Static task
static1
Behavioral task
behavioral1
Sample
33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa.exe
Resource
win10v2004-20231020-en
General
-
Target
33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa
-
Size
1.5MB
-
MD5
d95a9be3eba191d92d693b2247d6d04e
-
SHA1
dba56f893981220a20bcd6237ac6c4e2b7eb05a6
-
SHA256
33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa
-
SHA512
168fba32023737005d2cb5be96a93b0dfbed3f515d74b524b515526391c88617f7be0bc625d295b54325122d087c894cf3399d643ee208f50aa130be545d5797
-
SSDEEP
24576:H+U9ls+7m66pEDUp8g6b3enwMx/4qUIGFma:HlKXpEDTg6b3ewMx/4qU3Fm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa
Files
-
33ca59f2e3b2c5bc22dbb352c856012a958939afeb9b35d118521299d519cefa.exe windows:5 windows x86
a857bb33efa6a22bb7d9dc677392de57
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
icodm
CODMDeleteProtectPid
CODMSetVolumeKey
CODMStopProtect
CODMDeleteAllProtectPid
CODMAddProtectPid
CODMStartProtect
CODMInitialize
CODMClearPolicy
CODMAddAcePolicy
CODMDelProcPolicyByPid
cefsdpacket
DPDismountAll
DPMountVolume
DPDismountVolume
psapi
GetModuleFileNameExW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wtsapi32
WTSQuerySessionInformationW
WTSFreeMemory
mfc90u
ord4171
ord6514
ord12266
ord13283
ord10407
ord11241
ord11237
ord8448
ord6013
ord6693
ord6699
ord5939
ord5938
ord4234
ord575
ord777
ord4034
ord2470
ord2971
ord4351
ord3932
ord1224
ord3109
ord3715
ord3380
ord2264
ord5068
ord5095
ord3653
ord4701
ord5153
ord1718
ord1880
ord1888
ord5035
ord1876
ord2121
ord6618
ord6616
ord2110
ord2089
ord2655
ord6159
ord1447
ord984
ord2205
ord2240
ord2241
ord4169
ord3064
ord6668
ord6664
ord6519
ord6622
ord6624
ord3252
ord693
ord3563
ord4262
ord6353
ord6485
ord9356
ord7629
ord7631
ord11516
ord11616
ord9515
ord6859
ord7154
ord6932
ord7205
ord585
ord788
ord6960
ord7043
ord7259
ord586
ord790
ord7303
ord7185
ord12942
ord5388
ord10507
ord9673
ord12789
ord9477
ord13009
ord10008
ord7928
ord12867
ord12944
ord8372
ord8188
ord12799
ord8344
ord7049
ord8634
ord12240
ord10582
ord6225
ord4175
ord11963
ord13045
ord7818
ord8663
ord8664
ord12497
ord7068
ord7275
ord11942
ord4127
ord2762
ord4451
ord2340
ord2341
ord6517
ord2522
ord6575
ord12115
ord10470
ord6160
ord12273
ord5320
ord11638
ord10458
ord3225
ord6375
ord13284
ord9728
ord1380
ord2369
ord5598
ord4344
ord1681
ord9922
ord2650
ord2651
ord3287
ord12359
ord980
ord6381
ord3230
ord6379
ord3229
ord11881
ord3232
ord10223
ord12117
ord2860
ord8147
ord2445
ord5354
ord4985
ord7546
ord11567
ord7539
ord8810
ord7426
ord10453
ord10809
ord11935
ord4807
ord7044
ord7260
ord9581
ord10534
ord13049
ord11954
ord8613
ord13005
ord8423
ord7588
ord12702
ord13177
ord11450
ord9329
ord11545
ord9320
ord11435
ord9220
ord12662
ord11671
ord12298
ord9875
ord12862
ord12861
ord7799
ord13019
ord9661
ord12370
ord7511
ord7512
ord9793
ord9794
ord12486
ord12428
ord8172
ord13141
ord9332
ord9333
ord9326
ord13016
ord9324
ord13014
ord9896
ord13015
ord13013
ord9322
ord9312
ord13011
ord9330
ord13021
ord9321
ord9894
ord8422
ord13166
ord12495
ord8388
ord9318
ord9313
ord8440
ord12704
ord12705
ord9684
ord13012
ord8550
ord7656
ord8760
ord8759
ord8853
ord13205
ord10216
ord8858
ord8552
ord8553
ord12887
ord9898
ord9698
ord9817
ord10624
ord10634
ord7772
ord9327
ord8140
ord9744
ord7591
ord9854
ord8254
ord8277
ord8310
ord782
ord580
ord333
ord3488
ord6094
ord2800
ord2694
ord6349
ord405
ord664
ord3360
ord2209
ord3146
ord4398
ord712
ord1779
ord1708
ord3627
ord750
ord1250
ord7929
ord2356
ord8340
ord8342
ord12714
ord2495
ord3108
ord1254
ord1486
ord5182
ord3933
ord5907
ord3590
ord6131
ord4741
ord2901
ord1298
ord2910
ord2501
ord1329
ord5867
ord2676
ord4823
ord4820
ord4802
ord4805
ord4800
ord5297
ord5294
ord4378
ord5601
ord3681
ord1441
ord4693
ord2146
ord1357
ord1108
ord988
ord12730
ord5020
ord4543
ord4773
ord2232
ord7638
ord5624
ord619
ord2130
ord3577
ord2282
ord4512
ord7263
ord7047
ord555
ord793
ord588
ord4042
ord4895
ord3948
ord4994
ord2859
ord2867
ord6762
ord2204
ord2239
ord5606
ord6044
ord1462
ord5861
ord3009
ord5945
ord5171
ord2090
ord4641
ord3340
ord3035
ord6439
ord6553
ord4906
ord4684
ord5285
ord4677
ord5137
ord650
ord388
ord4004
ord3803
ord4405
ord3515
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord8452
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord9272
ord935
ord5675
ord5567
ord617
ord341
ord996
ord6230
ord9474
ord9636
ord13051
ord9769
ord9767
ord9761
ord9747
ord4441
ord6482
ord1098
ord1186
ord4211
ord5851
ord2702
ord7332
ord7138
ord4043
ord5632
ord4631
ord5324
ord1810
ord1809
ord3353
ord6408
ord1492
ord5653
ord4682
ord5008
ord4516
ord2360
ord6604
ord6579
ord2904
ord5167
ord4000
ord1938
ord778
ord3654
ord4660
ord1719
ord2283
ord654
ord3528
ord639
ord374
ord3794
ord1675
ord266
ord265
ord4442
ord1599
ord2596
ord813
ord2326
ord285
ord3220
ord1607
ord1144
ord4130
ord1354
ord1137
ord6065
ord613
ord2597
ord337
ord2069
ord2263
ord6187
ord4131
ord2592
ord4044
ord3537
ord3543
ord2106
ord1183
ord3486
ord636
ord464
ord7256
ord7039
ord3944
ord4993
ord1571
ord6034
ord4505
ord2919
ord5904
ord999
ord3331
ord3031
ord4449
ord3235
ord4683
ord3647
ord4206
ord2372
ord1383
msvcr90
vswprintf_s
_purecall
_vscwprintf
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memcmp
_wcsnicmp
wcspbrk
wcslen
towlower
iswspace
wcschr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
atoi
memmove_s
rand
_recalloc
calloc
_resetstkoflw
_time64
srand
memcpy_s
_beginthreadex
wcscpy_s
free
malloc
_wtol
_vswprintf_c_l
exit
__wargv
__argc
setlocale
wprintf
?what@exception@std@@UBEPBDXZ
wcsncpy
_wtoi
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_vswprintf
swscanf
_wcsicmp
_vsnprintf
wcsrchr
_wcsupr
wcsstr
_vsnwprintf
_local_unwind4
kernel32
GetCurrentThreadId
CreateFileW
WriteFile
ReadFile
SetEvent
SleepEx
GetCurrentProcessId
OpenProcess
WaitForSingleObject
IsWow64Process
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CloseHandle
OutputDebugStringA
Process32FirstW
Process32NextW
CreateEventW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemDirectoryW
lstrlenW
GetTickCount
TerminateProcess
GetFileAttributesW
GetLocalTime
GetPrivateProfileStringW
WritePrivateProfileStringW
Sleep
SetLastError
SetFileAttributesW
lstrcmpW
GetModuleHandleW
CreateDirectoryW
GetFileAttributesExW
MoveFileExW
SetFilePointer
WaitForMultipleObjects
DeviceIoControl
FormatMessageW
LoadLibraryExW
lstrcpyW
HeapFree
GetProcessHeap
RaiseException
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
lstrcmpiW
lstrlenA
lstrcpyA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryW
GetVersionExW
OpenMutexW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
GetPrivateProfileIntW
OutputDebugStringW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
ResetEvent
ExitProcess
GetNativeSystemInfo
GetFileSize
MultiByteToWideChar
OpenEventW
TerminateThread
GetProcessId
GetCurrentProcess
CreateProcessW
MoveFileW
GetTempPathW
DeleteFileW
GetLogicalDrives
QueryDosDeviceW
CreateThread
GlobalAlloc
GetLongPathNameW
ReleaseMutex
CreateMutexW
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
WideCharToMultiByte
user32
LoadIconW
GetWindowRect
GetClientRect
GetParent
InvalidateRect
GetSysColor
InsertMenuW
CopyRect
EnableWindow
DeleteMenu
MessageBoxW
SetForegroundWindow
GetSubMenu
DrawIcon
BringWindowToTop
EnumChildWindows
GetClassNameW
ShowWindow
GetWindow
GetWindowTextW
GetWindowThreadProcessId
GetTopWindow
SendMessageTimeoutW
PostMessageW
GetClassLongW
IsWindowVisible
SetWindowPos
ReleaseDC
GetDC
AnimateWindow
SetClassLongW
SendMessageW
SetRectEmpty
PtInRect
ReleaseCapture
IsWindowEnabled
GetMenuStringW
GetMenuItemID
ClientToScreen
RemoveMenu
AdjustWindowRectEx
SetTimer
EndDeferWindowPos
BeginDeferWindowPos
EqualRect
InflateRect
RedrawWindow
wsprintfW
GetLastInputInfo
MapWindowPoints
GetMessagePos
KillTimer
GetDesktopWindow
AppendMenuW
EnableMenuItem
CheckMenuRadioItem
LoadMenuW
LoadBitmapW
IsWindow
UpdateWindow
FindWindowW
gdi32
GetObjectW
DeleteObject
TextOutW
GetTextExtentPoint32W
CreateFontIndirectW
SelectObject
CreateFontW
BitBlt
PatBlt
DeleteDC
SetDIBColorTable
CreateDIBSection
StretchBlt
CreateSolidBrush
CreateCompatibleDC
comdlg32
GetFileTitleW
GetOpenFileNameW
advapi32
StartServiceW
RegCloseKey
RegSetValueExW
LookupAccountSidW
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
GetUserNameW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
ChangeServiceConfig2W
DeleteService
ControlService
EnumServicesStatusW
CreateServiceW
QueryServiceStatus
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
shell32
SHGetFileInfoW
FindExecutableW
ExtractIconW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
SHChangeNotify
SHGetDesktopFolder
SHGetSpecialFolderPathW
comctl32
InitCommonControlsEx
_TrackMouseEvent
shlwapi
PathFileExistsW
AssocQueryStringW
ole32
CoCreateGuid
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
oleaut32
VariantClear
SysFreeString
SysAllocString
GetErrorInfo
urlmon
URLDownloadToFileW
ws2_32
WSACleanup
gethostbyname
WSAGetLastError
gethostname
WSAStartup
gdiplus
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
msvcp90
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
mpr
WNetGetConnectionW
iphlpapi
GetAdaptersInfo
wininet
DeleteUrlCacheEntryW
winhttp
WinHttpQueryOption
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpSendRequest
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
crypt32
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
Sections
.text Size: 439KB - Virtual size: 439KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 225KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 804KB - Virtual size: 804KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ