Static task
static1
Behavioral task
behavioral1
Sample
3254bda5febb9d2967263adcba1dc0c3.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
3254bda5febb9d2967263adcba1dc0c3.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
3254bda5febb9d2967263adcba1dc0c3
-
Size
1.3MB
-
MD5
3254bda5febb9d2967263adcba1dc0c3
-
SHA1
056b078b2c03c8c6ceae7a73e0184c644f25f751
-
SHA256
20fbb59706c954e356fae6c2e0f25057b832ea4fc199f55521a4fcb2457a2854
-
SHA512
9f227567815de701c44c8c6bf5982b17d71e578080fe8a42544c43697b91b90ffeec1c6b3810578cc57eba3c63af7a8ac01b22589f0bfd63f785063259a55dde
-
SSDEEP
24576:Zx3MOYJJJ/7Rjmq1UIqJYY4H1ZMEctQGtQp:Zx38r/7zUIqJYY4H1ZMEctQGtQp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3254bda5febb9d2967263adcba1dc0c3
Files
-
3254bda5febb9d2967263adcba1dc0c3.exe windows:4 windows x86 arch:x86
281d40b1c855a805e787ec28bbfac283
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
afccomm
IsEmptyFileQueue
DeleteAllFileQueue
FreeFileQueue
PeekFileQueue
ExitFileQueue
EntryFileQueue
CloseFileQueue
GetLastErrorFileQueue
CreateFileQueue
UnlockFileMap
LockFileMap
FlushFileMap
CloseFileMap
CreateFileMap
LogOut
GetFileMapAddress
TimeToDateTime
FormatStrToDateTime
DateTimeToTime
TimeToSystemTime
IsValidTime
SystemTimeToTime
GetCurrentTime
OpenMutualExclusion
CreateMutualExclusion
InitializeLog
GetCurrentSystemTime
LogDumpOut
GetSystemTimeFormatStr
JulianToSystemTime
IsValidDate
DateToJulian
FormatStrToSystemTime
CreateFullDirectory
GetFileName
LogOutLastError
GetTimeFormatStr
msvcr80d
_except_handler4_common
wcsncpy_s
strcpy_s
_mktime64
__CxxFrameHandler3
_resetstkoflw
_CrtDbgReportW
wcslen
wcscpy_s
strncmp
strncpy
sprintf
strcat
strlen
strcpy
malloc
free
calloc
_recalloc
memcpy
memcmp
atoi
_mbsnbcpy
_mbsinc
fopen
fclose
clearerr
fgets
vsprintf_s
printf
fprintf
__iob_func
strcmp
_strlwr
??2@YAPAXI@Z
_mbsstr
_fcloseall
ferror
feof
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_mbsicmp
rand
srand
toupper
isdigit
isxdigit
memmove
ceil
strstr
_strdup
strtoul
strtod
_mbscmp
_wassert
_mbschr
_mbsrev
strtol
__RTDynamicCast
getenv
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_purecall
floor
_invalid_parameter
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
_localtime64
_time64
_vsnprintf
_mbsrchr
_beginthreadex
_CRT_RTC_INITW
_gmtime64_s
_localtime64_s
_wcsicmp
??3@YAXPAX@Z
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_initterm_e
_initterm
_CrtSetCheckCount
__initenv
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_strupr
_putenv
_snprintf_s
_errno
_CrtDbgReport
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
kernel32
WriteFile
GetLocaleInfoA
GetThreadLocale
OpenEventA
OutputDebugStringW
GetSystemInfo
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
DebugBreak
RaiseException
InterlockedCompareExchange
GetComputerNameA
CreateThread
TerminateThread
GetExitCodeThread
GetEnvironmentVariableW
GetVersion
InterlockedExchange
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
CloseHandle
GetFileInformationByHandle
CreateFileA
FindClose
FindFirstFileA
GetFileSize
RemoveDirectoryA
MoveFileA
Sleep
CreateDirectoryA
GetFileAttributesA
SetEvent
CreateEventA
SetConsoleCtrlHandler
GetModuleFileNameA
SetCurrentDirectoryA
WaitForSingleObject
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetACP
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTickCount
VirtualFree
VirtualAlloc
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
GetPrivateProfileStringA
OutputDebugStringA
GetProcAddress
lstrcatA
LoadLibraryA
LocalFree
FormatMessageA
LocalAlloc
GetCurrentProcess
GetCurrentThread
SetLastError
FindNextFileA
MoveFileExA
GetModuleHandleA
BackupWrite
GetFullPathNameW
GetVersionExA
IsBadStringPtrA
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
CreateProcessA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
ResumeThread
SuspendThread
SetThreadPriority
GetThreadPriority
user32
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
DialogBoxParamA
MessageBoxA
GetDesktopWindow
wsprintfA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
SendMessageA
advapi32
RevertToSelf
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
ControlService
OpenServiceA
EnumServicesStatusA
QueryServiceConfigA
EnumDependentServicesA
GetServiceDisplayNameA
GetServiceKeyNameA
GetUserNameA
CreateServiceA
QueryServiceLockStatusA
LockServiceDatabase
OpenSCManagerA
DeleteService
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
UnlockServiceDatabase
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueA
SetThreadToken
RegUnLoadKeyA
RegSetValueExA
RegSetKeySecurity
RegSaveKeyA
RegRestoreKeyA
RegReplaceKeyA
RegQueryInfoKeyA
RegNotifyChangeKeyValue
RegLoadKeyA
RegGetKeySecurity
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
LookupAccountNameA
ReportEventA
RegisterEventSourceA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogA
NotifyChangeEventLog
GetOldestEventLogRecord
GetNumberOfEventLogRecords
DeregisterEventSource
CloseEventLog
ClearEventLogA
BackupEventLogA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCloseKey
netapi32
NetWkstaGetInfo
NetApiBufferFree
msvcp80d
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?min@?$numeric_limits@F@std@@SAFXZ
?max@?$numeric_limits@F@std@@SAFXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@H@std@@SAHXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Debug_message@std@@YAXPB_W0I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Container_base@std@@QAE@XZ
?_Orphan_all@_Container_base@std@@QBEXXZ
??0_Container_base@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$allocator@D@std@@QAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?max_size@?$allocator@D@std@@QBEIXZ
??1?$_String_val@DV?$allocator@D@std@@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
mfc80d
ord7420
ord1475
ord1364
ord2143
ord3227
ord7220
ord8694
ord5563
ord3668
ord1034
ord9203
ord8683
ord696
ord349
ord2091
ord2081
ord1205
ord1031
ord1033
ord1013
ord5359
ord7392
ord2038
ord1398
ord7554
ord1070
ord3351
ord4709
ord1086
ord4726
ord3362
ord1215
ord7410
ord3235
ord657
ord884
ord8562
ord1154
ord1363
ord1045
ord1046
ord1048
ord1037
ord1157
ord7212
ord419
ord421
ord6867
ord8685
ord1985
ord741
ord739
ord3207
ord3411
ord2034
ord9142
ord305
ord2041
ord7418
ord5358
ord7748
ord3124
ord5716
ord5477
ord3123
ord304
ord1153
ord5594
ord5765
ord1214
ord2945
ord3359
ord926
ord7383
ord1213
ord4724
ord7407
ord3234
ord908
ord2847
ord1724
ord7691
ord4568
ord499
ord646
ord8278
ord303
ord794
ord874
ord929
ord310
ord3350
ord895
ord903
ord3830
ord5766
ord1563
ord316
ord3200
ord422
ord742
ord3132
ord3142
ord5473
ord5461
ord3834
ord4077
ord1095
ord1565
ord674
ord1569
ord1986
ord1649
ord7466
ord1634
oleaut32
SysFreeString
Sections
.textbss Size: - Virtual size: 526KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224KB - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 28KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE