Static task
static1
Behavioral task
behavioral1
Sample
25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4.exe
Resource
win10v2004-20231023-en
General
-
Target
25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4
-
Size
1.7MB
-
MD5
9f803da2fbffedfe135d72984a62c30e
-
SHA1
f6056d44df24694a315916f3fc316956e02e359d
-
SHA256
25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4
-
SHA512
ce33525fd1a0a1cc2a94086f9377aecc603c8f62312b7a1c6049d76fe6a72b4aa76022e367287ca69f1a3e53aba248401fc3b7bec3dc76761a278bf716375428
-
SSDEEP
24576:qKqyvokJ4TZKxA1ReTRLe6DMceJdvsqjnhMgeiCl7G0nehbGZpbD:zqyqT11ReTpTMHJZDmg27RnWGj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4
Files
-
25a795d70ce8d771209a7e9aafffc8d599175df14e9771839c1d35e094b7dde4.exe windows:6 windows x86 arch:x86
e582291a8f4a29c7abec0c08ecf9eac0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
dbghelp
SymCleanup
SymLoadModule
SymSetOptions
SymInitialize
SymGetModuleInfoW
wininet
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpSendRequestA
InternetOpenUrlA
InternetReadFile
HttpOpenRequestA
comctl32
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
tinyxml
?GetText@TiXmlElement@@QBEPBDXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Value@TiXmlNode@@QBEPBDXZ
??1TiXmlDocument@@UAE@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
??0TiXmlDocument@@QAE@XZ
kernel32
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetStartupInfoW
SetFileAttributesW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeCriticalSection
LoadLibraryA
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetThreadSelectorEntry
UnhandledExceptionFilter
GetProcessTimes
IsDebuggerPresent
WritePrivateProfileStringW
GetFileSize
GetVersionExW
CreateDirectoryW
GetTempPathW
GetSystemDefaultLCID
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetCurrentProcess
DeviceIoControl
GetDiskFreeSpaceExW
CreateFileW
CloseHandle
GetLogicalDrives
GetDriveTypeW
Sleep
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesW
DeleteFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
GetTickCount
WriteFile
SetFilePointer
ReadFile
MultiByteToWideChar
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
SetCurrentDirectoryW
MoveFileW
GetLocalTime
GetCurrentThreadId
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
VirtualProtect
SetErrorMode
ReadProcessMemory
WriteProcessMemory
OpenProcess
VirtualQueryEx
K32GetModuleFileNameExA
CreateFileA
K32GetModuleFileNameExW
GetWindowsDirectoryW
OpenThread
CreateThread
TerminateProcess
SetEvent
CreateProcessW
WaitForSingleObject
lstrlenW
lstrcatW
CopyFileW
lstrcpyW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
InitializeSListHead
user32
GetSystemMetrics
GetDC
SetClipboardData
wsprintfW
CloseClipboard
DialogBoxParamW
BeginPaint
EndPaint
EmptyClipboard
ReleaseDC
DrawTextW
GetGuiResources
IsWindow
CreatePopupMenu
TrackPopupMenu
OpenClipboard
RegisterClipboardFormatW
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
SetWindowLongW
ClientToScreen
KillTimer
GetSysColorBrush
SetDlgItemTextW
EnableMenuItem
GetMenuItemID
DestroyMenu
GetClassInfoExW
RegisterClassExW
CreateWindowExW
GetMenuItemCount
GetSystemMenu
EnableWindow
SendDlgItemMessageW
SetTimer
CallWindowProcW
GetKeyState
GetWindowTextLengthW
GetDesktopWindow
PostMessageW
EnumChildWindows
GetWindowLongW
EnumWindows
GetClassNameW
GetWindowTextW
GetWindowThreadProcessId
DrawIconEx
GetClientRect
ShowWindow
LoadImageW
SetWindowTextW
SendMessageW
LoadIconW
EndDialog
GetDlgItem
EnumDisplayDevicesW
CreateWindowExA
RegisterClassExA
DefWindowProcW
DestroyWindow
SetWindowPos
gdi32
SetPixelFormat
CreateFontW
SelectObject
SetTextColor
SetBkMode
DeleteObject
GetDeviceCaps
ChoosePixelFormat
GetStockObject
advapi32
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
shell32
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
SHCreateDirectoryExW
SHBindToParent
ord155
ole32
CreateStreamOnHGlobal
DoDragDrop
OleUninitialize
OleInitialize
CoCreateGuid
oleaut32
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
gdiplus
GdipAlloc
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdiplusShutdown
GdipFree
shlwapi
PathAddBackslashW
PathRemoveFileSpecA
PathFileExistsW
PathRemoveFileSpecW
msvcp140
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
_Xtime_get_ticks
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Cnd_init
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_hardware_concurrency
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_sleep
_To_wide
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Thrd_detach
_Mtx_init
_Mtx_lock
_Mtx_unlock
d3d9
Direct3DCreate9
opengl32
wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
glGetString
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
crypt32
CertGetNameStringW
wintrust
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
iphlpapi
GetAdaptersInfo
GetAdaptersAddresses
netapi32
Netbios
vcruntime140
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
strrchr
strchr
wcschr
__std_terminate
__std_exception_destroy
memmove
__std_exception_copy
_purecall
memchr
__std_type_info_compare
wcsrchr
wcsstr
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
terminate
_invalid_parameter_noinfo
__p___wargv
_errno
_initialize_onexit_table
_register_onexit_function
_controlfp_s
_crt_atexit
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_set_app_type
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
__p___argc
_get_wide_winmain_command_line
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
localeconv
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
fread
_set_fmode
fclose
__p__commode
fwrite
ftell
fseek
_wfopen
__stdio_common_vfprintf
__stdio_common_vswscanf
__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vswprintf_s
api-ms-win-crt-math-l1-1-0
__setusermatherr
_dtest
api-ms-win-crt-filesystem-l1-1-0
_wsplitpath_s
api-ms-win-crt-string-l1-1-0
tolower
strncpy_s
_wcslwr_s
wcsnlen
strnlen
wcsncat_s
isalnum
_wcsupr_s
wcsncpy
iswalnum
wcsncmp
iswalpha
iswdigit
wcscpy_s
_wcsicmp
wcscat_s
isspace
strncmp
iswspace
towlower
toupper
wmemcpy_s
api-ms-win-crt-convert-l1-1-0
atoi
strtoull
_wtoi
strtod
strtoll
strtoul
api-ms-win-crt-heap-l1-1-0
_recalloc
_callnewh
malloc
_set_new_mode
calloc
free
api-ms-win-crt-utility-l1-1-0
srand
api-ms-win-crt-time-l1-1-0
_gmtime32
_time32
_time64
api-ms-win-crt-multibyte-l1-1-0
_mbscmp
_mbsstr
_mbsrchr
_mbslwr_s
_mbschr
_mbsicmp
beacon_sdk
?UninitSDK@BeaconClient@@SAXXZ
?BeaconDeviceId@BeaconClient@@SAABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_common_param_getters@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@@Z
?Report@BeaconClient@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@W4RequestPriority@Beacon@@@Z
?set_common_params@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
?InitSDK@BeaconClient@@SAXABUBeaconConfig@@@Z
Sections
.text Size: 338KB - Virtual size: 338KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.2MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE