Static task
static1
Behavioral task
behavioral1
Sample
b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667.exe
Resource
win10v2004-20230831-en
windows10-2004-x64
General
-
Target
b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667
-
Size
4.5MB
-
MD5
7dd1a00c63a9a4e6a447c6352ff6d1b7
-
SHA1
7f6e4d2462d354965776b1fdc792bf9a848e80bc
-
SHA256
b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667
-
SHA512
70cfc1f34fb7e15d24b8538ed082d6c619c3a6542ebd3d826c3829591008863d970ba8fda6c70c46be1b455738be495db9ec0faea9b89daa20465ac926c336a6
-
SSDEEP
98304:WyjfcmFmaHovNzOe2uDld7dbleEQHEptTYFHmJ/R:WyImFlInPnQStQmJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667
Files
-
b63df163cd0b3ff64f157d1d769b54e433e7ffde660e8d3a2b6861017bc77667.exe windows x86
10a2279b16cf6f879ffa0d4d960ea880
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTempPathW
CreateProcessW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetLocaleInfoA
GetDiskFreeSpaceExW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetComputerNameA
OpenMutexW
InterlockedCompareExchange
GetSystemDirectoryW
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
QueryDosDeviceW
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
GetSystemTime
CreateDirectoryW
GetFileAttributesW
SystemTimeToFileTime
CreateThread
ResetEvent
MoveFileW
CopyFileW
GetSystemDirectoryA
GetModuleHandleA
QueryPerformanceFrequency
SleepEx
GetEnvironmentVariableA
PeekNamedPipe
RemoveDirectoryW
GetCommandLineW
DeleteFileW
WritePrivateProfileStringW
GetLocalTime
OutputDebugStringW
SetEvent
GetExitCodeThread
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
CreateEventW
SetFilePointer
LocalAlloc
WriteFile
LocalFree
lstrcmpiW
GetCurrentThreadId
LeaveCriticalSection
GlobalAlloc
MoveFileExA
FormatMessageA
GetStdHandle
GetFileType
GlobalLock
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
GlobalUnlock
GlobalFree
GetModuleHandleW
lstrlenW
GetModuleFileNameW
InterlockedDecrement
SetLastError
FindResourceW
InterlockedExchange
WideCharToMultiByte
GetPrivateProfileIntW
InterlockedIncrement
GetVersionExW
FreeResource
TerminateProcess
MultiByteToWideChar
GetWindowsDirectoryW
OpenProcess
RaiseException
CreateFileW
GetFileSize
FreeLibrary
lstrlenA
ReadFile
FlushInstructionCache
GetPrivateProfileStringW
GetCurrentProcess
CloseHandle
GetCurrentProcessId
GetLastError
CreateMutexW
Sleep
FindResourceExW
GetProcAddress
LoadLibraryW
LoadResource
LockResource
SizeofResource
GetThreadLocale
user32
BringWindowToTop
InflateRect
GetLastActivePopup
SwitchToThisWindow
IsWindowVisible
CreateWindowExW
DefWindowProcW
RegisterWindowMessageW
GetActiveWindow
CharNextW
GetDesktopWindow
IsWindowEnabled
EnableWindow
GetForegroundWindow
LoadBitmapW
GetClassInfoExW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SystemParametersInfoW
DestroyWindow
SetWindowPos
AttachThreadInput
SetRect
SetCapture
RegisterClassExW
InvalidateRect
BeginPaint
ReleaseCapture
KillTimer
GetCursorPos
GetWindow
EndPaint
CallWindowProcW
DestroyIcon
ShowWindow
GetDlgCtrlID
PeekMessageW
EqualRect
ScreenToClient
GetFocus
GetMessageW
SetRectEmpty
IsChild
TranslateMessage
DispatchMessageW
IsDialogMessageW
OffsetRect
MonitorFromWindow
GetMonitorInfoW
SetFocus
GetDlgItem
DrawTextW
UpdateLayeredWindow
IsRectEmpty
SetCursor
DrawIconEx
GetNextDlgTabItem
PtInRect
IntersectRect
SetTimer
PostThreadMessageW
SetWindowTextW
GetWindowTextW
UnregisterClassA
GetWindowTextLengthW
FillRect
wsprintfW
LoadImageW
GetWindowThreadProcessId
CopyRect
IsIconic
MapWindowPoints
SendMessageW
GetClientRect
FindWindowW
SetWindowLongW
GetWindowLongW
GetParent
LoadCursorW
ClientToScreen
GetWindowRect
SetActiveWindow
MoveWindow
ReleaseDC
PostMessageW
GetDC
SetForegroundWindow
IsWindow
LoadIconW
gdi32
StretchBlt
SetStretchBltMode
SelectObject
CreatePen
GetDeviceCaps
ExtTextOutW
CreateRectRgn
CreateFontIndirectW
SelectClipRgn
SetTextColor
Rectangle
RestoreDC
DeleteDC
CreateCompatibleDC
SaveDC
GetClipRgn
RoundRect
SetBkMode
CreateCompatibleBitmap
GetObjectW
BitBlt
CreateDIBSection
CreateBitmap
DeleteObject
GetStockObject
CreateRectRgnIndirect
CombineRgn
GetCurrentObject
SetViewportOrgEx
OffsetRgn
ExtSelectClipRgn
GetViewportOrgEx
GetTextExtentPoint32W
GetTextColor
LineTo
TextOutW
MoveToEx
CreateRoundRectRgn
RectInRegion
CreateSolidBrush
ExtCreatePen
SetDIBColorTable
SetBkColor
comdlg32
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
shell32
ShellExecuteExW
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragAcceptFiles
ord680
ShellExecuteW
SHCreateDirectoryExW
SHGetMalloc
Shell_NotifyIconW
ole32
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
oleaut32
VarUI4FromStr
SysFreeString
shlwapi
StrToIntA
PathFindFileNameW
PathAddBackslashW
PathRemoveFileSpecW
PathAppendW
StrToIntW
PathIsDirectoryW
StrCmpLogicalW
PathFindExtensionW
PathFileExistsW
msvcp80
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?uncaught_exception@std@@YA_NXZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
comctl32
_TrackMouseEvent
InitCommonControlsEx
msimg32
AlphaBlend
gdiplus
GdipSetStringFormatLineAlign
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipImageRotateFlip
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipDeleteFontFamily
GdipDeleteGraphics
GdipCloneBitmapArea
GdipAlloc
GdipDrawImageRectI
GdipFree
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipCreateBitmapFromScan0
GdipGetFontCollectionFamilyCount
GdipPrivateAddFontFile
GdipLoadImageFromFile
GdipDeletePrivateFontCollection
GdipGetImagePixelFormat
GdipNewPrivateFontCollection
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipCreateFromHDC
GdipGetImageHeight
GdipCloneImage
GdipGetImageWidth
GdipDisposeImageAttributes
GdipDrawImagePointsRectI
GdipCreateImageAttributes
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRect
GdipCreateHBITMAPFromBitmap
GdipSetPenMode
GdipResetWorldTransform
GdipSetStringFormatTrimming
GdipCreatePen1
GdipSetPenStartCap
GdipDrawPath
GdipRotateWorldTransform
GdipCreateSolidFill
GdipGetFamily
GdipDeletePath
GdipSetPenEndCap
GdipSetPenDashStyle
GdipTranslateWorldTransform
GdipSetStringFormatAlign
GdipSetPixelOffsetMode
GdipCreatePath
GdipSetStringFormatFlags
GdipDrawLinesI
GdipSetCompositingQuality
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCreateLineBrushFromRectWithAngleI
GdipCloneBrush
GdipMeasureString
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipSetClipPath
GdipSetSmoothingMode
GdipCreateFont
GdipDeletePen
GdipAddPathRectangleI
GdipFillPath
GdipDrawRectangleI
GdipDrawImageI
GdipAddPathArcI
GdipDrawString
GdipFillRectangle
GdipDrawLine
GdipGetFontSize
GdipClosePathFigure
GdipFillRectangleI
GdipSetTextRenderingHint
GdipAddPathStringI
GdipAddPathPieI
GdipAddPathEllipseI
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
msvcr80
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
raise
_vsnprintf
_fileno
_setmode
isdigit
isxdigit
_getch
signal
getenv
_stat64i32
abort
_open
_close
_unlink
_write
_read
_access
_strdup
_strtoi64
_gmtime64
__sys_nerr
fgets
strspn
strcspn
_lseeki64
_fstat64
memchr
_getpid
setvbuf
strcat_s
strncpy_s
fputs
qsort
feof
_stat64
strrchr
strtol
strtoul
strerror
strncpy
fopen
strstr
_mbspbrk
_errno
__iob_func
_strnicmp
isupper
realloc
_stricmp
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
toupper
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
fflush
fputws
fgetws
__argv
sscanf
sprintf
strpbrk
sprintf_s
_CxxThrowException
__CxxFrameHandler3
_vsnwprintf
wcstok
_findclose
_wfindnext64i32
_wfindfirst64i32
_snwprintf_s
_wstat32
strcpy_s
_wtoi64
setlocale
wcsncmp
_wcsnicmp
wcspbrk
isalpha
tolower
isalnum
strchr
isspace
strncmp
ferror
fputc
fprintf
ftell
_vsnprintf_s
memmove
fseek
fwrite
memcmp
_mbsstr
fclose
fread
_wfopen
wcscat
wcscat_s
_mbsinc
_resetstkoflw
_wcsupr_s
??8type_info@@QBE_NABV0@@Z
__RTDynamicCast
abs
atoi
ceil
floor
_mbschr
_localtime64_s
_mktime64
_time64
_wtol
iswspace
_wcsicmp
rand
wcstol
srand
wcscmp
swprintf_s
_purecall
_mbscmp
vsprintf_s
_vscprintf
strlen
calloc
memset
_mbsicmp
??3@YAXPAX@Z
_vscwprintf
memcpy_s
vswprintf_s
memmove_s
wcslen
wcsrchr
??0exception@std@@QAE@ABV01@@Z
_wtoi
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
printf
_invalid_parameter_noinfo
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
wcsstr
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
free
labs
wcsncpy_s
_beginthreadex
_recalloc
strcmp
wcscspn
_wtof
_wcslwr_s
wcsspn
malloc
memcpy
wcscpy_s
__argc
_waccess
__wargv
wcschr
wldap32
ord50
ord143
ord26
ord211
ord22
ord30
ord200
ord217
ord60
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ws2_32
getsockopt
getpeername
socket
connect
WSASetLastError
inet_addr
htons
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
accept
listen
sendto
recvfrom
__WSAFDIsSet
select
ioctlsocket
gethostname
bind
ntohs
getsockname
setsockopt
WSAIoctl
recv
WSAStartup
WSACleanup
shutdown
WSAGetLastError
send
closesocket
gethostbyname
crypt32
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFreeCertificateContext
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 492KB - Virtual size: 489KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 76KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE