Static task
static1
Behavioral task
behavioral1
Sample
47f00bd68ba50e85f0b1c90993d427cd.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
47f00bd68ba50e85f0b1c90993d427cd.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
47f00bd68ba50e85f0b1c90993d427cd
-
Size
261KB
-
MD5
47f00bd68ba50e85f0b1c90993d427cd
-
SHA1
17ebda1580c63fe4c8b9fc8836758d14fb5350c2
-
SHA256
c255d8e4d0c8d30ecd45b68476f69637f52758b8f4e4a270198fe5d388ff0837
-
SHA512
158e1dc155b2a391c133726798b431702205097e2585e331bd0d7d110ef921d8babb1c7f9d5f59ca2d2aad6b6acfe56e7324ac4d3b23754454de29e4b2df0701
-
SSDEEP
6144:deJJpFotz/tlk8UhbPYVhkXWEo9jTcVUdVzYAmFMfw+idVo8w:dyHotTXk8UhjYVhkXWEicVUd2FMYrdiX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 47f00bd68ba50e85f0b1c90993d427cd
Files
-
47f00bd68ba50e85f0b1c90993d427cd.exe windows:4 windows x86 arch:x86
2a79389e696028e8d53aeffa8c4e71aa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
VirtualProtect
GetFullPathNameW
SetConsoleCursorPosition
GetEnvironmentVariableA
GetStartupInfoA
SetSystemTime
EnumResourceNamesA
lstrcmpiA
EnterCriticalSection
RtlZeroMemory
ReadConsoleOutputA
FindNextFileW
WaitNamedPipeW
MultiByteToWideChar
GlobalFree
FileTimeToDosDateTime
GetTempFileNameW
EnumDateFormatsW
GetLocalTime
SetCurrentDirectoryA
FindNextChangeNotification
PulseEvent
SearchPathA
GlobalReAlloc
GetProcessShutdownParameters
CloseHandle
WriteConsoleInputW
FlushConsoleInputBuffer
RemoveDirectoryW
lstrlen
FindAtomW
MapViewOfFileEx
GetTimeZoneInformation
TransmitCommChar
lstrcat
WriteProfileSectionW
GetThreadTimes
FlushInstructionCache
EnumSystemLocalesA
GetProcessPriorityBoost
DisconnectNamedPipe
GetLogicalDriveStringsW
SetLocalTime
GetDriveTypeA
SetHandleCount
SetConsoleMode
ReadFileEx
GlobalHandle
FreeResource
AddAtomW
CommConfigDialogW
Heap32ListNext
GetLongPathNameA
FreeEnvironmentStringsA
FileTimeToLocalFileTime
GetPriorityClass
SetLocaleInfoW
SetCriticalSectionSpinCount
GetDateFormatA
CreateSemaphoreW
LockFile
GetDriveTypeW
MapViewOfFile
VirtualLock
GetFileType
GetCommandLineA
EnumCalendarInfoExA
SetFileAttributesA
GetPrivateProfileSectionNamesW
DeleteCriticalSection
MoveFileW
GetThreadContext
UpdateResourceW
GetTimeFormatW
ResumeThread
GetSystemTime
GetSystemDirectoryA
MoveFileExW
UnlockFile
GetProfileIntA
WriteProfileStringW
UnmapViewOfFile
lstrcpynW
DosDateTimeToFileTime
SetThreadIdealProcessor
TlsGetValue
SetConsoleCursorInfo
FindFirstFileExA
RemoveDirectoryA
VirtualFree
WriteFile
GetLocaleInfoW
GetPrivateProfileStringW
LockResource
Heap32ListFirst
CopyFileA
LocalUnlock
WriteProcessMemory
SetThreadAffinityMask
GetSystemDefaultLCID
GetProcessVersion
SetFilePointer
EnumSystemCodePagesA
GetHandleInformation
TlsFree
WriteConsoleOutputCharacterW
GetEnvironmentStringsA
GetDiskFreeSpaceExW
LocalCompact
GetProfileStringA
LoadResource
GetUserDefaultLangID
EnumResourceLanguagesA
SetLocaleInfoA
GetDiskFreeSpaceExA
AddAtomA
Heap32First
SetLastError
IsValidLocale
CreateDirectoryExW
MoveFileExA
GetDateFormatW
ExpandEnvironmentStringsW
VirtualProtectEx
FindFirstFileA
ReadConsoleInputA
PeekConsoleInputW
SetThreadPriority
WaitForSingleObjectEx
ConvertDefaultLocale
GetCurrentDirectoryA
EnumCalendarInfoExW
OpenFile
InterlockedExchangeAdd
OpenWaitableTimerA
CreateRemoteThread
ResetWriteWatch
InitializeCriticalSection
GetCurrencyFormatW
VirtualQueryEx
FindCloseChangeNotification
InitializeCriticalSectionAndSpinCount
GetAtomNameW
HeapCompact
GetShortPathNameA
WaitForMultipleObjects
GetCompressedFileSizeA
InitAtomTable
EnumDateFormatsA
GetExitCodeThread
SystemTimeToFileTime
OpenEventA
WaitForDebugEvent
WriteFileGather
WriteConsoleOutputAttribute
SetThreadExecutionState
CreateProcessW
FindResourceA
lstrcatA
ReadConsoleA
GetEnvironmentStringsW
EraseTape
WritePrivateProfileStringA
MulDiv
GetShortPathNameW
CreateSemaphoreA
GetSystemInfo
GetProcessHeaps
SetConsoleCP
SetFileAttributesW
OpenMutexA
GetNamedPipeHandleStateW
FindResourceExW
WaitForMultipleObjectsEx
AllocConsole
IsDebuggerPresent
GetLastError
FoldStringA
lstrcpyn
SetConsoleTitleW
WriteConsoleW
GetProcessTimes
GetThreadLocale
SetComputerNameA
WriteConsoleOutputA
lstrcmpi
TerminateThread
WritePrivateProfileSectionA
GlobalCompact
GetThreadPriority
GetConsoleScreenBufferInfo
CreateMutexW
ReadConsoleOutputCharacterA
LocalHandle
GetStringTypeW
SetConsoleWindowInfo
ReadProcessMemory
LocalFlags
GetPrivateProfileStringA
EnumDateFormatsExW
GetEnvironmentVariableW
LocalLock
DeviceIoControl
FindFirstFileW
EnumResourceTypesA
LocalSize
InterlockedCompareExchange
GetVolumeInformationW
Sleep
SetWaitableTimer
PeekNamedPipe
EnumDateFormatsExA
SetThreadContext
DisableThreadLibraryCalls
CreateMailslotA
GetFileAttributesExA
TransactNamedPipe
WaitCommEvent
GlobalFix
ReleaseSemaphore
CreateMailslotW
GlobalUnWire
HeapSize
HeapLock
lstrcatW
SetConsoleTitleA
CreateDirectoryA
CreateNamedPipeW
BeginUpdateResourceW
FreeLibraryAndExitThread
EnumCalendarInfoA
CreateWaitableTimerA
GetConsoleMode
DeleteFiber
TryEnterCriticalSection
SetEnvironmentVariableW
CreateEventW
UnhandledExceptionFilter
GetNamedPipeHandleStateA
GetPrivateProfileSectionW
LoadLibraryExA
RtlMoveMemory
ReadConsoleOutputCharacterW
SetThreadPriorityBoost
WaitNamedPipeA
GetACP
ReadConsoleOutputAttribute
SetSystemTimeAdjustment
GlobalAlloc
GetModuleFileNameW
Module32Next
GetFullPathNameA
WaitForSingleObject
UnlockFileEx
GetLongPathNameW
FormatMessageW
FreeEnvironmentStringsW
GetWriteWatch
GlobalGetAtomNameW
GlobalSize
LeaveCriticalSection
ExpandEnvironmentStringsA
CreateFileMappingW
GlobalFindAtomW
GetLogicalDriveStringsA
CreateProcessA
TlsAlloc
lstrcmpiW
GetFileAttributesExW
SetEndOfFile
CompareFileTime
GetCurrencyFormatA
GetNamedPipeInfo
ReadDirectoryChangesW
EnumSystemLocalesW
GlobalWire
CreateDirectoryW
GetConsoleCP
GetVersion
VirtualUnlock
GetWindowsDirectoryW
FindFirstFileExW
GetComputerNameA
BeginUpdateResourceA
GetPrivateProfileIntW
FormatMessageA
GetPrivateProfileSectionA
GetQueuedCompletionStatus
HeapDestroy
GetConsoleCursorInfo
GetVersionExW
GetConsoleTitleA
LocalFree
VirtualAllocEx
SetFileTime
DefineDosDeviceW
GetWindowsDirectoryA
GetProfileSectionA
GetFileInformationByHandle
GlobalLock
GetFileSize
ReadFileScatter
CreateEventA
OutputDebugStringW
EnumSystemCodePagesW
CreateFileW
DeleteFileW
CreateMutexA
OutputDebugStringA
GetProcessAffinityMask
OpenWaitableTimerW
OpenEventW
GetVersionExA
WritePrivateProfileStructA
CreateConsoleScreenBuffer
GetDiskFreeSpaceW
GetDiskFreeSpaceA
lstrcmpW
lstrcpy
ReadConsoleOutputW
GetPrivateProfileIntA
Toolhelp32ReadProcessMemory
ConnectNamedPipe
ReadConsoleW
WritePrivateProfileStringW
RtlFillMemory
Thread32First
SetThreadLocale
EnumTimeFormatsA
GetNumberOfConsoleInputEvents
DebugActiveProcess
OpenProcess
GlobalUnfix
WriteConsoleA
GetLargestConsoleWindowSize
GlobalAddAtomW
GetSystemDirectoryW
SetConsoleActiveScreenBuffer
EnumResourceNamesW
Thread32Next
SetConsoleOutputCP
CreateThread
CreateToolhelp32Snapshot
FillConsoleOutputCharacterW
ReadConsoleInputW
GetConsoleTitleW
GetThreadSelectorEntry
FillConsoleOutputCharacterA
SetEnvironmentVariableA
ResetEvent
SetPriorityClass
CompareStringA
FillConsoleOutputAttribute
GetExitCodeProcess
EnumCalendarInfoW
CreateFileA
FindFirstChangeNotificationW
lstrcpynA
FindResourceW
GetVolumeInformationA
SuspendThread
GetStdHandle
FileTimeToSystemTime
HeapUnlock
GetPrivateProfileSectionNamesA
LocalShrink
DefineDosDeviceA
InterlockedIncrement
GetSystemDefaultLangID
OpenSemaphoreW
GetTempFileNameA
SetConsoleCtrlHandler
LoadLibraryW
lstrlenW
GetCompressedFileSizeW
GetStringTypeA
SetEvent
GetSystemTimeAdjustment
PeekConsoleInputA
FreeConsole
SystemTimeToTzSpecificLocalTime
TlsSetValue
WideCharToMultiByte
GetStartupInfoW
GlobalAddAtomA
GetProcessHeap
WriteProfileStringA
GlobalFindAtomA
WinExec
GetCurrentThread
InterlockedDecrement
DeleteFileA
LocalFileTimeToFileTime
MoveFileA
GetFileAttributesW
EnumResourceLanguagesW
SearchPathW
lstrcpyW
SetTimeZoneInformation
GetStringTypeExW
lstrcmpA
GetComputerNameW
SleepEx
GetPrivateProfileStructW
GlobalGetAtomNameA
WriteConsoleOutputW
WriteFileEx
EnumTimeFormatsW
GetPrivateProfileStructA
WriteProfileSectionA
GlobalUnlock
FreeLibrary
GetCurrentDirectoryW
FindAtomA
IsValidCodePage
CommConfigDialogA
FoldStringW
SignalObjectAndWait
Heap32Next
CreateNamedPipeA
OpenFileMappingW
GetNumberFormatA
GetTimeFormatA
EnumResourceTypesW
SetConsoleScreenBufferSize
CopyFileExA
Module32First
GetEnvironmentStrings
GetCalendarInfoA
GetUserDefaultLCID
FlushFileBuffers
OpenMutexW
GetLocaleInfoA
GetProcAddress
CreatePipe
Process32Next
GlobalMemoryStatus
GetTempPathA
LoadModule
CreateWaitableTimerW
ReadFile
FindResourceExA
FindNextFileA
HeapCreate
GetProfileStringW
FlushViewOfFile
GetSystemPowerStatus
GetProfileIntW
CreateTapePartition
WritePrivateProfileStructW
HeapWalk
GetFileTime
GetAtomNameA
OpenFileMappingA
GetProfileSectionW
GlobalDeleteAtom
DuplicateHandle
GetThreadPriorityBoost
HeapValidate
GetConsoleOutputCP
SetConsoleTextAttribute
lstrcmp
VirtualFreeEx
LocalReAlloc
LockFileEx
OpenSemaphoreA
ExitThread
GlobalFlags
LocalAlloc
GetLogicalDrives
SetVolumeLabelW
ReleaseMutex
DebugBreak
GetCommandLineW
FindClose
SetComputerNameW
lstrcpyA
GetNumberOfConsoleMouseButtons
CreateFileMappingA
UpdateResourceA
ContinueDebugEvent
wininet
DeleteIE3Cache
InternetCombineUrlA
InternetConfirmZoneCrossing
InternetAutodialHangup
InternetOpenUrlW
GetUrlCacheHeaderData
GopherGetLocatorTypeW
InternetSecurityProtocolToStringA
CreateUrlCacheContainerA
GopherFindFirstFileA
FindCloseUrlCache
InternetCombineUrlW
GetUrlCacheEntryInfoW
GopherFindFirstFileW
CreateUrlCacheEntryW
InternetGetCookieA
InternetOpenUrlA
SetUrlCacheEntryGroup
DeleteUrlCacheEntry
InternetGetConnectedStateExW
InternetTimeToSystemTime
DeleteUrlCacheEntryA
HttpEndRequestW
GopherOpenFileW
FtpFindFirstFileW
InternetQueryOptionA
GopherCreateLocatorW
FtpDeleteFileW
FtpCreateDirectoryA
FtpPutFileEx
InternetFindNextFileW
InternetConfirmZoneCrossingA
UnlockUrlCacheEntryFile
IsUrlCacheEntryExpiredA
InternetSetOptionExA
RunOnceUrlCache
RetrieveUrlCacheEntryFileW
SetUrlCacheConfigInfoA
InternetLockRequestFile
InternetCrackUrlW
InternetShowSecurityInfoByURL
InternetGetLastResponseInfoA
FindNextUrlCacheEntryW
UrlZonesDetach
InternetCheckConnectionW
FtpCommandA
InternetDial
HttpQueryInfoA
FtpGetFileSize
FtpGetFileA
GopherGetLocatorTypeA
FtpSetCurrentDirectoryW
FindNextUrlCacheGroup
GetUrlCacheConfigInfoW
IsUrlCacheEntryExpiredW
InternetCheckConnectionA
InternetSecurityProtocolToStringW
InternetGetCertByURL
FreeUrlCacheSpaceA
InternetHangUp
InternetErrorDlg
FtpOpenFileA
CreateUrlCacheGroup
InternetTimeFromSystemTime
InternetWriteFileExA
InternetGoOnlineA
FtpSetCurrentDirectoryA
InternetGetCookieW
InternetAlgIdToStringA
InternetShowSecurityInfoByURLA
GetUrlCacheConfigInfoA
FtpPutFileW
InternetFindNextFileA
InternetWriteFile
GopherOpenFileA
InternetSetCookieW
HttpSendRequestExW
InternetSetFilePointer
DeleteUrlCacheContainerW
HttpOpenRequestW
InternetFortezzaCommand
HttpOpenRequestA
InternetConnectA
DeleteUrlCacheEntryW
ReadUrlCacheEntryStream
InternetTimeFromSystemTimeA
InternetQueryOptionW
DetectAutoProxyUrl
InternetAlgIdToStringW
FtpRemoveDirectoryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryExA
FtpCommandW
GetUrlCacheEntryInfoExA
InternetAutodial
gdi32
LPtoDP
SetPaletteEntries
Arc
SetGraphicsMode
EndPath
SetICMProfileW
GetICMProfileA
ExcludeClipRect
CreateBitmap
MoveToEx
CreateColorSpaceW
CopyEnhMetaFileW
GetDCOrgEx
GetFontData
GetRandomRgn
GetTextCharacterExtra
ExtCreateRegion
GetMiterLimit
GetCharacterPlacementA
GetDIBits
GetCharWidthFloatW
SetICMMode
PlgBlt
EnumFontFamiliesA
advapi32
RegSetValueExW
RegDeleteValueA
CryptGetUserKey
RegDeleteKeyW
CreateServiceW
LookupPrivilegeDisplayNameA
CryptGetHashParam
GetUserNameA
RegQueryValueA
CryptSetProviderExW
LookupAccountNameA
CryptGenRandom
RegQueryValueExA
CryptCreateHash
RegEnumKeyA
RegEnumValueW
RegConnectRegistryW
CryptSetProviderA
ReportEventA
CryptVerifySignatureW
CryptImportKey
CryptEnumProvidersW
RegCreateKeyA
RevertToSelf
CryptContextAddRef
CryptEnumProviderTypesW
CryptVerifySignatureA
CryptEncrypt
RegRestoreKeyW
RegDeleteValueW
RegSaveKeyW
Sections
.text Size: 139KB - Virtual size: 139KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ