Static task
static1
Behavioral task
behavioral1
Sample
f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d.exe
Resource
win10v2004-20230915-en
General
-
Target
f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d
-
Size
10.8MB
-
MD5
7102d2244d95e79ba7e531ef5b3e661c
-
SHA1
d56784ad0b5db857797f3e99ff35cf06552a3395
-
SHA256
f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d
-
SHA512
b8931ab09593acb980f4fc139af4427c62bc46d500b8fa9d8ae9efad95df34ddc48855efe7699fc0ad107ead49f958081a5554c1631fbd2b7665458800255456
-
SSDEEP
196608:N+7/8BjMZyubWo2J5lZL7tfrs/IDah12W2Q1uWY+2+7o/FNcD051uc5gFu:07/UIZdio0f4IayW2QdYjTdAg1uc2F
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d
Files
-
f48d65911c0004a40713ca4a7cd0ceffbf9175da621644b7f50f748a3a59c84d.exe windows:5 windows x86
ac298ff15e3764141d0eb64fdee5bf50
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStdHandle
OpenFileMappingW
MapViewOfFile
VirtualQuery
UnmapViewOfFile
GetVersionExW
SystemTimeToFileTime
LocalFileTimeToFileTime
WriteFile
GetCurrentProcessId
Sleep
OutputDebugStringA
RaiseException
GetShortPathNameW
GetFileAttributesW
GetModuleFileNameW
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
LocalAlloc
FormatMessageW
InterlockedIncrement
ReadFile
GetFileSize
SetFilePointer
CreateFileW
CloseHandle
InterlockedDecrement
GetCurrentProcess
TerminateProcess
GetCommandLineW
LocalFree
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
CopyFileW
FreeResource
DeleteFileW
SizeofResource
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
LoadLibraryA
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetTickCount
SetLastError
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFileTime
lstrlenW
user32
GetUserObjectInformationW
wsprintfW
GetProcessWindowStation
GetDesktopWindow
MessageBoxW
MessageBoxA
advapi32
ReportEventA
DeregisterEventSource
RegisterEventSourceA
CreateServiceW
CloseServiceHandle
StartServiceW
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
shell32
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
oleaut32
GetErrorInfo
CreateErrorInfo
VariantChangeType
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
msvcp90
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flags@ios_base@std@@QBEHXZ
?uncaught_exception@std@@YA_NXZ
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?infinity@?$numeric_limits@N@std@@SANXZ
?max@?$numeric_limits@N@std@@SANXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Bios_base@std@@QBEPAXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
shlwapi
PathFileExistsW
PathIsRootW
PathFindFileNameW
PathFindNextComponentW
ws2_32
WSAStartup
WSASetLastError
WSACleanup
__WSAFDIsSet
WSAGetLastError
select
shutdown
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
wldap32
ord143
ord211
ord50
ord26
ord30
ord200
ord60
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord22
msvcr90
__sys_nerr
_close
_write
_read
_strdup
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_CxxThrowException
__CxxFrameHandler3
_fseeki64
_ftelli64
abort
_getch
signal
fprintf
strcmp
_stricmp
??3@YAXPAX@Z
memcpy_s
??2@YAPAXI@Z
fopen
fwrite
fclose
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@XZ
wcsstr
_invalid_parameter_noinfo
free
_recalloc
calloc
_vscwprintf
vswprintf_s
realloc
memmove
malloc
wcschr
wcsnlen
_wfopen
swprintf_s
_wcsicmp
wcscpy_s
_waccess
_wmkdir
wcsrchr
wcscat_s
_wsplitpath_s
sscanf
tolower
iswspace
_mbsinc
_ismbcspace
_time64
ftell
fseek
fflush
fread
atoi
sprintf
_beginthreadex
toupper
_vsnprintf
strstr
memset
_stat64
memcpy
strrchr
strchr
__iob_func
strtoul
isxdigit
_errno
strncpy
strtol
isalpha
strncmp
strpbrk
_strtoi64
qsort
fputs
fgets
isdigit
fputc
strerror
??_V@YAXPAX@Z
isalnum
isspace
_getpid
memchr
_fstat64
_lseeki64
getenv
_gmtime64
isupper
islower
isprint
isgraph
_stat64i32
_open
_strnicmp
_exit
raise
ferror
_setmode
_fileno
feof
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 336KB - Virtual size: 335KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 35KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9.3MB - Virtual size: 9.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ