Static task
static1
Behavioral task
behavioral1
Sample
df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce
-
Size
5.0MB
-
MD5
4ef7b592d531bacd383ca29c909f462d
-
SHA1
a32f1fb103e336467e9988ffeb405e291a083f2d
-
SHA256
df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce
-
SHA512
85817fba647b3a04eb0dba8b8ceb78b4ffde2ce3bab041e5f50ad53e46c2d283f7dd66acb30e41696465ed7a1365871f2976b95f5754628d45cacbe9a1e22036
-
SSDEEP
49152:M8BbfKfK+hxc1oCAiX5nZlh8i11CgZENMgb+uCKGwM0/fjH2LJ6Ok93dwgsmLfrQ:MGKbcxAiXn8i1TZEmu0F6OIks0AtQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce
Files
-
df3370b12dab3ef13a7a5ed5360904914a8d5158187e20fd3992614e9aeb17ce.exe windows:4 windows x86 arch:x86
7dda7bac604b69d674f0d7c8defd255b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
d3dx9_26
D3DXFrameCalculateBoundingSphere
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXSaveSurfaceToFileA
D3DXFrameDestroy
D3DXCreateEffectFromFileA
D3DXVec4Normalize
D3DXQuaternionNormalize
D3DXQuaternionSlerp
D3DXLoadSurfaceFromSurface
D3DXCreateFontIndirectA
D3DXCreateTexture
D3DXSaveTextureToFileA
D3DXQuaternionRotationYawPitchRoll
D3DXVec3Normalize
D3DXPlaneTransform
D3DXQuaternionSquad
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationX
D3DXMatrixScaling
D3DXVec3TransformCoord
D3DXLoadMeshHierarchyFromXA
D3DXMatrixTranslation
D3DXMatrixRotationQuaternion
D3DXQuaternionMultiply
D3DXMatrixMultiply
D3DXPlaneFromPoints
D3DXCreateMeshFVF
D3DXLoadMeshFromXA
D3DXMatrixRotationY
D3DXMatrixRotationZ
D3DXGetFVFVertexSize
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH
D3DXCreateSprite
D3DXVec3Project
D3DXVec3TransformNormal
D3DXMatrixTranspose
D3DXQuaternionSquadSetup
D3DXVec2Normalize
D3DXMatrixRotationAxis
D3DXPlaneFromPointNormal
D3DXVec3CatmullRom
D3DXQuaternionInverse
D3DXComputeNormals
D3DXQuaternionRotationAxis
D3DXPlaneIntersectLine
D3DXGeneratePMesh
D3DXValidMesh
D3DXWeldVertices
D3DXCleanMesh
D3DXMatrixInverse
D3DXCreateTextureFromFileExA
dsound
ord11
dinput8
DirectInput8Create
d3d9
Direct3DCreate9
d3dxof
DirectXFileCreate
mfc71
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4282
ord3337
ord760
ord572
ord5073
ord2131
ord266
ord265
ord5490
ord2292
ord6006
ord5715
ord911
ord908
ord1916
ord6090
ord5613
ord4125
ord2322
ord5403
ord2468
ord4081
ord3210
ord1934
ord3161
ord1193
ord631
ord2280
ord386
ord5833
ord2372
ord865
ord4109
ord6167
ord6138
ord1440
ord2748
ord2751
ord3931
ord2288
ord1554
ord3195
ord620
ord2368
ord2991
ord589
ord330
ord709
ord4001
ord5641
ord502
ord4123
ord501
ord1439
ord6288
ord629
ord5089
ord384
ord1263
ord5491
ord3605
ord3596
ord3908
ord907
ord6099
ord4067
ord870
ord664
ord5431
ord427
ord3850
ord6166
ord298
ord6168
ord6173
ord2271
ord4108
ord4085
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1614
ord577
ord3996
ord283
ord4722
ord3403
ord5214
ord4185
ord6275
ord1908
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord5152
ord1161
ord1123
ord6067
ord1063
ord1903
ord3684
ord1054
ord304
ord557
ord2272
ord745
ord784
ord5529
ord3997
ord781
ord1207
ord2451
ord5563
ord1482
ord2933
ord299
ord1489
ord297
ord2248
ord566
ord310
ord757
ord578
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1084
ord762
ord764
ord1185
ord1187
ord1191
ord3683
ord4541
ord2469
ord5446
ord6179
ord5710
ord5716
ord4486
msvcr71
free
malloc
_except_handler3
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_strrev
system
_ismbcdigit
_setmbcp
_CxxThrowException
fclose
fread
fopen
_beginthreadex
_vsnprintf
tolower
rand
srand
time
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strrchr
_strlwr
_stricmp
qsort
sprintf
realloc
wcslen
_localtime64
_time64
fprintf
_CIacos
_CIasin
_CIpow
_purecall
strncpy
fseek
fwrite
strtok
ftell
_close
_creat
_errno
_splitpath
_mktime64
atoi
printf
perror
getc
_mbscmp
strftime
localtime
_CIfmod
atof
_snprintf
floor
_XcptFilter
ceil
_atoi64
strstr
_controlfp
toupper
_snwprintf
isalpha
isspace
isalnum
strncmp
strchr
calloc
_ftol
ldexp
exit
frexp
memchr
??8type_info@@QBEHABV0@@Z
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_resetstkoflw
kernel32
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetACP
WaitForMultipleObjects
GetVersion
ResetEvent
lstrlenA
GetCurrentThread
GetThreadContext
GetModuleFileNameA
CreateMutexA
LoadLibraryA
GetStringTypeExA
CloseHandle
GetProcAddress
GetModuleHandleA
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
GetSystemDirectoryA
lstrcpyA
FreeLibrary
CreateDirectoryA
DeleteFileA
IsDBCSLeadByteEx
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
ReadFile
SetCurrentDirectoryA
GetCurrentDirectoryA
MulDiv
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GlobalMemoryStatus
SetFilePointer
GetUserDefaultLCID
LCMapStringA
InterlockedCompareExchange
GetStartupInfoA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SleepEx
GetVolumeInformationA
GetComputerNameA
LockResource
SizeofResource
LoadResource
FindResourceA
Process32Next
InterlockedExchange
user32
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
MessageBoxA
wsprintfA
UpdateWindow
LoadIconA
LoadCursorA
AdjustWindowRectEx
SendMessageA
FindWindowA
DestroyCursor
SetCursor
UnregisterClassA
EnableWindow
GetClientRect
DestroyWindow
SetWindowLongA
GetWindowLongA
DefWindowProcA
CreateWindowExA
GetSystemMetrics
LoadImageA
MsgWaitForMultipleObjects
LoadStringA
LoadCursorFromFileA
ShowCursor
FindWindowExA
MoveWindow
GetKeyboardLayout
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
InvalidateRect
InvertRect
FillRect
GetFocus
GetDlgItem
ClientToScreen
SetCursorPos
SetFocus
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SystemParametersInfoA
RegisterClassA
SetRect
AdjustWindowRect
GetMenu
DestroyMenu
PostQuitMessage
GetCursorPos
ScreenToClient
SetWindowPos
GetClassLongA
GetWindowRect
ClipCursor
GetIconInfo
GetDC
ReleaseDC
gdi32
CreateDIBSection
ExtTextOutW
GetTextExtentPoint32W
CreateFontIndirectA
SetMapMode
GetTextMetricsA
SetTextColor
GetDeviceCaps
ExtTextOutA
SetDeviceGammaRamp
GetDeviceGammaRamp
GetBitmapBits
GetDIBits
GetStockObject
DeleteDC
SelectObject
CreateFontA
SetBkMode
SetBkColor
CreateSolidBrush
CreateCompatibleDC
DeleteObject
GetObjectA
GetTextExtentPoint32A
CreateFontW
TextOutW
advapi32
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
RegDeleteValueA
shell32
SHGetSpecialFolderPathA
shlwapi
PathFileExistsA
msvcp71
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@D@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Xran@_String_base@std@@QBEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1ios_base@std@@UAE@XZ
??1strstream@std@@UAE@XZ
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
ole32
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysStringLen
VariantClear
VariantInit
ijl15
ord2
ord5
ord3
psapi
GetProcessMemoryInfo
GetModuleFileNameExA
winmm
timeGetTime
timeSetEvent
mmioOpenA
mmioClose
mmioWrite
mmioAdvance
mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
mmioDescend
mmioRead
mmioAscend
timeKillEvent
imm32
ImmReleaseContext
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetContext
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetProperty
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
bugtrap
BT_SetSupportServer
BT_SetSupportURL
BT_InstallSehFilter
BT_SetAppName
BT_SetFlags
BT_SetSupportEMail
iphlpapi
GetAdaptersInfo
ws2_32
WSACreateEvent
WSAGetLastError
send
closesocket
WSACloseEvent
recv
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
connect
WSACleanup
WSAStartup
htons
inet_addr
ioctlsocket
socket
Sections
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 540KB - Virtual size: 540KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 246KB - Virtual size: 102.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ