Static task
static1
General
-
Target
Cultivation.exe
-
Size
16.8MB
-
MD5
e4b9f8be4087f046380c465ebef9d54a
-
SHA1
572bddadbe85a07aa9efbc89d0be436b1065139c
-
SHA256
f432603d396452da6b638b9e7b16d976470de330e38ae17c621e9380a5ef7b9b
-
SHA512
ddac816430bc982fb3e8d4be7b57367de4d9231e6fa520d885c38b995b5afa99dbc289964cfc8683193363b41f1d742176bd5c260340a9f282ff1baff94bfe43
-
SSDEEP
196608:BSt18aspyOvX7ssKVTH4mxpt1r8dYeyAi:BQ1IP2VTH4mxr1mY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Cultivation.exe
Files
-
Cultivation.exe.exe windows x64
3ed68c6edc39cfca94f77d617baba7bd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetProcAddress
FreeLibrary
GetCurrentProcessId
TryAcquireSRWLockExclusive
Sleep
PostQueuedCompletionStatus
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
SetLastError
GetLastError
IsDBCSLeadByte
RtlVirtualUnwind
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
AreFileApisANSI
GetCurrentProcess
TzSpecificLocalTimeToSystemTime
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetCurrentDirectoryW
QueryPerformanceFrequency
LocalFree
VirtualQueryEx
ReadProcessMemory
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFileTime
GlobalMemoryStatusEx
ReleaseSemaphore
GetLogicalDrives
FlushFileBuffers
GetStdHandle
SetConsoleCtrlHandler
CreateSemaphoreA
GetShortPathNameW
WaitForSingleObject
WriteFile
SetFilePointer
SetEndOfFile
GetFullPathNameW
GetModuleFileNameW
CreateHardLinkW
GetSystemInfo
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
GetCurrentThread
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
RtlPcToFileHeader
FindNextFileW
FoldStringW
SleepConditionVariableSRW
GetModuleHandleA
GetExitCodeProcess
RemoveDirectoryW
ReadFile
RaiseException
LoadLibraryA
GetLongPathNameW
FindFirstFileW
ReadConsoleW
WriteConsoleW
GetTempPathW
TlsSetValue
TlsGetValue
GlobalLock
GlobalUnlock
CreateProcessW
GetWindowsDirectoryW
GlobalAlloc
CreateNamedPipeW
ExitProcess
SetCurrentDirectoryW
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
MoveFileExW
GetFileInformationByHandleEx
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
WakeConditionVariable
WakeAllConditionVariable
RtlUnwind
WaitForMultipleObjects
GetProcessId
TerminateProcess
GetConsoleMode
ReadFileEx
SleepEx
WriteFileEx
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlCaptureContext
GetFileType
SwitchToThread
lstrlenW
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
ReleaseMutex
FreeEnvironmentStringsW
GetFileInformationByHandle
FindClose
MoveFileW
GetCurrentThreadId
DeviceIoControl
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
DeleteFileW
CreateFileW
CreateDirectoryW
GetProcessAffinityMask
CreateThread
OutputDebugStringA
OutputDebugStringW
EncodePointer
TlsAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExW
TlsFree
GetEnvironmentVariableW
CreateSemaphoreW
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
FormatMessageW
EnterCriticalSection
InitializeCriticalSection
GetVersionExW
SetThreadPriority
GetSystemDirectoryW
SetThreadExecutionState
GetVolumeInformationW
LoadLibraryW
DuplicateHandle
CreatePipe
CloseHandle
SetHandleInformation
GetOverlappedResult
ws2_32
closesocket
select
getaddrinfo
WSAStartup
WSAIoctl
freeaddrinfo
WSACleanup
ioctlsocket
getsockname
getpeername
accept
WSASocketW
bind
connect
listen
getsockopt
WSADuplicateSocketW
shutdown
recv
socket
WSAGetLastError
setsockopt
WSASend
send
user32
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
AppendMenuW
GetRawInputData
RegisterTouchWindow
CreateIcon
SetClipboardData
RegisterClipboardFormatA
EmptyClipboard
CloseClipboard
GetClipboardData
GetSystemMetrics
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
DestroyIcon
SendMessageW
ValidateRect
DestroyAcceleratorTable
RegisterClassExW
RegisterWindowMessageA
SetWindowLongW
CreateMenu
RegisterHotKey
ShowWindow
IsWindowVisible
UnregisterHotKey
SystemParametersInfoA
IsWindow
EnumDisplayMonitors
GetWindowRect
EnumChildWindows
GetMenu
SendInput
GetUpdateRect
GetKeyboardLayout
GetKeyboardState
GetClientRect
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyExW
GetMessageA
DispatchMessageA
PostQuitMessage
ClipCursor
MessageBoxW
MonitorFromPoint
CreateWindowExW
SetCursor
LoadCursorW
InvalidateRgn
SetWindowPos
GetWindowPlacement
GetKeyState
ToUnicodeEx
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
RedrawWindow
PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
SetMenu
ClientToScreen
GetForegroundWindow
DestroyWindow
CharToOemBuffW
SetWindowTextW
GetWindowLongPtrW
SetForegroundWindow
CharLowerW
CharUpperW
OemToCharBuffA
OemToCharA
CharToOemA
GetDC
IsProcessDPIAware
CreateAcceleratorTableW
AdjustWindowRectEx
ShowCursor
GetClipCursor
GetMonitorInfoW
MonitorFromRect
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
OpenClipboard
SetCursorPos
ReleaseCapture
GetCursorPos
GetActiveWindow
comctl32
RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc
gdi32
CreateRectRgn
DeleteObject
GetDeviceCaps
dwmapi
DwmEnableBlurBehindWindow
ole32
CoInitializeSecurity
CreateStreamOnHGlobal
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
CoUninitialize
OleInitialize
CoInitializeEx
RevokeDragDrop
CoCreateInstance
shell32
CommandLineToArgvW
SHCreateItemFromParsingName
SHGetKnownFolderPath
DragQueryFileW
DragFinish
ShellExecuteW
advapi32
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
AllocateAndInitializeSid
AdjustTokenPrivileges
FreeSid
LookupPrivilegeValueW
SetFileSecurityW
CloseServiceHandle
LookupAccountSidW
CopySid
GetLengthSid
ControlService
QueryServiceStatusEx
IsValidSid
SystemFunction036
RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
StartServiceW
OpenSCManagerW
OpenServiceW
CheckTokenMembership
secur32
FreeCredentialsHandle
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData
EncryptMessage
AcquireCredentialsHandleA
crypt32
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertOpenStore
CertAddCertificateContextToStore
CertDuplicateStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
powrprof
CallNtPowerInformation
oleaut32
SetErrorInfo
SysAllocString
GetErrorInfo
SysStringLen
VariantClear
SysFreeString
ntdll
NtQuerySystemInformation
NtCancelIoFileEx
NtQueryInformationProcess
RtlGetNtVersionNumbers
RtlGetVersion
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
psapi
GetModuleFileNameExW
GetPerformanceInfo
pdh
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddEnglishCounterW
iphlpapi
GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses
netapi32
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree
uxtheme
SetWindowTheme
bcrypt
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
api-ms-win-crt-math-l1-1-0
trunc
round
floor
__setusermatherr
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
realloc
free
_set_new_mode
calloc
api-ms-win-crt-string-l1-1-0
wcsncmp
wcsncpy
wcspbrk
_wcsicmp
strlen
strcpy_s
wcslen
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
_wassert
_errno
abort
__p___argv
_cexit
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
exit
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_exe
_register_onexit_function
_crt_atexit
terminate
_configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__stdio_common_vswprintf
__p__commode
api-ms-win-crt-convert-l1-1-0
wcstol
_ultow_s
api-ms-win-crt-time-l1-1-0
clock
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 11.0MB - Virtual size: 11.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.9MB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 613KB - Virtual size: 612KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 271KB - Virtual size: 271KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ