Static task
static1
Behavioral task
behavioral1
Sample
6fcf673f97bdd9009f3b0efce1037e2c.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
6fcf673f97bdd9009f3b0efce1037e2c.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
6fcf673f97bdd9009f3b0efce1037e2c
-
Size
154KB
-
MD5
6fcf673f97bdd9009f3b0efce1037e2c
-
SHA1
27144f0ee694914b6b2fc1a656b6abe4e4f162e9
-
SHA256
7df8fa8a90dca43224ea87c7e4fe9f309895562cd8cc414ab2342383da006a4d
-
SHA512
4b1daed847022e60c36e9efbd3a5d4b2f8c53e9aa255694ee762fc4fcac9e313ae33deaa173e23f97ee908dc2b477f9e45f9a726c61ad238238d432b444d6dff
-
SSDEEP
3072:Ye0CfF+CsCSOimLrpaUfkgXhKe4aGYoBgXJqLBrDR39OpGAfj8ikdlk7lzz9Z0Ms:YOfF+CQELrkUcmhKemYoSZIfB9G18ikB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6fcf673f97bdd9009f3b0efce1037e2c
Files
-
6fcf673f97bdd9009f3b0efce1037e2c.exe windows:5 windows x86 arch:x86
c583a0ef111f9672f449c81c106011e1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
PropertySheetW
ImageList_Create
PropertySheetA
InitCommonControls
ImageList_Draw
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
CreatePropertySheetPageW
rpcrt4
NdrDllGetClassObject
NdrOleAllocate
RpcEpResolveBinding
CStdStubBuffer_CountRefs
RpcServerUnregisterIf
RpcBindingSetAuthInfoExW
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
RpcServerInqBindings
CStdStubBuffer_Invoke
RpcRevertToSelf
UuidCreate
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
RpcServerRegisterIfEx
CStdStubBuffer_Disconnect
NdrStubForwardingFunction
RpcImpersonateClient
RpcStringFreeW
RpcBindingToStringBindingW
UuidToStringA
RpcServerUseProtseqEpW
IUnknown_QueryInterface_Proxy
UuidToStringW
RpcRaiseException
CStdStubBuffer_IsIIDSupported
RpcServerRegisterAuthInfoW
CStdStubBuffer_DebugServerRelease
NdrOleFree
CStdStubBuffer_AddRef
RpcBindingSetAuthInfoW
UuidFromStringW
NdrStubCall2
NdrServerCall2
NdrDllUnregisterProxy
RpcBindingFree
RpcStringBindingComposeW
IUnknown_Release_Proxy
NdrDllRegisterProxy
RpcStringBindingParseW
RpcStringFreeA
RpcBindingVectorFree
RpcBindingFromStringBindingW
gdi32
Ellipse
SetTextColor
GetPixel
SetBkColor
ExtTextOutW
SetTextAlign
SetViewportExtEx
CreateDIBSection
MoveToEx
GetSystemPaletteEntries
EnumFontFamiliesExW
GetDIBits
GetBkColor
GetObjectW
GetObjectA
GetTextAlign
PlayMetaFile
GetViewportExtEx
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
IntersectClipRect
StartPage
GetStockObject
OffsetViewportOrgEx
GetCurrentObject
SaveDC
LPtoDP
StretchBlt
RealizePalette
SetROP2
ScaleWindowExtEx
GetTextMetricsA
GetTextExtentPointA
GetClipRgn
SetWindowOrgEx
CreateBitmap
GetTextExtentPointW
GetPaletteEntries
GetNearestColor
GetObjectType
GetClipBox
ExcludeClipRect
CreateHalftonePalette
EndPage
GetTextExtentPoint32W
SetBkMode
CreatePalette
SetStretchBltMode
DeleteMetaFile
OffsetRgn
ScaleViewportExtEx
Polyline
TextOutW
CreatePatternBrush
ExtTextOutA
Escape
SetBrushOrgEx
RestoreDC
CombineRgn
FillRgn
ExtSelectClipRgn
DPtoLP
StretchDIBits
GetTextMetricsW
UnrealizeObject
CloseMetaFile
SelectClipRgn
CreateFontIndirectA
EndDoc
CreateSolidBrush
GetDeviceCaps
TextOutA
CreateMetaFileA
GetWindowExtEx
Rectangle
PtVisible
SetMapMode
PatBlt
CreateDIBitmap
SetPixel
DeleteObject
CreateRectRgnIndirect
CreatePen
GetTextExtentPoint32A
GetTextColor
CreateFontIndirectW
GetMapMode
CreateBrushIndirect
CreateDCA
CreateCompatibleDC
GetRgnBox
GetGlyphOutlineA
GetBkMode
SelectObject
RectVisible
CreateFontA
SetWindowExtEx
SelectPalette
CreateRectRgn
user32
SetWindowTextW
WinHelpW
OffsetRect
CallWindowProcW
SetCursor
UnhookWindowsHookEx
GetDlgItemTextA
PtInRect
MoveWindow
CreatePopupMenu
SetCapture
SetWindowTextA
MessageBeep
IsRectEmpty
EnableMenuItem
UpdateWindow
RegisterWindowMessageW
GetDlgItemTextW
CreateWindowExA
CreateDialogParamW
GetWindowTextLengthW
IsWindowVisible
GetDlgCtrlID
BeginPaint
LoadIconW
RegisterClassW
CreateWindowExW
CharNextA
GetWindowTextA
MessageBoxA
GetMessageA
LoadImageW
wsprintfW
SystemParametersInfoA
GetKeyState
GetWindowRect
SetWindowPos
GetWindowPlacement
RegisterWindowMessageA
DispatchMessageA
CharUpperW
SetWindowRgn
SetWindowLongW
ReleaseDC
SendMessageA
LoadIconA
EndDialog
SetForegroundWindow
FindWindowA
UnregisterClassA
LoadBitmapW
GetWindow
IsWindow
SetFocus
DrawIcon
DestroyIcon
GetSystemMenu
GetWindowLongW
GetWindowLongA
SetRect
SendDlgItemMessageA
PeekMessageW
InvalidateRect
PostMessageW
PeekMessageA
GetCursorPos
CheckRadioButton
PostQuitMessage
ClientToScreen
GetCapture
GetClassNameW
GetMenu
RegisterClassExA
GetProcessWindowStation
DialogBoxParamA
IsIconic
GetWindowThreadProcessId
GetWindowTextW
TrackPopupMenu
DestroyMenu
SetTimer
GetMessagePos
SetDlgItemTextW
GetFocus
EndPaint
ScreenToClient
GetDesktopWindow
IsDlgButtonChecked
InflateRect
CharNextW
LoadCursorA
TranslateMessage
SendDlgItemMessageW
CharLowerW
CheckMenuItem
LoadBitmapA
CallWindowProcA
IntersectRect
GetDlgItem
DispatchMessageW
RegisterClassA
CallNextHookEx
RegisterClipboardFormatW
CharUpperA
GetSystemMetrics
MessageBoxW
DrawTextW
MsgWaitForMultipleObjects
IsWindowEnabled
SetMenu
GetSysColor
MapWindowPoints
ExitWindowsEx
SystemParametersInfoW
DrawTextA
GetActiveWindow
shlwapi
PathStripToRootW
PathStripToRootA
PathIsRelativeW
PathFindFileNameW
StrStrW
PathRemoveFileSpecW
StrStrIW
PathAddBackslashW
StrDupW
StrCmpNIW
PathRemoveBackslashW
PathFindExtensionW
SHDeleteValueA
StrToIntW
SHSetValueW
UrlUnescapeW
PathAppendA
PathFindFileNameA
SHDeleteKeyW
SHDeleteValueW
SHDeleteKeyA
StrCmpIW
StrRetToBufW
PathCombineW
PathRemoveBlanksW
UrlIsW
StrChrW
StrCpyNW
StrCatW
PathGetDriveNumberW
PathCreateFromUrlW
PathFileExistsW
PathIsDirectoryW
AssocQueryStringW
wnsprintfW
UrlCanonicalizeW
SHRegGetBoolUSValueW
wnsprintfA
StrRChrW
PathFindExtensionA
StrToIntExW
PathIsUNCW
StrCmpNIA
StrCmpW
PathAppendW
PathSkipRootW
SHGetValueW
StrCatBuffW
StrChrIW
PathIsRootW
StrCmpNW
StrCpyW
StrStrIA
PathRemoveFileSpecA
PathRemoveExtensionW
SHStrDupW
StrTrimW
PathIsURLW
advapi32
CryptDestroyHash
RegDeleteValueA
RegDeleteKeyA
FreeSid
OpenServiceW
GetTraceLoggerHandle
RegQueryValueExA
CryptDestroyKey
InitializeAcl
RegEnumKeyW
GetSidLengthRequired
RegEnumKeyExA
GetSecurityDescriptorControl
RegCreateKeyExA
RegConnectRegistryW
IsValidSecurityDescriptor
CopySid
SetThreadToken
QueryServiceConfigW
StartServiceW
LsaOpenPolicy
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeSelfRelativeSD
GetUserNameW
OpenProcessToken
RegDeleteKeyW
AddAce
RegQueryValueW
DeregisterEventSource
SetSecurityDescriptorOwner
GetTraceEnableLevel
RegNotifyChangeKeyValue
CryptGenRandom
GetSecurityDescriptorOwner
DeleteService
LookupAccountNameW
RegOpenKeyW
GetSidIdentifierAuthority
GetSecurityDescriptorLength
GetAce
SetServiceStatus
GetTokenInformation
ConvertStringSidToSidW
RegEnumValueA
CryptCreateHash
RegCreateKeyW
RegEnumKeyA
ChangeServiceConfigW
RegQueryInfoKeyW
ReportEventW
ControlService
CryptAcquireContextW
GetTraceEnableFlags
ConvertSidToStringSidW
SetEntriesInAclW
LsaQueryInformationPolicy
CryptHashData
AdjustTokenPrivileges
RegSetValueExA
SetFileSecurityW
RegFlushKey
GetSidSubAuthority
RegSetValueA
RegQueryValueA
RegQueryInfoKeyA
AllocateAndInitializeSid
RegQueryValueExW
RegCreateKeyExW
CryptReleaseContext
AddAccessAllowedAce
UnlockServiceDatabase
GetAclInformation
LsaFreeMemory
RegSetValueW
RegCloseKey
RegCreateKeyA
CryptAcquireContextA
LookupAccountSidW
RevertToSelf
RegOpenKeyExW
ImpersonateLoggedOnUser
GetUserNameA
CheckTokenMembership
RegEnumValueW
SetSecurityDescriptorDacl
RegOpenKeyA
RegisterEventSourceW
LookupPrivilegeValueW
OpenThreadToken
GetSecurityDescriptorDacl
OpenSCManagerW
CloseServiceHandle
ole32
GetRunningObjectTable
CoCreateInstance
CoUnmarshalInterface
MkParseDisplayName
CoRevertToSelf
CoInitializeEx
CoCreateFreeThreadedMarshaler
WriteClassStm
CLSIDFromString
CoGetInterfaceAndReleaseStream
OleRun
CreateBindCtx
CoGetObjectContext
StgOpenStorage
CoGetClassObject
OleUninitialize
CoCreateInstanceEx
StringFromGUID2
GetHGlobalFromStream
PropVariantClear
CoReleaseMarshalData
CreateOleAdviseHolder
CoInitialize
IIDFromString
CoFreeUnusedLibraries
CoTaskMemRealloc
StringFromCLSID
PropVariantCopy
OleRegGetUserType
ReleaseStgMedium
CoRevokeClassObject
CoSetProxyBlanket
CoGetMalloc
CoImpersonateClient
OleInitialize
CreateDataAdviseHolder
StringFromIID
StgIsStorageFile
CoTaskMemAlloc
CreateItemMoniker
CoRegisterClassObject
StgCreateDocfileOnILockBytes
OleLoadFromStream
StgCreateDocfile
CoCreateGuid
CoInitializeSecurity
OleRegEnumVerbs
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoUninitialize
OleRegGetMiscStatus
CLSIDFromProgID
ProgIDFromCLSID
CoTaskMemFree
CoMarshalInterface
ntdll
NtCreateFile
RtlGetVersion
NtReadFile
atol
RtlRunEncodeUnicodeString
NtFreeVirtualMemory
NtSetInformationThread
NtQueryDirectoryObject
RtlDeleteElementGenericTable
NtSetVolumeInformationFile
RtlLengthSid
RtlDetermineDosPathNameType_U
RtlLengthRequiredSid
RtlOemToUnicodeN
RtlFreeUnicodeString
NtCreateSection
RtlGetDaclSecurityDescriptor
_wcslwr
RtlAnsiStringToUnicodeString
RtlCopySid
NtPowerInformation
RtlNewSecurityObject
RtlEqualUnicodeString
wcscmp
RtlSubAuthorityCountSid
RtlGUIDFromString
RtlUpcaseUnicodeString
RtlFreeSid
wcsrchr
RtlLookupElementGenericTable
NlsMbCodePageTag
NtDeviceIoControlFile
RtlCreateTimerQueue
RtlReAllocateHeap
_wcsicmp
wcsncat
RtlNtStatusToDosError
RtlSetEnvironmentVariable
wcstoul
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlUnicodeStringToOemString
RtlGetAce
RtlWriteRegistryValue
RtlConvertSidToUnicodeString
RtlInitializeCriticalSection
RtlReleaseResource
strchr
strrchr
NtSetEvent
RtlTimeToSecondsSince1970
NtQueryValueKey
NtDeleteKey
atoi
NtQueryKey
NtQueryVolumeInformationFile
NtDuplicateObject
NtAllocateLocallyUniqueId
NtQueryAttributesFile
RtlUpcaseUnicodeStringToOemString
RtlQueryInformationAcl
NtQueryDirectoryFile
NtEnumerateKey
wcstol
RtlDeleteResource
RtlAcquireResourceExclusive
RtlRaiseStatus
RtlCreateAcl
NtEnumerateValueKey
wcscat
RtlQueryEnvironmentVariable_U
NtClose
RtlCreateTimer
RtlAllocateHeap
_stricmp
NtOpenThread
RtlIntegerToUnicodeString
RtlInitializeCriticalSectionAndSpinCount
NtFsControlFile
RtlDeleteCriticalSection
RtlUnicodeStringToAnsiString
RtlSystemTimeToLocalTime
RtlUpcaseUnicodeChar
NtCancelIoFile
NlsMbOemCodePageTag
RtlExtendedLargeIntegerDivide
NtWriteFile
RtlLeaveCriticalSection
NtSetValueKey
NtOpenProcessToken
RtlAcquireResourceShared
RtlInitializeGenericTable
NtOpenDirectoryObject
RtlUnicodeToOemN
RtlCreateHeap
NtOpenProcess
RtlExpandEnvironmentStrings_U
wcslen
RtlRegisterWait
RtlDestroyEnvironment
RtlxAnsiStringToUnicodeSize
NtConnectPort
RtlCreateUserThread
RtlInitializeResource
RtlDosPathNameToNtPathName_U
_vsnprintf
NtAdjustPrivilegesToken
NtQuerySystemTime
RtlEnterCriticalSection
_chkstk
strncpy
RtlLengthSecurityDescriptor
NtQuerySystemInformation
NtTerminateProcess
RtlCreateEnvironment
RtlRunDecodeUnicodeString
RtlxUnicodeStringToAnsiSize
RtlAppendUnicodeStringToString
RtlxUnicodeStringToOemSize
RtlFreeAnsiString
_wcsupr
NtOpenKey
shell32
DragQueryFileA
CommandLineToArgvW
SHGetSpecialFolderLocation
SHBindToParent
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
DragQueryFileW
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteExW
SHChangeNotify
kernel32
GetCurrentThread
GetFullPathNameW
GetFileAttributesA
GlobalUnlock
IsDebuggerPresent
FileTimeToLocalFileTime
TerminateProcess
GetWindowsDirectoryW
DeleteFileW
ResetEvent
GetFileAttributesW
LeaveCriticalSection
FindClose
GetOEMCP
ExitProcess
WaitForSingleObject
GetVersionExA
SetErrorMode
GetSystemInfo
GetStdHandle
GetCurrentProcessId
lstrlenW
HeapFree
SetThreadPriority
GetStringTypeW
CreateMutexW
SetFileAttributesW
GlobalAlloc
IsBadWritePtr
GetCommandLineW
GetModuleHandleA
FindNextFileA
GetUserDefaultLCID
ResumeThread
lstrcpyA
GetStringTypeA
FlushFileBuffers
GetModuleFileNameW
WaitForMultipleObjects
HeapReAlloc
GetFileSize
CreateFileMappingW
GetVersionExW
TlsAlloc
QueryPerformanceCounter
LCMapStringW
GetWindowsDirectoryA
MultiByteToWideChar
CreateDirectoryA
CreateProcessA
CreateEventA
UnhandledExceptionFilter
TlsFree
LocalFree
WriteFile
InitializeCriticalSection
lstrcmpW
LoadResource
VirtualAlloc
CreateFileW
GetProcessHeap
FindFirstFileA
InterlockedCompareExchange
MulDiv
GetComputerNameW
SetLastError
lstrcpynW
WriteConsoleW
GetLocalTime
SetFilePointer
lstrcmpA
GetConsoleMode
lstrlenA
FindResourceA
lstrcmpiA
DeleteFileA
GetEnvironmentStrings
InterlockedIncrement
IsDBCSLeadByte
GetSystemTimeAsFileTime
LoadLibraryExA
FormatMessageA
GetVersion
LCMapStringA
GetCPInfo
GetModuleHandleW
GlobalLock
VirtualQuery
SetStdHandle
GetStartupInfoA
SetUnhandledExceptionFilter
FreeLibrary
FreeEnvironmentStringsW
lstrcpyW
CreateFileA
GetExitCodeProcess
SystemTimeToFileTime
GetThreadLocale
lstrcmpiW
InitializeCriticalSectionAndSpinCount
FindResourceW
IsBadReadPtr
LockResource
HeapSize
SetHandleCount
GetLocaleInfoA
UnmapViewOfFile
GetACP
SetEndOfFile
WideCharToMultiByte
CloseHandle
GetTickCount
GetCurrentThreadId
LoadLibraryExW
EnterCriticalSection
SetEvent
ExpandEnvironmentStringsW
MapViewOfFile
GetCurrentDirectoryW
GetModuleFileNameA
GetTempPathA
oleaut32
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantInit
LoadTypeLib
VariantCopy
SafeArrayUnaccessData
SysStringByteLen
SysStringLen
VariantClear
SafeArrayPutElement
SysAllocStringByteLen
GetErrorInfo
SysAllocStringLen
OleLoadPicture
GetActiveObject
SysReAllocStringLen
RegisterTypeLib
SysFreeString
VariantChangeType
VariantChangeTypeEx
SafeArrayPtrOfIndex
comdlg32
ChooseFontW
GetOpenFileNameW
ChooseColorA
PageSetupDlgW
PrintDlgExW
FindTextA
CommDlgExtendedError
PrintDlgW
PageSetupDlgA
GetOpenFileNameA
GetSaveFileNameA
GetSaveFileNameW
FindTextW
ChooseColorW
PrintDlgA
GetFileTitleW
GetFileTitleA
ChooseFontA
msvcrt
wcslen
_ltoa
floor
_ftol
__dllonexit
__wgetmainargs
srand
_access
__CxxFrameHandler
_wcslwr
_wcsupr
wcscat
__pioinfo
exit
_CIsqrt
rand
wcsrchr
wcschr
__getmainargs
_wtol
_fileno
wcstoul
_ultow
bsearch
_ltow
_itoa
_snprintf
_exit
isdigit
__badioinfo
__set_app_type
_snwprintf
qsort
strncpy
_iob
_cexit
wcstol
sprintf
strchr
__p__fmode
_wfopen
fwrite
_local_unwind2
_isatty
_beginthreadex
_wcsicmp
_strdup
atoi
isalnum
ctime
wcsncmp
strrchr
_acmdln
strncmp
tolower
memmove
isleadbyte
_wcsnicmp
_ultoa
fread
isspace
towlower
iswalpha
strtok
_CxxThrowException
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
__initenv
_strnicmp
__p__osver
wcsncat
strstr
??3@YAXPAX@Z
_c_exit
??2@YAPAXI@Z
_strlwr
_commit
free
_initterm
iswctype
__p__iob
realloc
ceil
wcsncpy
_lseeki64
atol
wcsstr
??1type_info@@UAE@XZ
toupper
_rotr
_lock
strlen
setlocale
wcstok
fflush
_write
swscanf
fopen
_XcptFilter
wcspbrk
malloc
sscanf
_stat
_purecall
_errno
time
_amsg_exit
_itow
memcpy
swprintf
_wcsdup
strtoul
isalpha
_except_handler3
__p__commode
printf
wcscmp
version
VerFindFileW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
VerLanguageNameA
Sections
.tls Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 140KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 512B - Virtual size: 485B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.textbss Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.textbss Size: 512B - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 486B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 489B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ