Static task
static1
Behavioral task
behavioral1
Sample
kiriyama.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
kiriyama.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
kiriyama.exe
-
Size
4.3MB
-
MD5
86d7a04f632ef0b49f48547df68a9b52
-
SHA1
a4cacb230923c79fc37b21814f8c5f609faa8b7a
-
SHA256
c5690c4e6d9d5f3c7b9b35b39fbe56d37360c05a37c8c76493f78a130b13fef3
-
SHA512
81f293ba17dff34f3da0de5968d79fce4ec185a16a74115d08a62a1faf06ade25ccfd6cd018fa0eb7cd48edd41dd00c744e86f2506d570c45550d16b0b3861c3
-
SSDEEP
98304:3T7VsnAsR0au0kTunrpaFblRifvPwgLqlEhsQIZHOSlRzbHLf+M4FLOAkGkzdnEP:c6Ep4ifnwgLqFxbHLf+M4FLOyomFHKnY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource kiriyama.exe
Files
-
kiriyama.exe.exe windows x86
02d329be01c9416a382fd8334a61f489
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetHandleCount
QueryPerformanceCounter
LCMapStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeW
CompareStringW
GetTimeZoneInformation
IsValidCodePage
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
CreateFileW
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
SetConsoleCtrlHandler
FatalAppExitA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetStdHandle
HeapSize
HeapQueryInformation
GetEnvironmentStringsW
VirtualAlloc
RaiseException
RtlUnwind
SizeofResource
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
CreateThread
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
EncodePointer
DecodePointer
ExitProcess
LocalLock
LocalUnlock
GetNumberFormatA
GetWindowsDirectoryA
FindResourceExW
SetErrorMode
GetFileSizeEx
SetFileAttributesA
GetFileAttributesExA
FileTimeToLocalFileTime
GetACP
FreeEnvironmentStringsW
HeapDestroy
VirtualQuery
GetOEMCP
GetCPInfo
VirtualProtect
GlobalFlags
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
lstrcmpiA
GetStringTypeExA
GetTempPathA
SearchPathA
GetProfileIntA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GetAtomNameA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
ReplaceFileA
GetUserDefaultLCID
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
HeapCreate
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
lstrcmpW
LoadLibraryW
GetCurrentProcessId
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFileSize
FindResourceA
ActivateActCtx
DeactivateActCtx
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
InterlockedExchange
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
lstrlenW
MulDiv
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
WaitForSingleObject
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetTickCount
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
SetFileTime
WriteFile
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrlenA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
VirtualFreeEx
WritePrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
DeleteFileA
FlushViewOfFile
FindClose
FindFirstFileA
GetSystemInfo
GlobalMemoryStatusEx
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
GetLastError
CreateFileA
Sleep
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
WriteConsoleW
user32
GetKeyNameTextA
RealChildWindowFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyIcon
FrameRect
SetCursorPos
SetClassLongA
GetMenuDefaultItem
InSendMessage
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyAcceleratorTableA
SendNotifyMessageA
IsClipboardFormatAvailable
SetMenuDefaultItem
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDC
ShowOwnedPopups
TranslateMessage
WaitMessage
PostThreadMessageA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
GetActiveWindow
LoadAcceleratorsA
InsertMenuItemA
GetDesktopWindow
TranslateAcceleratorA
LoadIconW
LoadIconA
WinHelpA
GetClassNameA
GetForegroundWindow
SetActiveWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
GetMenu
SetRect
GetSysColorBrush
DrawFocusRect
DrawEdge
GetSysColor
GetLastActivePopup
MessageBoxA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetUpdateRect
CharUpperBuffA
SetParent
LockWindowUpdate
BringWindowToTop
ModifyMenuA
CreatePopupMenu
ScrollWindowEx
IsWindowEnabled
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
PeekMessageA
GetMessageA
DispatchMessageA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
UpdateLayeredWindow
EnableScrollBar
SetScrollPos
GetScrollPos
ValidateRect
MapWindowPoints
UnionRect
LoadImageW
LoadImageA
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
FillRect
DrawStateA
CopyImage
GetIconInfo
DestroyIcon
DestroyMenu
IsMenu
GetClassLongA
GetMenuItemInfoA
DrawFrameControl
RegisterWindowMessageA
CharUpperA
SetFocus
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsIconic
GetAsyncKeyState
GetCursorPos
SetCursor
MessageBeep
ReleaseCapture
LoadCursorA
LoadCursorW
WindowFromPoint
SetCapture
KillTimer
SetTimer
ScreenToClient
LoadMenuW
EnableMenuItem
CheckMenuItem
DeleteMenu
BeginDeferWindowPos
EndDeferWindowPos
SubtractRect
GetNextDlgGroupItem
DestroyCursor
UnregisterClassA
GetDoubleClickTime
EnumChildWindows
CharNextA
InvalidateRgn
GetDialogBaseUnits
DrawIcon
CreateMenu
GetWindowRgn
IsCharLowerA
MapVirtualKeyExA
IsChild
EqualRect
InflateRect
SetRectEmpty
DestroyAcceleratorTable
GetParent
DestroyWindow
NotifyWinEvent
IsWindow
GetKeyState
GetTopWindow
GetFocus
GetDCEx
GetTabbedTextExtentA
GetTabbedTextExtentW
WindowFromDC
HideCaret
LoadBitmapW
InvertRect
GetCapture
IsWindowVisible
GetWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfA
RemovePropA
SetWindowPos
SetWindowLongA
GetWindowLongA
SetPropA
GetPropA
SetWindowRgn
TrackPopupMenu
GetSystemMenu
ShowWindow
IsZoomed
CallWindowProcA
ReleaseDC
IntersectRect
IsRectEmpty
GetWindowTextA
GetWindowTextLengthA
DrawIconEx
GetClientRect
GetWindowDC
GetSystemMetrics
PostMessageA
PtInRect
ClientToScreen
EnableWindow
UpdateWindow
SendMessageA
GetWindowThreadProcessId
FindWindowExA
FindWindowA
RedrawWindow
OffsetRect
GetWindowRect
CopyRect
InvalidateRect
DeferWindowPos
gdi32
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
OffsetRgn
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetCurrentObject
SetRectRgn
GetMapMode
ExtFloodFill
CreatePalette
GetPaletteEntries
SetPaletteEntries
GetCharWidthA
CreateFontA
StretchDIBits
GetViewportOrgEx
SetWindowExtEx
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
EnumFontFamiliesExA
GetNearestPaletteIndex
GetSystemPaletteEntries
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
SetPixelV
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetAbortProc
EndPage
StartPage
OffsetWindowOrgEx
SetWindowOrgEx
StartDocA
DPtoLP
SetTextColor
CreateFontIndirectA
AbortDoc
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
LPtoDP
CreateCompatibleDC
RoundRect
Rectangle
CreatePatternBrush
ExtTextOutA
Polygon
Ellipse
Polyline
GetTextColor
GetBkColor
CreatePolygonRgn
CreateEllipticRgn
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
CreateDIBSection
SetPixel
GetPixel
StretchBlt
CombineRgn
CreateRectRgn
GetStockObject
CreateBitmap
SelectPalette
RealizePalette
GetDIBits
SetBkColor
SetDIBColorTable
DeleteDC
GetObjectA
DeleteObject
GetTextMetricsA
GetTextExtentPoint32A
PatBlt
SelectObject
CreatePen
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateRoundRectRgn
BitBlt
CreateCompatibleBitmap
EndDoc
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter
advapi32
RegEnumKeyA
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegCloseKey
RegSetValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
CryptReleaseContext
shell32
SHAddToRecentDocs
SHAppBarMessage
DragFinish
DragQueryFileA
SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExA
ExtractIconA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
comctl32
InitCommonControlsEx
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
shlwapi
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathStripPathA
PathRemoveFileSpecW
ole32
CoInitializeEx
OleCreateLinkFromData
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
PropVariantCopy
CoCreateInstance
StringFromGUID2
CoDisconnectObject
OleLockRunning
OleSetMenuDescriptor
CoUninitialize
CoInitialize
StgCreateDocfile
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
OleCreateFromData
OleRun
OleSave
WriteClassStm
OleSaveToStream
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
CoGetMalloc
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleRegGetMiscStatus
OleRegEnumVerbs
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleGetClipboard
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
oleaut32
SysFreeString
OleCreateFontIndirect
SysAllocString
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SafeArrayCopy
oledlg
ord8
gdiplus
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDisposeImage
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImagePointRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDrawImage
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipSetSolidFillColor
GdipDrawString
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
wldap32
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46
ws2_32
bind
ntohs
getsockname
htons
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
setsockopt
crypt32
CertFreeCertificateContext
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
winmm
PlaySoundA
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 528KB - Virtual size: 527KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 184KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ