Static task
static1
Behavioral task
behavioral1
Sample
847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70.exe
Resource
win10v2004-20231023-en
General
-
Target
847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70
-
Size
5.3MB
-
MD5
d2f3197497c11f1445e8fca8741c25d7
-
SHA1
c1f02a541c69b63246589208cbbc2d9667c441f4
-
SHA256
847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70
-
SHA512
72c34f104b9f0a1226146c28fa1a8b9322e054b5e5cc5898b0b392eeb1f64c78c7c18cada2d9f806a0d6125f5136f1cb193277f10b9b82c66c1a09d96642c50a
-
SSDEEP
49152:8eGsnZuYwTVAOcrsYeMH6YUB7vSy8skvSnJkbxmPZSRdHInepWq9VmZQfhyhmpyY:VWMHU0WAdsDhmpyXqQZaIcx2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70
Files
-
847332f6085870830debb163fd702b44a7ff97c650a4b5f17080227921fe9b70.exe windows:6 windows x86
4e8b1b7b62b5cf0e37adb86088274bee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateSymbolicLinkW
GlobalFree
ReleaseMutex
CreateMutexA
DeleteFileA
GetPrivateProfileStringA
lstrlenA
GetCurrentDirectoryA
MoveFileA
GetCurrentProcessorNumber
SetFileAttributesA
SetThreadPriority
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
GetSystemInfo
GetLastError
GetCurrentProcess
GetTickCount
GetCurrentDirectoryW
MultiByteToWideChar
Module32Next
WriteConsoleW
SetEndOfFile
HeapQueryInformation
HeapSize
OutputDebugStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
SetStdHandle
GetTickCount64
SetCurrentDirectoryW
SetFileAttributesW
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
GetFileAttributesExW
SetConsoleCtrlHandler
FlushFileBuffers
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
Module32First
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetThreadTimes
QueryPerformanceFrequency
GetCurrentProcessId
FindNextFileA
FindClose
FindFirstFileA
GetModuleFileNameA
ReadProcessMemory
CloseHandle
Process32Next
CreateThread
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetFileAttributesA
ExitProcess
Sleep
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
DeleteFileW
GetFileInformationByHandleEx
SetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
LocalFree
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
FormatMessageA
HeapFree
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileW
IsProcessorFeaturePresent
InterlockedDecrement
GetProcessHeap
HeapValidate
InterlockedIncrement
QueryPerformanceCounter
CopyFileA
CreateSemaphoreA
ReleaseSemaphore
GlobalUnlock
WideCharToMultiByte
GlobalLock
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
CompareStringA
GetLocaleInfoA
lstrlenW
SetFilePointer
WriteFile
ReadFile
OutputDebugStringA
SetUnhandledExceptionFilter
GetCurrentThread
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
UnmapViewOfFile
GetTempFileNameA
CreateDirectoryA
RemoveDirectoryA
GetTempPathA
AllocConsole
GlobalAlloc
GetModuleHandleA
GetProcAddress
FreeLibrary
IsValidLocale
LoadLibraryExA
user32
FlashWindowEx
GetSystemMetrics
LoadStringA
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
SetWindowPos
SystemParametersInfoA
GetKeyState
LoadImageA
DrawTextW
DrawTextA
CharPrevExA
CharNextExA
GetKeyboardLayoutNameA
OpenClipboard
CloseClipboard
GetKeyboardLayout
CharNextW
GetClipboardData
GetMessageA
UpdateWindow
RegisterClassExA
UnregisterClassA
SetFocus
CreateWindowExA
DefWindowProcA
MoveWindow
GetWindowLongA
SetWindowLongA
IsWindow
DestroyWindow
RegisterClassA
SetWindowTextA
LoadCursorA
GetMenu
GetWindowRect
AdjustWindowRectEx
GetCapture
TranslateMessage
DispatchMessageA
PostQuitMessage
GetAsyncKeyState
SetRect
OffsetRect
GetClientRect
DestroyCursor
ClientToScreen
PeekMessageA
ReleaseDC
FillRect
GetDC
EndPaint
BeginPaint
InvalidateRect
GetWindowTextA
WindowFromPoint
MessageBoxA
ShowCursor
SetCursor
ShowWindow
ChangeDisplaySettingsA
SetCursorPos
SetCapture
ReleaseCapture
gdi32
CreateFontIndirectA
SetTextColor
EnumFontFamiliesExA
TextOutW
SelectObject
SetDIBitsToDevice
SetBkMode
TextOutA
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetObjectA
StretchBlt
DeleteObject
CreateSolidBrush
PatBlt
GetStockObject
GetTextExtentPoint32A
SetBkColor
GetTextExtentPoint32W
GetCharABCWidthsFloatW
ole32
CoInitializeEx
OleSetContainedObject
OleUninitialize
CoGetClassObject
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
winmm
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime
d3d8
Direct3DCreate8
python27
PyInt_AsLong
PyTuple_GetItem
PyExc_RuntimeError
PyErr_SetString
Py_BuildValue
PyTuple_SetItem
PyDict_Size
PyDict_Next
PyString_InternFromString
PyArg_ParseTuple
PyFloat_AsDouble
PyLong_AsUnsignedLongLong
PyTuple_New
PyLong_FromLongLong
PyLong_AsLong
PyDict_GetItemString
_Py_NoneStruct
PyLong_AsLongLong
PyErr_BadArgument
PyObject_GetAttrString
PyErr_Clear
PyObject_CallObject
PyString_AsString
PyTuple_Size
PyModule_AddIntConstant
Py_InitModule4
PyObject_GetAttr
PyList_Append
PyString_FromString
PyCallable_Check
PyErr_Print
PyEval_EvalCode
PyObject_AsCharBuffer
PyImport_ImportModule
PyRun_StringFlags
PyDict_SetItemString
PyImport_GetMagicNumber
Py_Finalize
Py_SetProgramName
Py_FlushLine
Py_Initialize
PyModule_GetDict
PyErr_Fetch
PyCode_Type
PyImport_AddModule
PyEval_SetTrace
PyCode_Addr2Line
Py_OptimizeFlag
PyEval_GetRestricted
PyErr_Occurred
_Py_EllipsisObject
PyFloat_FromDouble
PyMarshal_ReadObjectFromString
PyExc_ValueError
_PyLong_FromByteArray
PyExc_EOFError
PyCode_New
_PyLong_New
PyDict_SetItem
PyDict_New
PyExc_StopIteration
PyErr_NoMemory
PyUnicodeUCS2_DecodeUTF8
PyList_SetItem
PyInt_FromLong
PyComplex_FromCComplex
PyString_FromStringAndSize
PyNumber_Check
PyList_New
devil
ilShutDown
ilDeleteImages
ilCopyPixels
ilConvertImage
ilGetInteger
ilLoad
ilOriginFunc
ilEnable
ilBindImage
ilGenImages
ilInit
ilSetPixels
ilSave
ilTexImage
imm32
ImmReleaseContext
ImmGetConversionStatus
ImmGetCompositionStringW
ImmGetIMEFileNameA
ImmAssociateContext
ImmGetOpenStatus
ImmSetCompositionStringW
ImmSetConversionStatus
ImmNotifyIME
ImmGetCandidateListW
ImmIsIME
ImmGetContext
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
imagehlp
GetTimestampForLoadedLibrary
StackWalk
EnumerateLoadedModules
granny2
_GrannyGetFileInfo@4
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannyUpdateModelMatrix@20
_GrannyNewLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeLocalPose@4
_GrannySetModelClock@8
_GrannyNewWorldPose@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyFreeFileSection@8
_GrannyGetSourceSkeleton@4
_GrannyFreeMeshBinding@4
_GrannyFreeModelInstance@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyNewMeshBinding@12
_GrannyCompleteControlAt@8
_GrannyFindBoneByName@12
_GrannyGetWorldPose4x4@8
_GrannyConvertSingleObject@20
_GrannyGetMaterialTextureByType@8
_GrannyFindMatchingMember@16
_GrannySetLogCallback@4
_GrannySetControlEaseInCurve@28
_GrannySetControlSpeed@8
_GrannyFreeControlIfComplete@4
_GrannyReadEntireFileFromMemory@8
_GrannySetControlLoopCount@8
_GrannySetControlEaseIn@8
_GrannyFreeControlOnceUnused@4
_GrannyPlayControlledAnimation@12
_GrannyGetControlLocalDuration@4
_GrannyGetControlRawLocalClock@4
_GrannyFreeControl@4
_GrannySetControlEaseOutCurve@28
_GrannySetControlRawLocalClock@8
_GrannyGetControlSpeed@4
_GrannyGetControlLoopCount@4
_GrannyControlIsComplete@4
_GrannyGetMeshIndexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshVertexType@4
_GrannyNewMeshDeformer@16
_GrannyCopyMeshVertices@12
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
GrannyPNT332VertexType
_GrannyDeformVertices@24
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyFreeMeshDeformer@4
_GrannySetControlEaseOut@8
_GrannyFreeFile@4
_GrannyInstantiateModel@4
_GrannyFreeWorldPose@4
mss32
_AIL_file_read@8
_AIL_mem_free_lock@4
_AIL_set_file_callbacks@16
_AIL_stream_volume_levels@12
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_file_type@8
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_stream_status@4
_AIL_set_3D_sample_file@8
_AIL_3D_sample_volume@4
_AIL_set_3D_sample_volume@8
_AIL_release_3D_sample_handle@4
_AIL_3D_sample_status@4
_AIL_stop_3D_sample@4
_AIL_start_3D_sample@4
_AIL_set_3D_sample_loop_count@8
_AIL_end_3D_sample@4
_AIL_allocate_3D_sample_handle@4
_AIL_update_3D_position@8
_AIL_resume_3D_sample@4
_AIL_auto_update_3D_position@8
_AIL_decompress_ADPCM@12
_AIL_sample_status@4
_AIL_end_sample@4
_AIL_sample_volume_pan@12
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_resume_sample@4
_AIL_last_error@0
_AIL_init_sample@4
_AIL_allocate_sample_handle@4
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_set_sample_file@12
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_shutdown@0
_AIL_open_stream@12
_AIL_close_3D_provider@4
_AIL_set_3D_position@16
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_set_3D_orientation@28
_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_set_3D_velocity@20
_AIL_open_digital_driver@16
_AIL_close_digital_driver@4
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_release_sample_handle@4
_AIL_set_stream_volume_levels@12
speedtreert
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetLeafLightingAdjustment@CSpeedTreeRT@@QBEMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?DeleteTransientData@CSpeedTreeRT@@QAEXXZ
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
dinput8
DirectInput8Create
ws2_32
connect
socket
select
recv
__WSAFDIsSet
ioctlsocket
WSACleanup
htons
htonl
gethostname
ntohs
inet_addr
ntohl
WSAGetLastError
WSAStartup
closesocket
send
gethostbyname
ddraw
DirectDrawCreate
bcrypt
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
advapi32
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
shell32
SHGetSpecialFolderPathA
oleaut32
SafeArrayDestroy
VariantInit
SysAllocString
SafeArrayCreate
SafeArrayAccessData
VariantClear
SysFreeString
Sections
.text Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 606KB - Virtual size: 605KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 160KB - Virtual size: 443KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 181KB - Virtual size: 181KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 177KB - Virtual size: 177KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ