Static task
static1
Behavioral task
behavioral1
Sample
071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b
-
Size
13.3MB
-
MD5
de3da8fd9662217cf09cfb107fc8b317
-
SHA1
aac9e1af2732f91f76d9025a912e84bbee16886e
-
SHA256
071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b
-
SHA512
68c258cbfb8392d112dcc655174dd25efd0a2136a86870bcb5cc15d3b45a5b21a2421617142bb160b24f64d6be58f6b2def1cadb9eb91da0d9672b2f524f411a
-
SSDEEP
196608:kPc6p0IHMDJa7E1/YgmqypBXsCTtAWFxrqN9HxbJsmfkKY:kPcu0IHME7txB0IxrqN9H1Js6kF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b
Files
-
071ef50af91c3648ebe2cf2c4335e403cdcc0ddc979ff599fc7151b41d72df8b.exe windows:6 windows x86
a0ace36f6e5c8b28aa2dcb2f4f701d55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW
SHBrowseForFolderW
ord74
DragQueryFileW
SHGetFileInfoW
ord727
ord190
ord155
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
CommandLineToArgvW
rpcrt4
UuidToStringW
UuidCreate
UuidCompare
RpcStringFreeW
UuidFromStringW
psapi
EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW
ws2_32
WSAAddressToStringW
WSAStringToAddressW
WSAGetLastError
socket
htonl
htons
bind
closesocket
listen
ntohs
gethostbyname
inet_ntoa
accept
setsockopt
connect
select
recv
send
shutdown
gethostname
ioctlsocket
freeaddrinfo
getaddrinfo
__WSAFDIsSet
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
WSAStartup
WSACleanup
inet_addr
kernel32
lstrcmpW
OutputDebugStringW
WaitForMultipleObjectsEx
CreateSemaphoreA
Module32FirstW
Module32NextW
CreateMutexW
IsDebuggerPresent
FindFirstVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetFileType
FindNextVolumeW
GetVolumeInformationByHandleW
GetFileSize
SetEndOfFile
OpenMutexW
ReleaseMutex
TryEnterCriticalSection
CreateThread
TerminateThread
SetThreadPriority
GetThreadPriority
ExitThread
lstrlenW
GetSystemDefaultUILanguage
GetCommandLineW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
CreateEventW
OpenEventW
SetEvent
ResetEvent
GetProcessTimes
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
RegisterWaitForSingleObject
UnregisterWaitEx
lstrlenA
GlobalSize
WaitForMultipleObjects
CreateSemaphoreW
ReadProcessMemory
VirtualQuery
SetUnhandledExceptionFilter
SetFilePointerEx
GetFileInformationByHandle
GetStartupInfoW
InitializeSListHead
DuplicateHandle
TerminateProcess
GetBinaryTypeW
GetUserGeoID
GetNumberFormatW
GetGeoInfoW
GetSystemWindowsDirectoryW
GetComputerNameW
LoadLibraryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetDllDirectoryW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetTimeZoneInformation
GetUserDefaultUILanguage
GetFileTime
GetDriveTypeW
GetWindowsDirectoryW
GetCurrentDirectoryW
SetFilePointer
WriteFile
GetLongPathNameW
GetFullPathNameW
ReadFile
CompareStringW
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetTempPathW
QueryDosDeviceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreatePipe
SetSystemTime
MulDiv
GetModuleHandleExW
GetDiskFreeSpaceExW
GetDateFormatW
GetTimeFormatW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetLastError
GetVolumeInformationW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
DeviceIoControl
GlobalMemoryStatusEx
GetCurrentProcess
GetExitCodeProcess
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
GetSystemInfo
GetThreadContext
ResumeThread
GetSystemDefaultLCID
ExpandEnvironmentStringsW
OpenProcess
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
WTSGetActiveConsoleSessionId
GetCurrentProcessId
ProcessIdToSessionId
WideCharToMultiByte
RemoveDirectoryW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
WaitForSingleObject
FormatMessageW
LocalAlloc
CopyFileW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesW
GetTickCount
DecodePointer
GetCurrentThreadId
SetErrorMode
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryExW
CompareFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
CreateProcessW
SetFileInformationByHandle
MoveFileW
CloseHandle
CreateFileW
DeleteFileW
SetFileAttributesW
GetModuleFileNameW
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
LocalFree
GetLastError
UnhandledExceptionFilter
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
FlushInstructionCache
TlsAlloc
QueueUserWorkItem
IsProcessorFeaturePresent
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
lstrcmpA
LCMapStringA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
FormatMessageA
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsW
GetCurrencyFormatW
AllocConsole
GetModuleFileNameA
BackupWrite
BackupRead
GetLocaleInfoA
GetSystemDirectoryA
LoadLibraryA
InterlockedExchange
DeleteVolumeMountPointW
MapViewOfFileEx
InterlockedDecrement
InterlockedIncrement
GetVolumeNameForVolumeMountPointW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
LoadLibraryExA
VirtualProtect
LCMapStringW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
GetUserDefaultLangID
ExitProcess
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalSize
CompareStringA
user32
SetClipboardData
CloseClipboard
PostThreadMessageW
CharPrevW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
OpenClipboard
GetMessageA
GetMessageW
DispatchMessageA
PeekMessageW
LoadIconW
IsCharAlphaNumericW
UnregisterClassW
CharNextW
DestroyWindow
LoadImageW
ShowWindow
EnableMenuItem
GetMenuItemCount
GetSystemMenu
GetSystemMetrics
IsWindow
SendMessageW
PostMessageW
wsprintfW
GetClipboardSequenceNumber
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
UpdateLayeredWindow
SetCaretPos
CreateCaret
GetKeyboardLayout
DestroyCaret
LoadStringW
RedrawWindow
RegisterClassW
BeginPaint
EndPaint
SetParent
AllowSetForegroundWindow
MessageBeep
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
GetSysColor
SetScrollInfo
DeferWindowPos
GetScrollInfo
WindowFromPoint
BeginDeferWindowPos
GetAsyncKeyState
GetCapture
IsChild
GetDoubleClickTime
MoveWindow
GetMessageTime
MessageBoxW
SetCapture
EndDeferWindowPos
EnumThreadWindows
GetClassLongW
ReleaseCapture
InvalidateRect
EnumDisplayMonitors
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowPlacement
MonitorFromPoint
DeleteMenu
TrackPopupMenuEx
GetMenuItemID
KillTimer
IsZoomed
GetKeyState
GetWindowTextW
OffsetRect
EqualRect
GetLayeredWindowAttributes
GetFocus
GetAncestor
CreateWindowExW
IsMenu
GetMenuState
FlashWindowEx
UpdateWindow
EnableWindow
SetWindowTextW
SetTimer
NotifyWinEvent
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
AdjustWindowRectEx
WaitMessage
GetActiveWindow
GetWindowDC
SetFocus
PostQuitMessage
AnimateWindow
RegisterClassExW
GetClassInfoExW
GetWindow
EnumDisplayDevicesW
LoadCursorFromFileA
DestroyCursor
SendMessageTimeoutW
CopyRect
SetCursor
SetClassLongW
LoadCursorW
ClientToScreen
PtInRect
GetCursorPos
RegisterWindowMessageW
CallWindowProcW
SetWindowLongW
EmptyClipboard
SetActiveWindow
SetWindowPos
SetForegroundWindow
GetForegroundWindow
FlashWindow
IsIconic
IsWindowVisible
FindWindowW
GetWindowLongW
FindWindowExW
AttachThreadInput
GetWindowThreadProcessId
MonitorFromWindow
ScreenToClient
ReleaseDC
GetDC
GetDesktopWindow
SystemParametersInfoW
DispatchMessageW
IsRectEmpty
DefWindowProcW
TranslateMessage
gdi32
SaveDC
SetViewportOrgEx
RestoreDC
BitBlt
GetFontUnicodeRanges
CreateFontW
GetObjectA
GetGlyphIndicesW
GetClipBox
GetStockObject
CreateBitmap
GetDeviceCaps
GetObjectW
SetLayout
AddFontMemResourceEx
CreateCompatibleDC
CreateDIBSection
SelectObject
StartPage
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
GetLayout
DeleteDC
DeleteObject
GetDIBits
EnumFontFamiliesExW
advapi32
EqualSid
AccessCheck
SetThreadToken
EnableTraceEx
RegNotifyChangeKeyValue
DeleteService
ControlService
RegUnLoadKeyW
RegLoadKeyW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
LookupAccountSidW
GetKernelObjectSecurity
SetKernelObjectSecurity
LookupPrivilegeNameW
QueryServiceStatusEx
CloseServiceHandle
MakeAbsoluteSD
RegOpenKeyW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
ImpersonateSelf
RegEnumValueW
RegQueryValueExW
InitiateSystemShutdownW
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenThreadToken
ConvertSidToStringSidW
CreateProcessAsUserW
SetTokenInformation
StartServiceW
OpenServiceW
OpenSCManagerW
InitiateSystemShutdownExW
RegDisablePredefinedCache
QueryServiceStatus
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
AddAce
InitializeAcl
RegEnumKeyW
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenProcessToken
EnumerateTraceGuids
QueryTraceW
FlushTraceW
StopTraceW
EnableTrace
StartTraceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
ControlTraceW
TraceMessage
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
GetNamedSecurityInfoW
ChangeServiceConfigW
QueryServiceConfigW
CreateServiceW
GetUserNameW
ole32
CoCreateInstance
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
RevokeDragDrop
RegisterDragDrop
CoTaskMemRealloc
DoDragDrop
OleRun
PropVariantCopy
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
StringFromIID
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
IIDFromString
oleaut32
SafeArrayCopy
SafeArrayCreateVector
SafeArrayRedim
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnlock
SafeArrayCreate
VariantCopyInd
SysStringByteLen
SysAllocStringByteLen
VarBstrFromDate
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo
SafeArrayDestroy
shlwapi
PathAddBackslashW
PathMatchSpecW
PathFileExistsW
PathRemoveFileSpecW
UrlEscapeW
ord12
PathCombineW
PathFindOnPathW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathIsUNCServerW
SHDeleteKeyW
PathSkipRootW
PathIsUNCW
PathIsURLW
UrlCanonicalizeW
imm32
ImmAssociateContextEx
ImmIsIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME
gdiplus
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipSetPathGradientTransform
GdipSetPathGradientCenterPoint
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipSetLineWrapMode
GdipDeletePen
GdipCreateMatrix2
GdipMultiplyLineTransform
GdipCreateLineBrush
GdipGetClipBoundsI
GdipFillPath
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeleteFontFamily
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetLinePresetBlend
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDrawDriverString
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipCreateBitmapFromGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFont
GdipSetPenDashOffset
GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenStartCap
GdipSetPenEndCap
GdipCreatePen2
GdipGetFontStyle
GdipAddPathString
GdipDrawString
GdipGetCellDescent
GdipGetEmHeight
GdipGetFontSize
GdipGetCellAscent
GdipGetFamily
GdipCreatePen1
GdipCloneBrush
setupapi
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
msi
ord205
comdlg32
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
Sections
.text Size: 6.5MB - Virtual size: 6.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IPPCODE Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 221KB - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE