DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteScheduledBackup
SdCheck
Overview
overview
10Static
static
10StormSpoof...of.dll
windows7-x64
1StormSpoof...of.dll
windows10-2004-x64
1StormSpoof...0S.dll
windows7-x64
1StormSpoof...0S.dll
windows10-2004-x64
3StormSpoof...of.dll
windows7-x64
1StormSpoof...of.dll
windows10-2004-x64
1StormSpoof...er.exe
windows7-x64
10StormSpoof...er.exe
windows10-2004-x64
10Behavioral task
behavioral1
Sample
StormSpoofer/HwidSpoof.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
StormSpoofer/HwidSpoof.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
StormSpoofer/SpoofB10S.dll
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
StormSpoofer/SpoofB10S.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
StormSpoofer/StormSpoof.dll
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
StormSpoofer/StormSpoof.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
StormSpoofer/StormSpoofer.exe
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
StormSpoofer/StormSpoofer.exe
Resource
win10v2004-20230703-en
Target
StormSpoofer.rar
Size
2.7MB
MD5
937ac0d358a2fe8a75e582f88bb16903
SHA1
363c4503b71977dd8b6a2e2e6d14a051cc86f544
SHA256
b0a4e447d41c4e1fe3b1105125814d4210332c70c743bef134077b7000bf1701
SHA512
8a022e2b140006b712fdd89ed75580cc31dd141b86f38cfc65661fde4f426bd45b2c4578e7a644346120ddf25865bff003c52ae5e8f167614a90ade212654565
SSDEEP
49152:bazEbFcnk5DYxn1vZNI9GrdXWLoXKjprTkJPCz+uIoJ1ilMY4V5xS4TShoohWy+F:beEbG+YoErdGLoXMpvktaWlMYy+W33
| resource | yara_rule |
|---|---|
| static1/unpack001/StormSpoofer/StormSpoofer.exe | family_stormkitty |
Checks for missing Authenticode signature.
| resource |
|---|
| unpack001/StormSpoofer/HwidSpoof.dll |
| unpack001/StormSpoofer/StormSpoof.dll |
| unpack001/StormSpoofer/StormSpoofer.exe |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
_XcptFilter
_callnewh
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
memmove_s
_itow
_wtoi
_onexit
realloc
memmove
wcscat_s
memcpy
malloc
memcmp
_CxxThrowException
_errno
_ismbstrail
_access
__CxxFrameHandler3
_amsg_exit
_initterm
_wcslwr
wcsnlen
_wtol
wcspbrk
strchr
_vscwprintf
iswspace
_getdrive
_vsnprintf
atoi
qsort
gmtime
localtime
calloc
_getdcwd
mktime
strncmp
iswalpha
??1type_info@@UEAA@XZ
free
rand
time
srand
_purecall
__C_specific_handler
towupper
_wcsnicmp
wcschr
_wcsupr
_vsnwprintf
wcsncmp
_wcsicmp
wcsrchr
memset
wcscmp
RtlEqualUnicodeString
NtQuerySystemInformation
RtlGetLastNtStatus
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError
NtSetInformationKey
NtQueryKey
EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryDirectoryFile
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNumberGenericTableElementsAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlValidRelativeSecurityDescriptor
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlSetThreadErrorMode
RtlGetThreadErrorMode
NtQueryVolumeInformationFile
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlAllocateHeap
RtlCaptureStackBackTrace
RtlFreeHeap
GlobalHandle
GlobalUnlock
lstrlenA
lstrcmpiA
SetVolumeLabelA
lstrcmpA
GlobalLock
GlobalReAlloc
ReplaceFileA
GlobalSize
ResolveDelayLoadedAPI
DelayLoadFailureHook
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
OpenProcess
InitializeSRWLock
RaiseException
ResumeThread
CreateThread
AcquireSRWLockShared
ReleaseSRWLockShared
EncodePointer
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
HeapSetInformation
HeapDestroy
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
MultiByteToWideChar
GetSystemInfo
VirtualQuery
VirtualProtect
lstrcpynW
lstrcmpiW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
GetSystemDirectoryW
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DebugBreak
InterlockedPopEntrySList
CreateFileW
GetACP
GetDiskFreeSpaceExW
GetLastError
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetVolumeInformationW
GetSystemTimeAsFileTime
GetFileSize
InterlockedPushEntrySList
CloseHandle
InitializeSListHead
ExpandEnvironmentStringsW
GetTempFileNameW
DeviceIoControl
GetVolumePathNamesForVolumeNameW
GetLogicalDriveStringsW
FindFirstFileW
Sleep
SetFileInformationByHandle
FindNextFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
WideCharToMultiByte
GetComputerNameW
FindClose
GetFileType
GetFileInformationByHandle
SetFileTime
SetFileShortNameW
OutputDebugStringW
GetCurrentThreadId
FormatMessageW
IsDebuggerPresent
VirtualFree
VirtualAlloc
LocalFree
MoveFileExW
SetFileAttributesW
SetFilePointer
CopyFileExW
FlushFileBuffers
ReadFile
GetLocalTime
GetFileSizeEx
SetFilePointerEx
DeleteFileW
CharUpperBuffA
CharNextA
OemToCharBuffA
CharToOemBuffA
CharPrevA
CharUpperA
DispatchMessageA
TranslateMessage
PeekMessageA
CharLowerA
CharPrevW
CharNextW
ord41
ord173
ord141
ord37
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SppFreeGroupPropArray
BcdGetElementData
BcdOpenSystemStore
BcdCloseStore
BcdEnumerateObjects
BcdOpenObject
BcdCloseObject
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
RegCreateKeyExW
RegQueryValueExW
RegUnLoadKeyW
RegCloseKey
RegGetValueW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegLoadKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ImpersonateLoggedOnUser
GetTokenInformation
SetFileSecurityW
AddAccessAllowedAce
IsValidAcl
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
GetAclInformation
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
CreateWellKnownSid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetKernelObjectSecurity
CopySid
EqualSid
GetWindowsAccountDomainSid
GetLengthSid
IsValidSid
GetAce
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RevertToSelf
DuplicateTokenEx
AdjustTokenPrivileges
GetSecurityDescriptorLength
CheckTokenMembership
SetSecurityDescriptorGroup
DuplicateToken
AccessCheck
GetKernelObjectSecurity
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetThreadToken
OpenThreadToken
OpenProcessToken
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
RoOriginateErrorW
RoOriginateError
RoTransformError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoGetActivationFactory
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
HeapAlloc
GetProcessHeap
HeapFree
LoadStringW
RemoveDirectoryW
CreateFileA
DeleteFileA
CreateDirectoryW
FindNextFileA
SetFileAttributesA
RemoveDirectoryA
GetDriveTypeA
GetFullPathNameW
GetFileAttributesA
LocalFileTimeToFileTime
GetFileAttributesExA
CreateDirectoryA
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FindFirstFileA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileInformationByHandleEx
CLSIDFromString
CoGetMalloc
GetSystemTime
SetLastError
GlobalAlloc
LocalAlloc
GlobalFree
IsDBCSLeadByte
GetLocaleInfoEx
GetLocaleInfoW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
GetVolumeInformationA
GetTempFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
CompareStringW
GetProcessMitigationPolicy
RtlCompareMemory
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
RegDeleteKeyW
LogonUserExW
FileTimeToDosDateTime
DosDateTimeToFileTime
RegisterEventSourceW
DeregisterEventSource
ReportEventW
PathMatchSpecExA
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse
StartTraceW
ControlTraceW
EnableTraceEx2
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteScheduledBackup
SdCheck
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
wcscpy_s
memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf_s
memset
DebugBreak
OutputDebugStringW
Sleep
QueryPerformanceCounter
CreateThread
TerminateThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapAlloc
HeapFree
CloseHandle
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcCreatePort
NtClose
RtlInitUnicodeString
AlpcInitializeMessageAttribute
IsSecureProcess
UpdateSecureDeviceState
QuerySecureDeviceInformation
CreateSecureDevice
SdfMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
free
_amsg_exit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstok_s
towupper
_XcptFilter
_wcsicmp
??_V@YAXPEAX@Z
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
swprintf_s
__C_specific_handler
memset
wcsnlen
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_onexit
malloc
memmove_s
_vsnprintf_s
_initterm
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
_unlock
_strrev
__CxxFrameHandler3
__dllonexit
wcschr
expf
log
memcmp
powf
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceComplete
WakeAllConditionVariable
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
DeleteCriticalSection
CreateMutexExW
ReleaseSRWLockExclusive
InitializeSRWLock
LeaveCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
LCMapStringW
FormatMessageW
GetLocaleInfoW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
CloseHandle
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
QueryPerformanceCounter
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetFileSize
CreateFileW
GetFileAttributesW
CreateDirectoryW
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
RaiseFailFastException
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegEnumValueW
RegQueryValueExW
PathFileExistsW
PathIsRelativeW
ExpandEnvironmentStringsW
ResolveDelayLoadedAPI
DelayLoadFailureHook
StrStrIW
StrRChrW
MulDiv
DllCanUnloadNow
DllGetClassObject
SDDSCreateChxDictionary
SDDSGetCharacterMappingObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ