fseek
ftell
fwrite
fread
modf
_dtest
sprintf_s
rewind
_wfopen_s
memcpy_s
??_V@YAXPAX@Z
wcsrchr
malloc
free
atoi
_time64
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
memcpy
memset
_CxxThrowException
_wcsicmp
__crtGetShowWindowMode
shell32
SHGetFolderPathW
Sections
.text Size: 686KB - Virtual size: 686KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 185KB - Virtual size: 185KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ