Static task
static1
Behavioral task
behavioral1
Sample
hdclone-cl.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
hdclone-cl.exe
Resource
win10v2004-20230703-en
General
-
Target
hdclone-cl.exe
-
Size
371KB
-
MD5
eb93ffca71dee3d9cdfe1e1cb433e00d
-
SHA1
855fe889371b1ea5da37d897e76879b8f6cd42a1
-
SHA256
b73eb5771a9bb527522495fb0ce5d3eb62db28a63aad471664b1e566877da498
-
SHA512
b1d93d74c9f937f9550b22a1e57614e166c06190eba111e9bb01b9d99302d8eb9775dde688efb9270b30eff064337e9cefd42ec99cb75e3a6be9bbd664e6e100
-
SSDEEP
3072:mjzgR4v7u/CjSoYzE77IDw4YmosrAF0AxWN7qbT2Bc/wmjhpBnPL2vG63q6y77Kf:mngR46/3e4YUAVWwbdb2Gx779kT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource hdclone-cl.exe
Files
-
hdclone-cl.exe.exe windows x86
4eea6be3f83b35c9d9a284eaad72a3b0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP
Imports
psapi
GetProcessImageFileNameW
EnumProcesses
kernel32
GetNativeSystemInfo
FindResourceW
LoadResource
LoadLibraryExW
SetEnvironmentVariableW
WaitForSingleObject
OpenProcess
SizeofResource
TerminateProcess
ReadFile
GetTempPathW
LockResource
CloseHandle
GetCommandLineW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetProcAddress
CreateFileW
LoadLibraryW
WriteFile
FreeLibrary
SetFilePointerEx
DeleteFileW
FlushInstructionCache
FindResourceExW
MultiByteToWideChar
GetVersionExA
ExitProcess
CreateFileA
SetFilePointer
GetLocaleInfoA
SetErrorMode
SystemTimeToFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FileTimeToSystemTime
GetLocalTime
SetConsoleCtrlHandler
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceFrequency
SuspendThread
SetEvent
WaitForSingleObjectEx
CreateEventA
ResetEvent
FindResourceA
FormatMessageA
EnumResourceNamesA
LocalFree
GetCurrentProcess
ReadProcessMemory
Module32First
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32Next
GetCurrentProcessId
Sleep
GetStdHandle
SetStdHandle
LoadLibraryA
GetFileType
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetProcessTimes
GlobalMemoryStatusEx
GetSystemInfo
GetFileAttributesW
CreateProcessA
CreateNamedPipeA
CreateThread
HeapCreate
SwitchToThread
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
TerminateThread
QueueUserAPC
ResumeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
VirtualQuery
GetThreadContext
SetThreadContext
SetThreadExecutionState
HeapUnlock
HeapLock
HeapWalk
WideCharToMultiByte
EncodePointer
GetStringTypeW
GetCPInfo
RtlUnwind
GetModuleHandleExW
GetModuleFileNameW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
OutputDebugStringW
user32
MessageBoxW
LoadCursorA
PostMessageA
MessageBoxA
ShowCursor
GetDC
PostThreadMessageA
GetClientRect
wsprintfW
GetSystemMetrics
shlwapi
PathFileExistsW
winmm
timeBeginPeriod
timeEndPeriod
ws2_32
closesocket
gdi32
GetDeviceCaps
shell32
SHGetSpecialFolderPathW
ole32
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
Sections
.text Size: 194KB - Virtual size: 194KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
oldrsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 81KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ