Static task
static1
Behavioral task
behavioral1
Sample
809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c.exe
Resource
win10v2004-20230915-en
General
-
Target
809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c
-
Size
3.9MB
-
MD5
dc4460d86a2689036971681320d16a4d
-
SHA1
00d53d31d12d6d2508fdf15098aa90ddec4959b1
-
SHA256
809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c
-
SHA512
6eaa2bf7e8758b52ab4f2ec3e8eb101cad9c18084524407a069c278da23261ce298ba72a72eaf9ae75e89ffbf6dc54d6c89c8a6147e2477de56ce50d5832e9d3
-
SSDEEP
98304:/C1rEU3dMTS72ScPYATDXLd4WeLbtc0IFAU3:/CdEU3d6S725PdTjx7eU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c
Files
-
809cf33448892e7c0e9c9c35552e91c52785438ac5fe115e22d6f56822bd2a1c.exe windows x86
07f116ba5eb85b618aa9da12a02bb368
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteFileA
GetCurrentDirectoryA
GetTickCount
GetCurrentDirectoryW
ReadProcessMemory
GetCurrentProcessId
GetCurrentProcess
GetLastError
FindNextFileA
FindFirstFileA
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SleepEx
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
SetEndOfFile
SetEnvironmentVariableA
CreateProcessA
GetExitCodeProcess
OutputDebugStringW
WriteConsoleW
HeapReAlloc
SetStdHandle
DeleteFileW
GetTimeZoneInformation
ReleaseMutex
GetEnvironmentStringsW
GetModuleFileNameW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindClose
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetLastError
UnhandledExceptionFilter
FileTimeToSystemTime
CreateMutexA
GetModuleFileNameA
GlobalFree
lstrlenA
GetPrivateProfileStringA
MoveFileA
GetFullPathNameW
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
FreeEnvironmentStringsW
MultiByteToWideChar
SetFileAttributesA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemInfo
OpenProcess
SetThreadPriority
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCPInfo
LoadLibraryExW
GetCurrentThreadId
GetDriveTypeW
GetCommandLineA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ResumeThread
ExitThread
CreateThread
IsDebuggerPresent
RtlUnwind
RaiseException
DecodePointer
EncodePointer
GetStringTypeW
CreateFileW
IsProcessorFeaturePresent
GetProcessHeap
HeapValidate
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
LoadLibraryA
lstrlenW
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
GetVersionExA
GetSystemDirectoryA
WriteFile
ReadFile
WinExec
GetModuleHandleA
GetCurrentThread
SetUnhandledExceptionFilter
GetFileSize
CreateFileA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OutputDebugStringA
CreateDirectoryA
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStdHandle
CloseHandle
user32
PostQuitMessage
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
GetClientRect
FillRect
SetRect
OffsetRect
LoadStringA
MessageBoxA
GetSystemMetrics
ChangeDisplaySettingsA
SetWindowPos
GetWindowLongA
IsWindow
DestroyWindow
MoveWindow
SetFocus
GetAsyncKeyState
CharNextW
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
AdjustWindowRectEx
GetCursorPos
CreateWindowExA
ScreenToClient
RegisterClassExA
UnregisterClassA
DefWindowProcA
UpdateWindow
FindWindowA
LoadIconA
SystemParametersInfoA
GetKeyState
ShowCursor
SetCursor
DestroyCursor
LoadImageA
SetCursorPos
ClientToScreen
ShowWindow
GetCapture
GetMenu
RegisterClassA
SetCapture
ReleaseCapture
CharPrevExA
CharNextExA
SetWindowLongA
PeekMessageA
gdi32
SetTextColor
SetBkColor
SelectObject
TextOutW
GetCharABCWidthsFloatW
CreateFontIndirectA
GetStockObject
EnumFontFamiliesExA
GetTextExtentPoint32A
CreateCompatibleDC
DeleteDC
SetBkMode
CreateDIBSection
TextOutA
CreateSolidBrush
DeleteObject
PatBlt
StretchBlt
GetTextExtentPoint32W
ole32
CoUninitialize
CoGetClassObject
OleInitialize
OleUninitialize
OleSetContainedObject
CoInitializeEx
CoInitialize
CoCreateInstance
winmm
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime
d3d8
Direct3DCreate8
python27
Py_BuildValue
PyModule_AddIntConstant
Py_InitModule4
PyLong_AsLong
PyTuple_Size
PyTuple_GetItem
PyDict_GetItemString
PyLong_FromLongLong
PyInt_AsLong
PyDict_Next
PyDict_Size
PyLong_AsLongLong
PyList_New
PyList_Append
PyErr_SetString
PyExc_RuntimeError
PyString_FromString
PyArg_ParseTuple
PyTuple_New
PyTuple_SetItem
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize
Py_Finalize
PyRun_StringFlags
PyImport_AddModule
PyImport_ImportModule
imm32
ImmGetConversionStatus
ImmNotifyIME
ImmGetOpenStatus
ImmSetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
devil
ilConvertImage
ilCopyPixels
ilGenImages
ilDeleteImages
ilBindImage
ilInit
ilLoad
ilTexImage
ilSetPixels
ilSave
ilShutDown
ilOriginFunc
ilEnable
ilGetInteger
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
imagehlp
EnumerateLoadedModules
GetTimestampForLoadedLibrary
StackWalk
granny2
_GrannyConvertSingleObject@20
_GrannyReadEntireFileFromMemory@8
_GrannyFreeFileSection@8
_GrannyFreeFile@4
_GrannyGetFileInfo@4
_GrannyGetSourceSkeleton@4
_GrannySetModelClock@8
_GrannyFreeCompletedModelControls@4
_GrannySampleModelAnimationsAccelerated@20
_GrannyUpdateModelMatrix@20
_GrannyNewLocalPose@4
_GrannyFreeLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyInstantiateModel@4
_GrannyFreeModelInstance@4
_GrannyNewMeshBinding@12
_GrannyFreeMeshBinding@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFindBoneByName@12
_GrannyNewWorldPose@4
_GrannyFreeWorldPose@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshIndexCount@4
_GrannyFreeControl@4
_GrannyFindMatchingMember@16
_GrannyCompleteControlAt@8
_GrannyControlIsComplete@4
_GrannyFreeControlIfComplete@4
_GrannyGetControlLoopCount@4
_GrannySetControlLoopCount@8
_GrannyGetControlSpeed@4
_GrannySetControlSpeed@8
_GrannyGetControlLocalDuration@4
_GrannySetControlEaseIn@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseOutCurve@28
_GrannyGetControlRawLocalClock@4
_GrannySetControlRawLocalClock@8
_GrannyPlayControlledAnimation@12
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannyGetMaterialTextureByType@8
_GrannySetLogCallback@4
_GrannyFreeControlOnceUnused@4
_GrannyGetTotalTypeSize@4
_GrannyGetWorldPose4x4@8
mss32
_AIL_close_digital_driver@4
_AIL_close_stream@4
_AIL_set_redist_directory@4
_AIL_shutdown@0
_AIL_start_stream@4
_AIL_mem_free_lock@4
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_startup@0
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_close_3D_listener@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_open_3D_listener@4
_AIL_close_3D_provider@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_open_stream@12
_AIL_auto_update_3D_position@8
speedtreert
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
dinput8
DirectInput8Create
ws2_32
WSAGetLastError
socket
WSAStartup
send
WSACleanup
WSAEnumNetworkEvents
htonl
htons
inet_addr
ntohs
gethostbyname
gethostname
WSAWaitForMultipleEvents
bind
getpeername
getsockopt
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
recv
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSACreateEvent
WSACloseEvent
WSAResetEvent
WSAEventSelect
listen
accept
WSAIoctl
WSASetLastError
setsockopt
getsockname
ddraw
DirectDrawCreate
bcrypt
BCryptGenRandom
advapi32
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegQueryValueExA
RegOpenKeyA
RegCloseKey
shell32
SHGetSpecialFolderPathA
oleaut32
SysAllocString
VariantInit
VariantClear
SysFreeString
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertFreeCertificateChain
wldap32
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
normaliz
IdnToAscii
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 532KB - Virtual size: 531KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 181KB - Virtual size: 459KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 326KB - Virtual size: 326KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 131KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ