Static task
static1
General
-
Target
4386e785e9392f5b90ff98fa94fdc2ffd19435d7.exe
-
Size
232KB
-
MD5
fc4e47ae8aeccdd2a0a98885d1c52377
-
SHA1
4386e785e9392f5b90ff98fa94fdc2ffd19435d7
-
SHA256
36d76f2a76706411bb04ff049186c30a6398288bdf7704faa82dd588389b6c48
-
SHA512
39d52c3cd8e771feea81ee157c98306496977fee33824b6f6824221637a2a343ad20156a1f1d43cfbebbefb9df942776ba97255e3a619cc9158293ea10b31669
-
SSDEEP
3072:BmZqeacbbhXbN8Og/KV2RfLc6A/STeJ/ah2211jbEyB7HbIk:BCp8TKUR9T0/kgy10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4386e785e9392f5b90ff98fa94fdc2ffd19435d7.exe
Files
-
4386e785e9392f5b90ff98fa94fdc2ffd19435d7.exe.exe windows:10 windows x86 arch:x86
5f3f3778a963e0c44dcfb0f587f80b8a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gdi32
CreateFontIndirectW
CreateDIBSection
ScriptStringFree
ScriptString_pLogAttr
ScriptStringAnalyse
CreateCompatibleDC
GetDeviceCaps
Rectangle
DeleteDC
PathToRegion
EndPath
SetBkMode
CreatePen
BeginPath
GetStockObject
Polygon
BitBlt
SetBkColor
SetTextColor
DeleteObject
SelectObject
CreateSolidBrush
GetObjectW
user32
DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
GetWindowTextW
GetScrollPos
SetScrollInfo
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsImmersiveProcess
GetIconInfoExW
SendDlgItemMessageW
InternalGetWindowText
GetWindow
IsWindowVisible
EnumWindows
GetClassLongW
TrackPopupMenuEx
SetClassLongW
DrawEdge
GetWindowRect
GetDC
MapWindowPoints
SetWindowLongW
GetWindowLongW
GetMenuItemCount
CheckMenuRadioItem
InsertMenuItemW
CreatePopupMenu
UnregisterClassA
GhostWindowFromHungWindow
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
CreateWindowExW
LoadCursorW
PrivateExtractIconsW
ValidateRect
FrameRect
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
ClientToScreen
EqualRect
GetClassInfoExW
RegisterClassExW
DestroyWindow
DialogBoxParamW
GetActiveWindow
GetWindowBand
ord2575
GetMenuItemInfoW
GetSystemMetrics
InflateRect
ReleaseDC
GetWindowTextLengthW
DrawTextW
SetDlgItemTextW
SetWindowTextW
SetProcessDefaultLayout
SetProcessDPIAware
BringWindowToTop
PostMessageW
SetForegroundWindow
FindWindowW
SendMessageW
CallWindowProcW
DefWindowProcW
LoadStringW
SetWindowPos
SetFocus
GetClientRect
ShowWindow
GetDlgItem
IsWindow
msvcrt
malloc
swprintf_s
wcstol
free
memmove_s
_wtoi
_controlfp
_except_handler4_common
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wcsicmp
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
_isnan
iswspace
wcsstr
calloc
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_ftol2
_ftol2_sse
memcpy
?terminate@@YAXXZ
memset
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
comctl32
ImageList_Remove
ord17
ord381
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_CoCreateInstance
ole32
CoTaskMemFree
CoWaitForMultipleObjects
PropVariantClear
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
oleaut32
SysAllocString
VariantClear
VariantInit
SysFreeString
shell32
Shell_NotifyIconGetRect
ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
gdiplus
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreatePath
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipFillRectangle
ntdll
EtwGetTraceLoggerHandle
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventWriteTransfer
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwEventRegister
EtwEventUnregister
uxtheme
DrawThemeParentBackgroundEx
BufferedPaintUnInit
BufferedPaintSetAlpha
OpenThemeData
DrawThemeBackground
DrawThemeText
CloseThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
BufferedPaintInit
GetThemeTextExtent
SetWindowTheme
IsThemeActive
dwmapi
DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmSetWindowAttribute
DwmIsCompositionEnabled
shlwapi
ord348
PathFindFileNameW
ord487
StrTrimW
PathFindExtensionW
PathParseIconLocationW
imm32
ImmDisableIME
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
SizeofResource
FreeResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleExW
FindResourceExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExA
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
CreateEventW
DeleteCriticalSection
SetEvent
CreateEventExW
InitializeCriticalSection
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
HeapSetInformation
HeapDestroy
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
CreateThread
SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetStartupInfoW
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetUserPreferredUILanguages
GetLocaleInfoEx
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
QueueUserWorkItem
api-ms-win-appmodel-runtime-l1-1-0
GetPackageFamilyName
api-ms-win-core-processthreads-l1-1-1
FlushInstructionCache
OpenProcess
IsProcessorFeaturePresent
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
api-ms-win-shcore-stream-winrt-l1-1-0
CreateStreamOverRandomAccessStream
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-memory-l1-1-0
VirtualFree
VirtualAlloc
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-interlocked-l1-1-0
InterlockedPopEntrySList
InterlockedPushEntrySList
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-ntuser-sysparams-l1-1-0
SystemParametersInfoW
GetMonitorInfoW
api-ms-win-core-libraryloader-l1-2-1
FindResourceW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.Imrsiv Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ