Static task
static1
Behavioral task
behavioral1
Sample
936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632.exe
Resource
win10v2004-20230915-en
General
-
Target
936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632
-
Size
1.1MB
-
MD5
6447f392f5e1d40f865f101bc8555373
-
SHA1
41ba869f630e2f65259a9ebffa892cb2f6986cec
-
SHA256
936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632
-
SHA512
fc9150a703cfdb141d5480c2a369d146251fd550e8265d6452014440012a68019b1cd10a6bf03ffc9b500f4c8d57335554ebe9934a9904f6f04918597b75a12c
-
SSDEEP
24576:w8imBaSwArLIHBbFCFCONNONa1uvXdB4fpO4W7U1bBNY:w8iGxwAPwdFMCQN0zdBojbBN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632
Files
-
936a5df8acfb98426cb03e6e9c547af92c6f738195aae0944005fd910af11632.exe windows:6 windows x64
554dd209a990dc139a0af0aba232a91f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
free
wcstok_s
_wcsicmp
strstr
_snwprintf
wcscat
wcscmp
_wcsnicmp
wcsncpy
wcslen
wcsncmp
__wgetmainargs
swscanf
wcscpy
malloc
memset
memcmp
memcpy
_time64
wcstol
_strnicmp
ceil
calloc
_wcsdup
sqrt
wcstod
_wstati64
wcschr
wcstok
_wtol
_wsystem
memmove
tolower
_mktime64
_itow
_wtoi
pow
_vsnwprintf
_stricmp
setlocale
_gmtime64
wcsstr
wcsrchr
strrchr
floor
wcstoul
_localtime64
wcsspn
realloc
kernel32
lstrlenW
GetSystemWindowsDirectoryW
GetFileSizeEx
SetFilePointerEx
ReadFile
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
FormatMessageW
Sleep
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetLogicalProcessorInformation
GetCurrentThread
SetFileAttributesW
GetNativeSystemInfo
GetEnvironmentVariableW
GetPrivateProfileIntW
SetDllDirectoryW
GetSystemInfo
GetPrivateProfileStringW
SetErrorMode
lstrcatW
RtlCompareMemory
WriteConsoleW
OpenProcess
QueryFullProcessImageNameW
ReadProcessMemory
GetLocalTime
GetTimeFormatW
WritePrivateProfileStringW
GetPrivateProfileSectionW
AttachConsole
AllocConsole
ReadConsoleOutputW
SetEndOfFile
SetFileValidData
CreateEventW
SetFilePointer
GetTickCount
SetVolumeMountPointW
WideCharToMultiByte
WriteConsoleA
FindFirstFileNameW
FindNextFileNameW
RemoveDirectoryW
FindFirstFileW
FindResourceExW
SizeofResource
LockResource
FreeResource
GetLogicalDrives
GetDiskFreeSpaceW
MoveFileW
SetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetDateFormatW
LCIDToLocaleName
SetThreadExecutionState
GetCommandLineW
GetProcessId
FlushFileBuffers
DosDateTimeToFileTime
LocalFileTimeToFileTime
GlobalMemoryStatusEx
FileTimeToSystemTime
WritePrivateProfileSectionW
GetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
UnregisterWait
RegisterWaitForSingleObject
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
GetVersionExW
HeapReAlloc
GetExitCodeProcess
PeekNamedPipe
CreateProcessW
CreatePipe
DuplicateHandle
HeapFree
HeapAlloc
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetModuleHandleW
HeapCreate
GetTempPathW
GetLongPathNameW
GetModuleFileNameW
GetWindowsDirectoryW
GetUserDefaultLCID
GetUserDefaultLocaleName
GetCurrentProcess
GetLastError
LocalAlloc
LocalFree
HeapDestroy
ExitProcess
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
QueryPerformanceCounter
LoadLibraryExW
FreeLibrary
SetEnvironmentVariableW
FindResourceW
LoadResource
QueryPerformanceFrequency
RtlZeroMemory
LoadLibraryW
MulDiv
FindFirstFileExW
FindNextFileW
FindClose
WaitForSingleObject
DefineDosDeviceW
VirtualProtect
WriteFile
BeginUpdateResourceW
EnumResourceNamesW
UpdateResourceW
EndUpdateResourceW
CopyFileW
DeleteFileW
SetEvent
GetFileAttributesW
lstrcmpA
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetConsoleTitleW
SetConsoleCtrlHandler
SetConsoleCursorInfo
GetFullPathNameW
DeviceIoControl
SetConsoleCursorPosition
GetConsoleWindow
K32GetModuleInformation
FindFirstVolumeW
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindNextVolumeW
FindVolumeClose
lstrlenA
RtlMoveMemory
MultiByteToWideChar
lstrcmpW
lstrcpynW
SetConsoleTextAttribute
lstrcpyW
lstrcmpiW
GetFinalPathNameByHandleW
user32
SetWindowsHookExW
MessageBoxW
LoadStringW
GetWindowTextW
GetParent
GetClassWord
TrackPopupMenu
RealChildWindowFromPoint
ScreenToClient
WindowFromPoint
FlashWindowEx
MessageBeep
GetMessagePos
SetWindowTextW
PostMessageW
SetFocus
UpdateWindow
GetWindowPlacement
SetWindowPlacement
SetTimer
InvalidateRect
CreateWindowExW
GetSystemMenu
GetSysColor
IsChild
DefFrameProcW
GetFocus
AdjustWindowRectEx
UnregisterClassW
RegisterClassW
TranslateAcceleratorW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetClassLongPtrW
CallNextHookEx
MapWindowPoints
GetUpdateRect
SetRect
FrameRect
InflateRect
UnhookWindowsHookEx
GetMessageW
IsZoomed
FillRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetActiveWindow
DrawFrameControl
GetScrollPos
RegisterClassExW
SetScrollPos
GetWindowDC
GetAsyncKeyState
GetWindowLongW
DrawStateW
ReleaseCapture
SetCapture
GetWindowTextLengthW
RedrawWindow
IntersectRect
DestroyWindow
EnableWindow
GetDC
ReleaseDC
GetClassInfoExW
RegisterWindowMessageW
GetSystemMetrics
SystemParametersInfoW
GetIconInfo
DestroyIcon
LoadImageW
CreateIconIndirect
SetPropW
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
CreatePopupMenu
InsertMenuW
CheckMenuItem
SetMenuDefaultItem
CheckMenuRadioItem
AppendMenuW
SetMenuItemInfoW
GetDlgItem
GetPropW
GetSysColorBrush
IsWindowEnabled
GetClientRect
SetWindowPos
FindWindowExW
GetComboBoxInfo
LockWindowUpdate
EnumChildWindows
SetClassLongPtrW
DefWindowProcW
ValidateRect
BeginPaint
SetWindowCompositionAttribute
CallWindowProcW
DrawIconEx
RemovePropW
GetDoubleClickTime
DrawTextW
EndPaint
CopyRect
CharUpperW
EnableMenuItem
CharLowerW
EnumDisplayDevicesW
LoadCursorW
EnumWindows
ShowWindow
EnumDisplaySettingsW
EnumDisplaySettingsExW
ChangeDisplaySettingsW
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
GetWindowRect
GetWindow
SetParent
DestroyMenu
GetKeyState
MessageBoxIndirectW
SetForegroundWindow
KillTimer
GetActiveWindow
GetMenu
GetWindowThreadProcessId
IsWindowVisible
LoadIconW
SetRectEmpty
MoveWindow
GetClassNameW
FindWindowW
GetDlgCtrlID
DestroyCursor
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ClientToScreen
CopyImage
GetForegroundWindow
IsIconic
SetCursor
WindowFromDC
gdi32
GetObjectType
OffsetViewportOrgEx
CreateDCW
SetViewportOrgEx
CreatePatternBrush
GetClipRgn
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetBrushOrgEx
CreateBitmap
GetDIBits
SetPixel
GetStockObject
CreateRectRgnIndirect
ExcludeClipRect
LineTo
MoveToEx
Rectangle
CreatePen
ExtTextOutW
FrameRgn
CreateRectRgn
GdiAlphaBlend
SetStretchBltMode
GetTextExtentPoint32W
AddFontResourceW
GetTextMetricsW
EnumFontFamiliesW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
SetBkColor
SetBkMode
CreateFontW
CreateFontIndirectW
CreateDIBSection
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreateSolidBrush
GetDeviceCaps
comdlg32
GetOpenFileNameW
GetSaveFileNameW
advapi32
SetNamedSecurityInfoW
RegEnumValueW
OpenProcessToken
GetTokenInformation
SetEntriesInAclW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
AllocateAndInitializeSid
CheckTokenMembership
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
IsWellKnownSid
DuplicateTokenEx
SetThreadToken
StartServiceW
QueryServiceStatus
RegCreateKeyW
RevertToSelf
CreateProcessWithTokenW
ControlService
RegQueryValueW
RegLoadKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
SetFileSecurityW
GetFileSecurityW
IsValidSecurityDescriptor
RegEnumKeyExW
comctl32
ImageList_Merge
ImageList_GetIcon
ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx
ord410
ImageList_Remove
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_Draw
ord412
ImageList_Create
ord413
ImageList_ReplaceIcon
ImageList_Replace
ImageList_AddMasked
ImageList_GetImageCount
oleaut32
SafeArrayUnlock
SafeArrayCreate
SafeArrayLock
VariantClear
SysFreeString
SafeArrayDestroy
SysAllocString
ntdll
RtlFreeUnicodeString
RtlIsNameInExpression
RtlUpcaseUnicodeString
RtlCreateUnicodeString
NtCreatePagingFile
NtSetInformationFile
RtlNtStatusToDosError
NtWriteFile
NtReadFile
NtTranslateFilePath
NtQueryInformationFile
NtFsControlFile
RtlRandom
RtlComputeCrc32
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
NtQueryInformationProcess
NtQueryVolumeInformationFile
RtlGetVersion
NtShutdownSystem
RtlGetNtVersionNumbers
RtlFreeHeap
NtClose
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlGetProcessHeaps
NtQuerySystemInformation
RtlAdjustPrivilege
ole32
CoInitialize
CoCreateInstance
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoUninitialize
RevokeDragDrop
shell32
SHDefExtractIconW
SHGetFileInfoW
SHGetImageList
SHGetStockIconInfo
ShellExecuteW
SHChangeNotify
ILCreateFromPath
ILFree
StrStrIW
SHParseDisplayName
SHCreateShellItem
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFormatDrive
ShellExecuteExW
shlwapi
StrFormatByteSizeW
PathCompactPathW
PathGetArgsW
StrCmpLogicalW
StrStrNIW
PathCompactPathExW
PathIsNetworkPathW
PathParseIconLocationW
PathRemoveExtensionW
StrTrimW
StrToIntExW
PathCombineW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx
PathSearchAndQualifyW
PathIsDirectoryW
PathStripToRootW
PathRemoveBackslashW
StrToIntW
PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
PathMatchSpecW
PathFindExtensionW
PathFileExistsW
PathAddBackslashW
cfgmgr32
CM_Get_Parent
CM_Get_Device_IDW
crypt32
CryptBinaryToStringW
rpcrt4
UuidCreate
setupapi
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDecompressOrCopyFileW
SetupDiGetDeviceInstanceIdW
SetupGetLineByIndexW
SetupGetFieldCount
SetupGetBinaryField
SetupGetMultiSzFieldW
SetupGetIntField
SetupEnumInfSectionsW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupIterateCabinetW
SetupCloseInfFile
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetLineCountW
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
uxtheme
DrawThemeText
GetThemeFont
DrawThemeBackground
BufferedPaintSetAlpha
GetThemePartSize
OpenThemeData
DrawThemeTextEx
EndBufferedPaint
SetWindowTheme
BufferedPaintInit
GetThemeInt
BeginBufferedPaint
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
wtsapi32
WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory
tools\x64\offreg
ORCloseHive
ORGetValue
ORQueryInfoKey
OREnumKey
OROpenKey
ORCloseKey
ORDeleteValue
ORSetValue
ORSaveHive
ORCreateKey
ORDeleteKey
ORCreateHive
OROpenHive
virtdisk
GetStorageDependencyInformation
CreateVirtualDisk
GetVirtualDiskOperationProgress
OpenVirtualDisk
AttachVirtualDisk
GetVirtualDiskPhysicalPath
DetachVirtualDisk
GetVirtualDiskInformation
cabinet
ord22
ord20
ord23
fltlib
FilterAttach
FilterLoad
Sections
.text Size: 818KB - Virtual size: 817KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 174KB - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 119KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ