Static task
static1
Behavioral task
behavioral1
Sample
d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70
-
Size
656KB
-
MD5
48b69683ca90a3d545a35bf2774b4507
-
SHA1
26bf97cb0539b50f063c651f35cdabc15d9b4858
-
SHA256
d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70
-
SHA512
562252ba0ac9a63d4616421e895701156a998a96a1fe0b9292bc5ee1532798dcf9f06fbd3ffb3c14c3d5553ae414db76e810de5972e894e5734fd2eb1a012df8
-
SSDEEP
12288:ofeFC7odSbtIcluQX96b7p80PAL1uNcmfdT49ZbBw/V3jcou:ofeFC7od6tIclu4IPpFPAhuGmf+Z9Odc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70
Files
-
d7a4b9acddb2dfcad3ec7b9dde3b30ee48186272d64ea4b76c45bc699084bb70.exe windows:4 windows x86
5b07630e79060d9f0e905199437327f3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
TerminateThread
Sleep
GetWindowsDirectoryA
GetVolumeInformationA
CreateMutexA
GetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
WinExec
GetExitCodeThread
GetDriveTypeA
CreateThread
GetCurrentThreadId
WaitForSingleObject
GetTickCount
GetModuleHandleA
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoA
user32
GetDC
CreateWindowExA
GetSystemMetrics
RegisterClassA
RegisterClassExA
LoadImageA
LoadCursorA
LoadIconA
DefWindowProcA
DispatchMessageA
TranslateMessage
ReleaseDC
GetCursorPos
ScreenToClient
SetTimer
SetWindowTextA
MessageBoxA
EndDialog
PostMessageA
SendMessageA
GetParent
SendDlgItemMessageA
CallWindowProcA
SetWindowLongA
GetClientRect
SetDlgItemTextA
CreateDialogParamA
GetWindowRect
ClientToScreen
MoveWindow
KillTimer
GetDlgItem
SetFocus
PeekMessageA
UpdateWindow
GetDlgItemTextA
ShowWindow
DestroyWindow
wsprintfA
SetWindowPos
EnableWindow
gdi32
GetPixel
TextOutA
PatBlt
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
DeleteDC
SetDIBitsToDevice
SetTextColor
advapi32
GetUserNameA
RegOpenKeyExA
comctl32
ord17
winmm
mciSendCommandA
wsock32
inet_addr
WSACleanup
gethostbyname
WSAStartup
closesocket
listen
gethostname
WSAAsyncSelect
bind
htons
htonl
socket
WSAGetLastError
connect
ioctlsocket
setsockopt
recv
sendto
recvfrom
send
accept
__WSAFDIsSet
select
ntohs
dsound
ord1
ddraw
DirectDrawCreate
ace
??1ACE_RW_Mutex@@QAE@XZ
??1ACE_Errno_Guard@@QAE@XZ
?sprintf@ACE_OS@@SAHPADPBDZZ
?strdup@ACE_OS_String@@SAPADPBD@Z
?strsncpy@ACE_OS_String@@SAPADPADPBDI@Z
?get_remote_addr@ACE_SOCK@@QBEHAAVACE_Addr@@@Z
?disable@ACE_IPC_SAP@@QBEHH@Z
?connect@ACE_SOCK_Connector@@QAEHAAVACE_SOCK_Stream@@ABVACE_Addr@@PBVACE_Time_Value@@1HHHHH@Z
??AACE_Synch_Options@@QBEHK@Z
??1ACE_Message_Block@@UAE@XZ
?max_time@ACE_Time_Value@@2V1@B
??0ACE_Message_Block@@QAE@IHPAV0@PBDPAVACE_Allocator@@PAVACE_Lock@@KABVACE_Time_Value@@422@Z
?copy@ACE_Message_Block@@QAEHPBDI@Z
?clone@ACE_Message_Block@@UBEPAV1@K@Z
?set@ACE_INET_Addr@@QAEHGQBDH@Z
??0ACE_Service_Object@@QAE@PAVACE_Reactor@@@Z
??0ACE_RW_Thread_Mutex@@QAE@PBDPAX@Z
?sap_any@ACE_Addr@@2V1@B
?defaults@ACE_Synch_Options@@2V1@A
??1ACE_Service_Object@@UAE@XZ
??1ACE_RW_Thread_Mutex@@QAE@XZ
??1ACE_SOCK_Connector@@QAE@XZ
??1ACE_Event@@QAE@XZ
??1ACE_Reactor_Notification_Strategy@@UAE@XZ
??0ACE_Reactor_Notification_Strategy@@QAE@PAVACE_Reactor@@PAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHPAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHXZ
??_7ACE_INET_Addr@@6B@
??1ACE_Addr@@UAE@XZ
?close@ACE_SOCK_Stream@@QAEHXZ
?instance@ACE_Reactor@@SAPAV1@XZ
??0ACE_SOCK@@IAE@XZ
??0ACE_INET_Addr@@QAE@XZ
??1ACE_SOCK_Stream@@QAE@XZ
??1ACE_INET_Addr@@UAE@XZ
??1ACE_Manual_Event@@QAE@XZ
??0ACE_Manual_Event@@QAE@HHPBDPAX@Z
?signal@ACE_Condition_Thread_Mutex@@QAEHXZ
?wait@ACE_Condition_Thread_Mutex@@QAEHPBVACE_Time_Value@@@Z
?broadcast@ACE_Condition_Thread_Mutex@@QAEHXZ
?dump@ACE_Condition_Thread_Mutex@@QBEXXZ
?total_size@ACE_Message_Block@@QBEIXZ
?total_length@ACE_Message_Block@@QBEIXZ
?release@ACE_Message_Block@@QAEPAV1@XZ
??0ACE_Task_Base@@QAE@PAVACE_Thread_Manager@@@Z
??_7ACE_Message_Queue_Base@@6B@
??0ACE_Condition_Thread_Mutex@@QAE@ABVACE_Thread_Mutex@@PBDPAX@Z
??1ACE_Message_Queue_Base@@UAE@XZ
?time_value@ACE_Synch_Options@@QBEPBVACE_Time_Value@@XZ
?arg@ACE_Synch_Options@@QBEPBXXZ
??0ACE_Time_Value@@QAE@ABU_FILETIME@@@Z
?normalize@ACE_Time_Value@@AAEXXZ
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@@Z
?cond_timedwait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@PAVACE_Time_Value@@@Z
?acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ
?release@ACE_Recursive_Thread_Mutex@@QAEHXZ
?cond_destroy@ACE_OS@@SAHPAVACE_cond_t@@@Z
?cond_broadcast@ACE_OS@@SAHPAVACE_cond_t@@@Z
??1ACE_Task_Base@@UAE@XZ
?open@ACE_Task_Base@@UAEHPAX@Z
?close@ACE_Task_Base@@UAEHK@Z
?svc@ACE_Task_Base@@UAEHXZ
??0ACE_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??0ACE_Recursive_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
?cond_init@ACE_OS@@SAHPAVACE_cond_t@@FPBDPAX@Z
?instance@ACE_Log_Msg@@SAPAV1@XZ
?conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z
?log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ
??1ACE_Recursive_Thread_Mutex@@QAE@XZ
??1ACE_Thread_Mutex@@QAE@XZ
?get_handle@ACE_Event_Handler@@UBEPAXXZ
?set_handle@ACE_Event_Handler@@UAEXPAX@Z
?priority@ACE_Event_Handler@@UAEXH@Z
?priority@ACE_Event_Handler@@UBEHXZ
?handle_input@ACE_Event_Handler@@UAEHPAX@Z
?handle_output@ACE_Event_Handler@@UAEHPAX@Z
?handle_exception@ACE_Event_Handler@@UAEHPAX@Z
?handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time_Value@@PBX@Z
?handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process@@@Z
?handle_close@ACE_Event_Handler@@UAEHPAXK@Z
?handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_t@@PAH@Z
?resume_handler@ACE_Event_Handler@@UAEHXZ
?handle_qos@ACE_Event_Handler@@UAEHPAX@Z
?handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z
?reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ
?reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z
?suspend@ACE_Task_Base@@UAEHXZ
?resume@ACE_Task_Base@@UAEHXZ
?module_closed@ACE_Task_Base@@UAEHXZ
?put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVACE_Time_Value@@@Z
?activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQAK@Z
?wait@ACE_Task_Base@@UAEHXZ
?init@ACE_Shared_Object@@UAEHHQAPAD@Z
?fini@ACE_Shared_Object@@UAEHXZ
?info@ACE_Shared_Object@@UBEHPAPADI@Z
?fini@ACE_Init_ACE@@SAHXZ
?init@ACE_Init_ACE@@SAHXZ
?instance@ACE_Dynamic@@SAPAV1@XZ
?rw_unlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?rw_wrlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?mutex_unlock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAUACE_mutex_t@@@Z
?mutex_lock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
??0ACE_Handler@@QAE@XZ
??1ACE_Handler@@UAE@XZ
?handle_read_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Stream@@@Z
?handle_write_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Dgram@@@Z
?handle_read_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Dgram@@@Z
?handle_write_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Stream@@@Z
?handle_read_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_File@@@Z
?handle_write_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_File@@@Z
?handle_accept@ACE_Handler@@UAEXABVResult@ACE_Asynch_Accept@@@Z
?handle_transmit_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Transmit_File@@@Z
?handle_time_out@ACE_Handler@@UAEXABVACE_Time_Value@@PBX@Z
?handle_wakeup@ACE_Handler@@UAEXXZ
?handle@ACE_Handler@@UAEXPAX@Z
?handle@ACE_Handler@@UBEPAXXZ
??0ACE_Event_Handler@@IAE@PAVACE_Reactor@@H@Z
??1ACE_Event_Handler@@UAE@XZ
??1ACE_Sig_Set@@QAE@XZ
?check_reconfiguration@ACE_Reactor@@SAHPAX@Z
?signal@ACE_Event@@QAEHXZ
?wait@ACE_Event@@QAEHXZ
?instance@ACE_Allocator@@SAPAV1@XZ
??1ACE_Condition_Thread_Mutex@@QAE@XZ
?cond_signal@ACE_OS@@SAHPAVACE_cond_t@@@Z
?enable@ACE_IPC_SAP@@QBEHH@Z
?recv@ACE@@SAHPAX0IHPBVACE_Time_Value@@@Z
?send_n_i@ACE@@CAHPAXPBXIPAI@Z
?zero@ACE_Time_Value@@2V1@B
msvcrt
_strcmpi
fclose
__p__commode
__p__fmode
fseek
fopen
_adjust_fdiv
localtime
fread
rand
vsprintf
time
_tzset
fwrite
malloc
fgetc
free
__CxxFrameHandler
atoi
??3@YAXPAX@Z
??2@YAPAXI@Z
strtok
_itoa
strncmp
strncpy
srand
fprintf
strpbrk
strncat
ftell
strftime
_ftol
exit
memmove
_purecall
_errno
isdigit
memchr
__dllonexit
_onexit
_exit
_XcptFilter
_controlfp
_except_handler3
__set_app_type
_acmdln
_initterm
__setusermatherr
__getmainargs
msvcp60
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstream@std@@UAE@XZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1ostrstream@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1istrstream@std@@UAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Xlen@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1strstreambuf@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
ws2_32
WSAEventSelect
Sections
.text Size: 528KB - Virtual size: 527KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 32KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE