Static task
static1
Behavioral task
behavioral1
Sample
server2.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
server2.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
server2.exe
-
Size
1.6MB
-
MD5
a246d5f543bd77e918b525cf616d3519
-
SHA1
0b6fc273ecba69abb06804e0f2e19c59e2752b62
-
SHA256
3e28501f8e10a1b28dc6ee96b2d321de2ab53fdad38d39d12fa936e10589e222
-
SHA512
c1bf0d6099163932eaa296d37fb108c29087cbc69a19df3899ab78fbb38fe08943074645ef1c0aa30dc88b0d7f54f9b66801f8b0450aaaf1902c927e0882ebda
-
SSDEEP
49152:AkrpQllG4aiEXf1axPQdWkO3PhCk9megybcsfLu5P+oIgH4mmf7svswZ7lf9vZvt:jpclG4qf1a
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource server2.exe
Files
-
server2.exe.exe windows x86
b0f3a9be98b205b453a30c704b4ddad6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord4975
ord5797
ord5479
ord1995
ord967
ord3717
ord802
ord791
ord542
ord523
ord1175
ord4411
ord4919
ord4447
ord5572
ord2915
ord798
ord1997
ord5465
ord5194
ord533
ord5442
ord3318
ord5829
ord941
ord5608
ord665
ord1979
ord6385
ord5186
ord354
ord2393
ord5970
ord5968
ord703
ord603
ord2454
ord1969
ord273
ord1643
ord403
ord5861
ord6929
ord2614
ord3880
ord3425
ord3054
ord5933
ord635
ord317
ord5440
ord6383
ord5450
ord6394
ord2065
ord3169
ord4204
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord4424
ord817
ord565
ord3500
ord1639
ord1081
ord2726
ord5605
ord2761
ord4226
ord1601
ord5810
ord5481
ord2031
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord2449
ord1106
ord6055
ord1776
ord5290
ord3742
ord3584
ord5823
ord3664
ord818
ord415
ord543
ord567
ord715
ord803
ord4275
ord2077
ord2827
ord2379
ord1925
ord2029
ord4287
ord6197
ord6378
ord3337
ord6407
ord668
ord2770
ord356
ord539
ord1980
ord3181
ord4058
ord2781
ord2370
ord1768
ord3092
ord755
ord6880
ord470
ord6453
ord616
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord3639
ord692
ord2302
ord3626
ord3797
ord3803
ord5875
ord2414
ord283
ord2859
ord2298
ord2301
ord6334
ord6335
ord1567
ord268
ord3719
ord793
ord2363
ord3089
ord4476
ord4863
ord4284
ord6215
ord2642
ord6779
ord2135
ord861
ord690
ord5207
ord6059
ord389
ord1988
ord5356
ord6657
ord6881
ord1075
ord1074
ord5204
ord3229
ord1228
ord3619
ord3721
ord795
ord3571
ord640
ord5794
ord2567
ord6172
ord5789
ord2754
ord5785
ord1641
ord1640
ord323
ord6270
ord613
ord289
ord4224
ord1816
ord2582
ord4402
ord3370
ord3640
ord693
ord3996
ord4299
ord6907
ord3998
ord2358
ord2297
ord879
ord2801
ord882
ord3521
ord6402
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3317
ord686
ord384
ord2862
ord2096
ord551
ord3522
ord3693
ord5788
ord5873
ord6696
ord1949
ord5620
ord6905
ord6007
ord3286
ord3301
ord4055
ord2528
ord6571
ord2740
ord4335
ord6602
ord4715
ord6592
ord5288
ord4439
ord2054
ord4431
ord6529
ord6489
ord4259
ord6568
ord6601
ord5161
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord6485
ord768
ord4258
ord4976
ord5162
ord5981
ord3876
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord2621
ord1978
ord5200
ord6117
ord1134
ord6403
ord3310
ord807
ord796
ord554
ord529
ord1105
ord2086
ord6900
ord5655
ord2011
ord6067
ord3288
ord6069
ord6000
ord2117
ord5871
ord4163
ord2120
ord2032
ord5482
ord5811
ord4779
ord5308
ord6648
ord6143
ord2721
ord6930
ord2763
ord3171
ord926
ord2764
ord6928
ord4202
ord6883
ord5683
ord3811
ord2820
ord801
ord541
ord1644
ord2438
ord2863
ord3654
ord2584
ord4220
ord2864
ord535
ord1168
ord1146
ord3663
ord1871
ord1261
ord5705
ord695
ord393
ord5708
ord503
ord775
ord5192
ord1994
ord4291
ord6123
ord1787
ord1006
ord2609
ord6322
ord2395
ord5658
ord5010
ord2490
ord1774
ord6121
ord5242
ord3314
ord3316
ord1911
ord3097
ord6282
ord6283
ord6877
ord4278
ord5710
ord4129
ord924
ord858
ord1200
ord860
ord922
ord939
ord823
ord4710
ord540
ord2818
ord5953
ord6199
ord800
ord4234
ord641
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord928
ord5934
ord834
ord6672
ord537
ord825
ord1576
ord3178
msvcrt
_itoa
_strnicmp
_setmbcp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
isspace
rename
wcslen
printf
wcscmp
system
_splitpath
time
isalnum
memchr
srand
rand
_mbsicmp
_mbsstr
calloc
malloc
free
qsort
_ftol
_beginthreadex
atol
isdigit
atof
_endthreadex
_mbscmp
fclose
fseek
ftell
fwrite
rewind
getc
putc
atoi
exit
_CxxThrowException
memmove
__CxxFrameHandler
kernel32
ReadFile
CloseHandle
CreateFileA
SetFilePointer
LeaveCriticalSection
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
GetLastError
EnterCriticalSection
lstrcmpA
TerminateProcess
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
CreateDirectoryA
GetComputerNameA
DeleteFileA
Sleep
lstrcpyA
FindFirstFileA
FindNextFileA
FindClose
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileTime
GetCurrentProcess
GetVersionExA
GetStartupInfoA
ResetEvent
GetLogicalDriveStringsA
GetDriveTypeA
SetErrorMode
GetDiskFreeSpaceA
DeviceIoControl
FormatMessageA
LocalFree
VirtualAlloc
CreateThread
CreateSemaphoreA
ReleaseSemaphore
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetLocalTime
GetTickCount
GetModuleFileNameA
MulDiv
WinExec
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
WaitForSingleObject
CreateMutexA
GetProcAddress
LoadLibraryA
lstrcatA
GetModuleHandleA
GetSystemInfo
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
SizeofResource
LockResource
LoadResource
FindResourceA
CopyFileA
SetFileAttributesA
CreateEventA
RemoveDirectoryA
GetFileAttributesA
FreeLibrary
user32
SetTimer
KillTimer
GetDesktopWindow
IsCharAlphaA
IsCharAlphaNumericA
GetDlgItem
GetWindowRect
CopyRect
FindWindowA
PostMessageA
PostThreadMessageA
LoadMenuA
GetSubMenu
SetMenuDefaultItem
CheckMenuItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
GetSysColor
FillRect
DrawFocusRect
GetSystemMetrics
PtInRect
GetClientRect
RedrawWindow
InvalidateRect
DrawTextExA
InflateRect
GetParent
ScreenToClient
DrawTextA
EnumDisplaySettingsA
SendMessageA
LoadIconA
IsWindow
MessageBoxA
EnableWindow
wsprintfA
IsWindowVisible
MoveWindow
PeekMessageA
MsgWaitForMultipleObjects
DestroyIcon
GetWindow
OffsetRect
LoadBitmapA
GetKeyState
ExitWindowsEx
PostQuitMessage
FindWindowExA
LoadImageA
UpdateWindow
RegisterWindowMessageA
gdi32
DeleteDC
CreateFontA
GetTextExtentPoint32A
StretchBlt
CreateCompatibleBitmap
Polygon
BitBlt
GetStockObject
SetPixel
PatBlt
CreateBitmap
Ellipse
CreatePen
CreateCompatibleDC
advapi32
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
shell32
SHFileOperationA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
Shell_NotifyIconA
comctl32
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_SetImageCount
ImageList_Replace
ord17
ole32
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
oleaut32
SysFreeString
urlmon
URLDownloadToFileA
wsock32
ntohl
ntohs
recv
__WSAFDIsSet
gethostbyname
gethostname
WSACleanup
inet_addr
shutdown
htons
htonl
WSAGetLastError
select
gdiplus
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdipLoadImageFromStream
GdipFillRectangleI
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateSolidFill
GdipAlloc
GdiplusStartup
GdipCreateFont
GdipFree
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDrawString
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetImageThumbnail
GdipGetImageHeight
GdipImageRotateFlip
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetImageWidth
GdipDeleteBrush
GdipCloneBrush
GdipCloneImage
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipGraphicsClear
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
msvcp60
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?clear@ios_base@std@@QAEXH_N@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0locale@std@@QAE@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1strstreambuf@std@@UAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??1_Lockit@std@@QAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0ios_base@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??1strstream@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
wininet
FtpFindFirstFileA
InternetConnectA
FtpSetCurrentDirectoryA
InternetOpenA
InternetFindNextFileA
FtpDeleteFileA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpPutFileA
InternetCloseHandle
netapi32
NetApiBufferFree
NetShareGetInfo
shlwapi
PathFileExistsA
ws2_32
send
closesocket
setupapi
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 220KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 96KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 208KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ