Static task
static1
Behavioral task
behavioral1
Sample
0ce961e625a73f222818e769cc3d432e.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
0ce961e625a73f222818e769cc3d432e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
0ce961e625a73f222818e769cc3d432e
-
Size
371KB
-
MD5
0ce961e625a73f222818e769cc3d432e
-
SHA1
c18b5c9d10f795221222644e46683a67f0efb069
-
SHA256
a21effb14a2d269b8ba1ce461d2b16f9d25aa57893fb7ed1b3c1be3dc0a4f5bb
-
SHA512
314d23450539bae95acfc42db9821d5a86f1b40a5a239e21d6d6152298220beaf6d312fabc09e65679a61e5363c8bf892426022b983bf5a899d083330812e850
-
SSDEEP
6144:a5HIJ/F6GI5gELNDHyjpfZGEHUl/Y3iOlLtS5IHz0OTX4tAdy:a5HIwVGQNeVfZGE0l/OtSy40Iudy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0ce961e625a73f222818e769cc3d432e
Files
-
0ce961e625a73f222818e769cc3d432e.exe windows:5 windows x86 arch:x86
5f97f4ba801c2767aabf6a0c46dade65
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
towlower
wcsncat
atol
_ultoa
_purecall
_wcsupr
__initenv
_CIpow
_itoa
towupper
__p__iob
_CIsqrt
_fileno
_initterm
wcsrchr
isleadbyte
_strlwr
__set_app_type
__p__commode
__wgetmainargs
ceil
toupper
wcstok
wcsncmp
wcscmp
_ftol
fprintf
_except_handler3
__setusermatherr
time
_finite
realloc
fflush
tolower
wcstoul
__p__osver
_exit
isspace
_adjust_fdiv
_write
wcsstr
isalnum
_wcsicmp
_cexit
_onexit
rand
swprintf
_acmdln
calloc
_local_unwind2
_wtoi
_wtol
_vsnwprintf
_wcsnicmp
__p__fmode
strstr
strlen
_lock
_XcptFilter
??1type_info@@UAE@XZ
exit
memset
wcschr
ctime
_commit
_beginthreadex
sscanf
_CxxThrowException
wcscpy
wcstombs
__CxxFrameHandler
__dllonexit
srand
_strdup
_c_exit
_chsize
_stricmp
_wfopen
isdigit
_rotr
wcscat
isalpha
??2@YAPAXI@Z
isxdigit
sprintf
fclose
mbstowcs
_vsnprintf
fopen
iswctype
__pioinfo
iswalpha
qsort
_amsg_exit
_snwprintf
_itow
iswspace
wcsspn
malloc
oleaut32
SafeArrayPtrOfIndex
OleLoadPicture
CreateErrorInfo
SetErrorInfo
SafeArrayPutElement
VariantChangeTypeEx
VariantChangeType
SysReAllocStringLen
SafeArrayCreate
GetActiveObject
SysFreeString
SafeArrayGetLBound
VariantClear
VariantCopy
VariantInit
GetErrorInfo
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayAccessData
LoadTypeLib
VariantCopyInd
SysStringLen
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLib
SysAllocStringLen
ntdll
NtDeleteKey
RtlSubAuthorityCountSid
NtOpenProcess
RtlDetermineDosPathNameType_U
_strnicmp
NtFsControlFile
RtlLengthSecurityDescriptor
RtlxUnicodeStringToOemSize
NtReadFile
RtlExtendedLargeIntegerDivide
atoi
RtlInitializeCriticalSectionAndSpinCount
RtlInitializeResource
RtlEnterCriticalSection
RtlRaiseStatus
RtlQueryEnvironmentVariable_U
RtlxOemStringToUnicodeSize
wcscpy
RtlStringFromGUID
RtlInitString
wcscat
RtlxAnsiStringToUnicodeSize
RtlReleaseResource
RtlGetVersion
NtDuplicateToken
NtSetSecurityObject
RtlRunDecodeUnicodeString
DbgBreakPoint
RtlNtStatusToDosError
wcsncat
RtlAllocateHeap
RtlDestroyHeap
RtlCopyUnicodeString
RtlTimeToSecondsSince1970
NtQueryVolumeInformationFile
_wcsicmp
NtOpenProcessToken
_vsnprintf
NtOpenThread
RtlUnicodeToMultiByteSize
_allmul
NtQuerySystemInformation
NtRequestWaitReplyPort
NtQueryValueKey
NtSetInformationFile
NtQuerySystemTime
RtlClearBits
wcsncmp
NtTerminateThread
RtlWriteRegistryValue
RtlImageNtHeader
RtlInitUnicodeString
NtWriteFile
_snwprintf
NlsMbCodePageTag
NtQueryKey
RtlCreateEnvironment
RtlAdjustPrivilege
RtlCompareUnicodeString
RtlSetEnvironmentVariable
swprintf
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
NtTerminateProcess
RtlCopySid
RtlReAllocateHeap
NtOpenFile
RtlInsertElementGenericTable
RtlCreateUnicodeStringFromAsciiz
NtDuplicateObject
RtlQueueWorkItem
_alloca_probe
RtlUnicodeToMultiByteN
RtlCreateTimer
RtlMakeSelfRelativeSD
NtFreeVirtualMemory
atol
strchr
NtAllocateLocallyUniqueId
NtQueryObject
qsort
NtEnumerateKey
RtlValidSid
RtlOpenCurrentUser
RtlEqualUnicodeString
NtSetEvent
RtlNewSecurityObject
NtCreateEvent
wcslen
NtWaitForSingleObject
RtlDeleteCriticalSection
NtOpenThreadToken
RtlValidRelativeSecurityDescriptor
RtlExpandEnvironmentStrings_U
NtDeleteValueKey
RtlDeleteElementGenericTable
RtlCreateUserThread
NtClose
RtlGetAce
RtlLengthRequiredSid
RtlInitializeGenericTable
RtlRunEncodeUnicodeString
NtQueryVirtualMemory
RtlSetSaclSecurityDescriptor
RtlGetFullPathName_U
NtOpenEvent
NtQuerySecurityObject
RtlAppendUnicodeStringToString
RtlUpcaseUnicodeStringToOemString
RtlConvertSidToUnicodeString
RtlQueryRegistryValues
RtlGUIDFromString
NtQueryAttributesFile
RtlSystemTimeToLocalTime
NtAdjustPrivilegesToken
NtOpenSymbolicLinkObject
RtlGetSaclSecurityDescriptor
NtQueryDirectoryObject
RtlRegisterWait
RtlCreateTimerQueue
_wcsnicmp
RtlIntegerToUnicodeString
RtlGetOwnerSecurityDescriptor
_wcsupr
RtlFormatCurrentUserKeyPath
RtlCreateAcl
wcsncpy
NtCreateSection
NtEnumerateValueKey
RtlxUnicodeStringToAnsiSize
NtPowerInformation
RtlUnicodeStringToOemString
RtlLengthSid
RtlQueryInformationAcl
NtCancelIoFile
RtlOemStringToUnicodeString
shlwapi
PathStripToRootW
PathGetDriveNumberW
PathRemoveExtensionW
PathAppendW
StrToIntW
StrTrimW
PathAddBackslashW
StrCpyW
SHDeleteKeyA
PathIsUNCW
PathRemoveFileSpecW
UrlIsW
StrDupW
PathIsRootW
StrChrIW
PathRemoveFileSpecA
SHStrDupW
StrCmpNIA
PathFindExtensionW
PathRemoveBlanksW
PathFileExistsW
StrRChrW
PathAppendA
PathStripToRootA
StrToIntExW
StrChrW
PathRemoveBackslashW
PathFindFileNameA
PathIsRelativeW
StrCatW
StrCpyNW
SHDeleteValueA
PathIsDirectoryW
PathFindExtensionA
wnsprintfA
PathCreateFromUrlW
SHGetValueW
StrRetToBufW
AssocQueryStringW
UrlCanonicalizeW
PathFindFileNameW
StrCmpNW
SHRegGetBoolUSValueW
StrCmpNIW
PathCombineW
UrlUnescapeW
StrStrIW
PathIsURLW
StrCatBuffW
SHDeleteKeyW
PathSkipRootW
StrCmpW
SHSetValueW
StrStrW
StrCmpIW
SHDeleteValueW
wnsprintfW
StrStrIA
kernel32
GetConsoleMode
FindResourceA
RaiseException
InterlockedExchange
InterlockedIncrement
GetEnvironmentStringsW
UnmapViewOfFile
GetUserDefaultLCID
LCMapStringW
DeleteFileW
WriteConsoleW
CreateDirectoryW
GetFullPathNameW
CreateMutexA
GetCommandLineA
GlobalUnlock
InterlockedDecrement
GetCurrentDirectoryW
VirtualAlloc
ExpandEnvironmentStringsW
HeapDestroy
ResetEvent
GetOEMCP
GetSystemTime
GetFileAttributesW
GetStringTypeW
GetSystemInfo
ReleaseSemaphore
lstrcatA
IsDBCSLeadByte
GetCommandLineW
MapViewOfFile
GetFileType
FileTimeToSystemTime
FindClose
HeapFree
FreeEnvironmentStringsA
HeapCreate
TlsFree
lstrcatW
HeapSize
GetComputerNameW
SetFileAttributesW
GetVersion
OpenEventW
GetStdHandle
TlsGetValue
GetVersionExA
CreateThread
GetCurrentProcess
CreateFileMappingA
MulDiv
OpenMutexW
SetHandleCount
GetEnvironmentStrings
CreateEventA
CompareStringA
SetUnhandledExceptionFilter
SystemTimeToFileTime
lstrcpyW
OutputDebugStringW
QueryPerformanceCounter
lstrlenW
CloseHandle
GetACP
lstrcmpiA
SizeofResource
GetStringTypeA
CreateEventW
GetStartupInfoA
CreateDirectoryA
SetFilePointer
DisableThreadLibraryCalls
GetCurrentThreadId
GetLastError
OutputDebugStringA
lstrcpyA
WriteFile
LoadResource
GetTempPathA
GlobalFree
RtlUnwind
GlobalAlloc
LeaveCriticalSection
GetDriveTypeW
GetModuleHandleA
InterlockedCompareExchange
OpenMutexA
FindNextFileW
GlobalLock
VirtualFree
LoadLibraryExW
DeleteFileA
SetFileAttributesA
GetLocalTime
SetFileTime
IsBadWritePtr
GetExitCodeThread
InitializeCriticalSection
SetEvent
lstrlenA
lstrcmpA
CreateMutexW
LocalAlloc
ReadFile
CreateFileW
HeapReAlloc
MultiByteToWideChar
WaitForSingleObject
VirtualQuery
SetStdHandle
WideCharToMultiByte
GetCPInfo
SetLastError
GetLocaleInfoA
FreeLibrary
GetModuleHandleW
OpenEventA
VirtualProtect
GetDriveTypeA
GetModuleFileNameA
GetProcessHeap
lstrcpynW
lstrcmpiW
Sleep
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
FindFirstFileW
ExitProcess
GetFileAttributesA
GetThreadLocale
IsBadReadPtr
GetLocaleInfoW
LoadLibraryExA
TerminateProcess
advapi32
OpenThreadToken
DeleteService
GetSecurityDescriptorLength
CryptReleaseContext
GetLengthSid
OpenSCManagerA
RegEnumValueW
UnregisterTraceGuids
GetUserNameW
GetSecurityDescriptorControl
SetThreadToken
RegQueryInfoKeyA
RegQueryValueExW
SetServiceStatus
GetSidSubAuthority
ConvertStringSidToSidW
CryptDestroyKey
LookupPrivilegeValueA
OpenServiceW
AdjustTokenPrivileges
CryptCreateHash
OpenSCManagerW
GetTraceEnableFlags
AllocateAndInitializeSid
RegDeleteKeyA
RegQueryValueExA
SetNamedSecurityInfoW
RevertToSelf
GetTraceEnableLevel
SetFileSecurityW
RegQueryInfoKeyW
SetEntriesInAclW
RegOpenKeyExA
ChangeServiceConfigW
RegCloseKey
RegConnectRegistryW
RegEnumKeyA
RegDeleteKeyW
AddAccessAllowedAce
CryptGetHashParam
QueryServiceStatus
GetSidSubAuthorityCount
DeregisterEventSource
GetSecurityDescriptorDacl
DuplicateTokenEx
IsValidSid
QueryServiceConfigW
OpenServiceA
GetTraceLoggerHandle
LockServiceDatabase
SetSecurityDescriptorGroup
LsaFreeMemory
CopySid
RegDeleteValueA
CheckTokenMembership
LsaQueryInformationPolicy
ControlService
ConvertSidToStringSidW
CloseServiceHandle
EqualSid
GetSidIdentifierAuthority
RegEnumKeyExW
CryptDestroyHash
ReportEventW
StartServiceW
RegCreateKeyExA
RegisterTraceGuidsW
GetSecurityDescriptorOwner
CryptGenRandom
RegEnumKeyW
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegDeleteValueW
LookupAccountNameW
RegisterEventSourceW
SetSecurityDescriptorOwner
RegEnumValueA
GetAce
InitializeAcl
CryptAcquireContextW
RegSetValueExA
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
RegOpenKeyA
OpenProcessToken
RegSetValueW
RegQueryValueW
RegEnumKeyExA
LookupAccountSidW
LsaOpenPolicy
GetAclInformation
RegCreateKeyExW
CryptAcquireContextA
RegOpenKeyExW
AddAce
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetUserNameA
RegSetValueA
RegCreateKeyA
CryptHashData
FreeSid
ole32
CoInitialize
CreateOleAdviseHolder
CreateBindCtx
CoInitializeSecurity
CoInitializeEx
OleRegEnumVerbs
StringFromCLSID
CoCreateInstanceEx
StgCreateDocfile
CoGetMalloc
GetRunningObjectTable
CoUninitialize
StgIsStorageFile
ReleaseStgMedium
CoTaskMemAlloc
OleInitialize
StgOpenStorage
PropVariantClear
ProgIDFromCLSID
CreateDataAdviseHolder
CoGetClassObject
StringFromIID
OleRegGetMiscStatus
OleLoadFromStream
CoSetProxyBlanket
CoFreeUnusedLibraries
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
OleRegGetUserType
StgCreateDocfileOnILockBytes
CoDisconnectObject
CLSIDFromString
OleSaveToStream
CLSIDFromProgID
OleUninitialize
GetHGlobalFromStream
CoReleaseMarshalData
CoRevokeClassObject
CreateStreamOnHGlobal
CoMarshalInterface
CoImpersonateClient
CreateItemMoniker
CoRegisterClassObject
CoTaskMemFree
CreateILockBytesOnHGlobal
CoCreateInstance
StringFromGUID2
PropVariantCopy
OleRun
CoTaskMemRealloc
CoGetObjectContext
CoRevertToSelf
CoCreateGuid
CoCreateFreeThreadedMarshaler
MkParseDisplayName
IIDFromString
WriteClassStm
shell32
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
SHBindToParent
SHGetFileInfoW
SHBrowseForFolderA
CommandLineToArgvW
SHGetPathFromIDListW
SHGetPathFromIDListA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
DragQueryFileW
ShellExecuteExW
SHChangeNotify
ShellExecuteA
SHBrowseForFolderW
SHFileOperationW
version
GetFileVersionInfoW
GetFileVersionInfoA
VerLanguageNameA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerFindFileW
gdi32
ExtTextOutW
GetMapMode
BitBlt
CreateDCA
SetPixel
CreateFontIndirectW
SetViewportOrgEx
FillRgn
ScaleWindowExtEx
RestoreDC
CreateDCW
CreatePatternBrush
SetTextColor
RealizePalette
GetTextExtentPoint32W
GetTextMetricsW
TranslateCharsetInfo
PatBlt
GetNearestColor
CreateFontIndirectA
Polyline
CreateRectRgn
GetTextExtentPointW
GetCurrentObject
GetRgnBox
GetClipBox
GetWindowExtEx
SetBkColor
RectVisible
CreateCompatibleDC
GetStockObject
DPtoLP
ScaleViewportExtEx
SetStretchBltMode
CreateHalftonePalette
LPtoDP
CreatePalette
SetROP2
EndDoc
IntersectClipRect
GetObjectType
CreateBitmap
CreateMetaFileA
GetBkMode
StartPage
CreateDIBSection
CreateDIBitmap
DeleteMetaFile
GetPixel
DeleteObject
OffsetRgn
GetDeviceCaps
Rectangle
EnumFontFamiliesExW
OffsetViewportOrgEx
SetTextAlign
LineTo
SaveDC
SetWindowExtEx
GetClipRgn
UnrealizeObject
EndPage
SelectObject
ExtSelectClipRgn
ExtTextOutA
SelectClipRgn
Escape
CreateRectRgnIndirect
CreateBrushIndirect
MoveToEx
CloseMetaFile
CreateCompatibleBitmap
GetPaletteEntries
GetTextExtentPointA
GetObjectW
SetWindowOrgEx
CreateSolidBrush
GetDIBits
ExcludeClipRect
GetTextColor
SetBkMode
GetTextAlign
GetGlyphOutlineA
CreateMetaFileW
SetViewportExtEx
Ellipse
GetBkColor
CombineRgn
CreateFontA
PtVisible
rpcrt4
NdrCStdStubBuffer_Release
NdrDllGetClassObject
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcBindingSetAuthInfoW
CStdStubBuffer_Invoke
RpcStringFreeA
RpcStringBindingParseW
RpcStringBindingComposeW
RpcBindingToStringBindingW
IUnknown_AddRef_Proxy
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcRaiseException
NdrOleFree
CStdStubBuffer_IsIIDSupported
RpcServerUseProtseqEpW
NdrDllCanUnloadNow
RpcRevertToSelf
NdrStubForwardingFunction
CStdStubBuffer_Disconnect
NdrStubCall2
RpcBindingFree
NdrCStdStubBuffer2_Release
NdrServerCall2
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
RpcBindingVectorFree
CStdStubBuffer_DebugServerQueryInterface
NdrDllUnregisterProxy
RpcImpersonateClient
IUnknown_QueryInterface_Proxy
NdrClientCall2
CStdStubBuffer_Connect
UuidToStringW
RpcServerInqBindings
UuidCreate
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
UuidFromStringW
RpcBindingFromStringBindingW
RpcServerUnregisterIf
UuidToStringA
RpcServerRegisterIfEx
user32
LoadBitmapW
RegisterClassExA
GetDesktopWindow
RegisterClassW
GetSubMenu
GetCursorPos
PeekMessageA
LoadImageW
EnumChildWindows
LoadCursorA
DrawTextA
GetDlgItem
GetActiveWindow
MapWindowPoints
EndPaint
SetWindowLongA
GetForegroundWindow
MsgWaitForMultipleObjects
GetFocus
IsRectEmpty
LoadStringW
EnableWindow
TranslateMessage
DestroyIcon
FindWindowA
IsWindowVisible
MoveWindow
CharPrevA
GetAsyncKeyState
SystemParametersInfoA
SetWindowTextW
IsDlgButtonChecked
SetWindowPos
SetTimer
EnableMenuItem
SetDlgItemTextA
RegisterClassExW
CharUpperW
DrawFocusRect
DestroyMenu
CheckMenuItem
SendDlgItemMessageW
SetRect
GetMenu
RegisterClipboardFormatW
PostQuitMessage
DialogBoxParamA
GetWindowLongW
GetMessagePos
DrawTextW
GetClassNameW
CallNextHookEx
UnhookWindowsHookEx
RegisterClassA
GetWindowLongA
CreateWindowExW
PeekMessageW
GetWindowPlacement
CallWindowProcA
LoadIconW
SendMessageA
DialogBoxParamW
RegisterWindowMessageW
GetWindow
GetParent
EqualRect
IsChild
GetMenuItemCount
SetWindowTextA
PostMessageA
GetMessageW
DestroyWindow
IsIconic
BeginPaint
SetCapture
EndDialog
SystemParametersInfoW
LoadStringA
IsWindow
LoadBitmapA
UpdateWindow
UnregisterClassA
GetSysColor
LoadCursorW
GetDC
TrackPopupMenu
GetWindowRect
GetWindowTextA
InvalidateRect
MessageBoxA
GetDlgItemTextA
SendMessageW
ClientToScreen
SetDlgItemTextW
GetSystemMetrics
GetDlgItemTextW
DispatchMessageA
DrawIcon
CharNextA
wsprintfA
CharUpperA
GetClassNameA
SetCursor
SetMenu
ScreenToClient
GetWindowThreadProcessId
InflateRect
MessageBoxW
CheckDlgButton
RedrawWindow
KillTimer
CharNextW
RegisterWindowMessageA
SendDlgItemMessageA
CharLowerW
CreateDialogParamW
comdlg32
GetOpenFileNameA
PrintDlgExW
ChooseColorA
CommDlgExtendedError
ChooseFontA
ChooseFontW
PrintDlgA
FindTextW
ChooseColorW
GetOpenFileNameW
GetFileTitleW
PageSetupDlgW
GetSaveFileNameW
GetFileTitleA
GetSaveFileNameA
FindTextA
comctl32
ImageList_Create
PropertySheetA
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Draw
CreatePropertySheetPageW
PropertySheetW
InitCommonControls
InitCommonControlsEx
Sections
.CRT Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 262KB - Virtual size: 262KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.textbss Size: 512B - Virtual size: 468KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.textbss Size: 512B - Virtual size: 493B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ