Static task
static1
Behavioral task
behavioral1
Sample
069dcf435e065fb6b3fbdf913bcc809d.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
069dcf435e065fb6b3fbdf913bcc809d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
069dcf435e065fb6b3fbdf913bcc809d
-
Size
230KB
-
MD5
069dcf435e065fb6b3fbdf913bcc809d
-
SHA1
a599cbf7fde5e3fc90a8fb0e79d636baaa806392
-
SHA256
4f87a614a84e50977e88b320471abdf2dd0fba5dabb032ffdef986246653a7f2
-
SHA512
240e1fee24f91a2e22201f3ba6de01d55bf9ef8fbb05d7d1a35f6fdbc0bab258fc0560a9a483f5ca1aee5353da77207a78a342dc8bdebca940e12c87e10cf32a
-
SSDEEP
6144:WmStsLxyRATzSTsm+7vQxLS1WHkcoqk7wz4g:VStQxyazSzRU6kjI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 069dcf435e065fb6b3fbdf913bcc809d
Files
-
069dcf435e065fb6b3fbdf913bcc809d.exe windows:4 windows x86 arch:x86
420ca80993eddf805d84b4bdb7d35bfe
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
RealShellExecuteA
DragQueryPoint
ExtractIconEx
FindExecutableW
DuplicateIcon
SheShortenPathA
FindExeDlgProc
RealShellExecuteW
ExtractIconExA
SHGetNewLinkInfo
ExtractAssociatedIconW
SHBrowseForFolder
SHGetFileInfoA
CheckEscapesA
SheGetDirA
InternalExtractIconListW
SHGetInstanceExplorer
SheSetCurDrive
SheChangeDirExW
SheGetDirExW
gdi32
GetLogColorSpaceW
EnableEUDC
CreateHatchBrush
ExtTextOutA
GetDIBColorTable
CreateDIBPatternBrushPt
GetTextExtentPointA
GetGlyphOutline
RealizePalette
SetBitmapBits
EnumICMProfilesA
GetClipBox
GetTextExtentPointW
CloseFigure
SetColorAdjustment
GetTextCharacterExtra
ExtTextOutW
CreateEllipticRgnIndirect
StrokeAndFillPath
CreateBrushIndirect
CreateEnhMetaFileA
GdiPlayJournal
MaskBlt
GdiFlush
SetWinMetaFileBits
ExtCreatePen
TextOutW
UpdateICMRegKeyA
SetTextCharacterExtra
AbortDoc
ModifyWorldTransform
CreatePalette
DeviceCapabilitiesExA
GetCharacterPlacementW
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
SetRectRgn
LineDDA
AddFontResourceA
GetCharWidth32W
LineTo
GetTextAlign
SetPixelV
GetWindowOrgEx
SelectClipPath
DPtoLP
CancelDC
CreateRectRgn
ExtSelectClipRgn
PlgBlt
UpdateICMRegKeyW
SetMapperFlags
GetFontLanguageInfo
ArcTo
PatBlt
SetAbortProc
CreateScalableFontResourceW
EndDoc
SetStretchBltMode
GdiSetBatchLimit
CreateEllipticRgn
CreateDiscardableBitmap
GetMiterLimit
GetCharABCWidthsW
SetGraphicsMode
RectInRegion
GetSystemPaletteEntries
GetWindowExtEx
UpdateColors
GetTextColor
CheckColorsInGamut
GetCharWidthFloatA
GetTextExtentExPointA
PolyPolygon
CreateDCW
FloodFill
TranslateCharsetInfo
PolylineTo
SetLayout
GetNearestColor
CreateCompatibleBitmap
ExtEscape
EnumFontsA
GetTextExtentExPointW
SetROP2
Arc
Polygon
SetDIBits
GetFontData
ScaleViewportExtEx
comdlg32
GetFileTitleW
ChooseColorW
FindTextW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgW
GetOpenFileNameW
ReplaceTextA
ChooseColorA
ChooseFontA
LoadAlterBitmap
GetOpenFileNameA
PageSetupDlgA
FindTextA
ChooseFontW
ReplaceTextW
PrintDlgA
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
MoveFileW
GetVersionExW
LocalUnlock
LocalReAlloc
HeapSize
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetDiskFreeSpaceExA
SetHandleCount
SleepEx
OpenMutexW
ExpandEnvironmentStringsW
LoadLibraryExW
FindFirstFileA
TransmitCommChar
GetProfileSectionW
HeapDestroy
SetConsoleWindowInfo
LoadLibraryExA
SearchPathW
DebugActiveProcess
GetVersionExA
WideCharToMultiByte
GetVolumeInformationW
CreateConsoleScreenBuffer
FindAtomA
ConnectNamedPipe
GetSystemDirectoryW
GetConsoleMode
EnumTimeFormatsA
GlobalUnfix
FindFirstChangeNotificationA
GetVersion
GetPriorityClass
GetPrivateProfileStringW
GetPrivateProfileStringA
VirtualFreeEx
WaitNamedPipeA
lstrcpyn
WriteConsoleInputW
lstrlen
WaitForMultipleObjectsEx
OpenWaitableTimerW
FindResourceExA
VirtualQueryEx
GetFileInformationByHandle
SetFileAttributesA
GetThreadContext
lstrcmpA
SetEnvironmentVariableA
IsValidLocale
WriteConsoleOutputAttribute
ReadFileEx
GlobalHandle
GetSystemInfo
OpenFileMappingA
GetFileAttributesW
EnterCriticalSection
lstrcatA
CreateDirectoryW
GetSystemDefaultLCID
SetThreadLocale
GetTimeZoneInformation
OutputDebugStringW
EnumDateFormatsExA
CreateToolhelp32Snapshot
SetConsoleCursorInfo
InterlockedCompareExchange
IsValidCodePage
Heap32ListFirst
GetNamedPipeInfo
ReleaseSemaphore
GetWriteWatch
VirtualUnlock
Toolhelp32ReadProcessMemory
CreateTapePartition
lstrcmpi
FreeResource
ReadConsoleOutputAttribute
LoadResource
CreateSemaphoreA
GetProfileIntA
WritePrivateProfileStructA
PeekConsoleInputA
GetFileType
GetLocaleInfoA
OpenEventW
VirtualFree
FreeEnvironmentStringsA
GlobalFlags
GetDateFormatW
FindFirstFileW
GetCurrentDirectoryW
GetComputerNameW
FoldStringA
GetStringTypeExA
CreateEventA
GetLogicalDriveStringsA
GetStartupInfoW
FindAtomW
WriteProfileSectionA
FindResourceA
WaitCommEvent
CompareStringA
lstrcmpiW
GetEnvironmentStringsW
GetSystemDefaultLangID
FormatMessageA
SystemTimeToTzSpecificLocalTime
GlobalSize
ExitThread
FoldStringW
OpenEventA
SetLastError
WriteFileEx
CopyFileExA
GetDiskFreeSpaceA
ReadDirectoryChangesW
GetCurrencyFormatW
lstrcpyA
UnmapViewOfFile
GlobalReAlloc
GetNamedPipeHandleStateA
GetCurrencyFormatA
GetDiskFreeSpaceExW
CommConfigDialogA
BeginUpdateResourceA
CreateFileA
SetConsoleTextAttribute
GetProcessPriorityBoost
LocalCompact
SetConsoleCP
WriteConsoleOutputA
InterlockedIncrement
LocalAlloc
InterlockedDecrement
ReadConsoleInputW
lstrcpy
EnumSystemLocalesW
OutputDebugStringA
EnumCalendarInfoExW
WaitForMultipleObjects
FillConsoleOutputCharacterW
CreateWaitableTimerA
GetLastError
GetTempFileNameW
GetExitCodeProcess
TlsSetValue
GetProcessAffinityMask
EnumDateFormatsExW
WinExec
GlobalDeleteAtom
SetEndOfFile
SetLocaleInfoA
GetCalendarInfoW
FindNextFileA
GetPrivateProfileSectionA
InitializeCriticalSectionAndSpinCount
MoveFileA
SetComputerNameW
FindNextChangeNotification
GetNumberFormatW
GlobalFindAtomW
ResumeThread
EnumCalendarInfoA
GetCurrentDirectoryA
SetWaitableTimer
GlobalFix
CreateNamedPipeA
HeapLock
DisconnectNamedPipe
WriteConsoleOutputCharacterA
GetThreadLocale
LeaveCriticalSection
WaitForSingleObject
TlsGetValue
ReadFile
GetConsoleTitleW
VirtualLock
Heap32ListNext
CreateNamedPipeW
WriteFileGather
ResetEvent
LocalFlags
ReadProcessMemory
TryEnterCriticalSection
Heap32Next
GetConsoleOutputCP
CreateProcessA
GetProcessHeap
lstrcmpW
FlushConsoleInputBuffer
UnhandledExceptionFilter
OpenSemaphoreW
GetDriveTypeW
GlobalGetAtomNameA
CopyFileA
CreateRemoteThread
GetDateFormatA
Thread32First
GetAtomNameA
Process32Next
VirtualProtectEx
GetLogicalDriveStringsW
GetQueuedCompletionStatus
GetCurrentThread
ReadConsoleW
GetPrivateProfileIntW
GetThreadPriority
DeleteAtom
DeleteFileW
SetVolumeLabelW
GetCommandLineA
FileTimeToSystemTime
DisableThreadLibraryCalls
GetConsoleTitleA
GetNumberFormatA
GetProfileStringW
GlobalWire
SetLocalTime
GetComputerNameA
WaitNamedPipeW
GetWindowsDirectoryW
CloseHandle
Module32Next
WritePrivateProfileStructW
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetLongPathNameA
LocalSize
TerminateThread
CreateMutexW
SetThreadExecutionState
GetFullPathNameW
Thread32Next
GetEnvironmentStringsA
FindCloseChangeNotification
GetThreadTimes
GlobalUnlock
LocalShrink
OpenFileMappingW
GetPrivateProfileSectionNamesA
RtlFillMemory
RtlZeroMemory
PulseEvent
SystemTimeToFileTime
FillConsoleOutputAttribute
OpenFile
EnumSystemCodePagesA
MultiByteToWideChar
LocalFileTimeToFileTime
GetStringTypeExW
GlobalFindAtomA
WriteConsoleW
lstrcpynA
SetConsoleTitleW
ExpandEnvironmentStringsA
GetProcessHeaps
MulDiv
GlobalFree
GetAtomNameW
GetLocaleInfoW
SetCurrentDirectoryW
GetVolumeInformationA
EnumResourceTypesW
GlobalUnWire
FindFirstFileExA
GetStdHandle
ConvertDefaultLocale
EnumDateFormatsA
Heap32First
lstrcat
DefineDosDeviceW
GetShortPathNameW
LockFile
GetACP
GetPrivateProfileStructW
LocalLock
AddAtomW
GetTimeFormatW
DebugBreak
FindResourceExW
RemoveDirectoryA
MoveFileExA
FlushViewOfFile
FillConsoleOutputCharacterA
TlsAlloc
GetConsoleScreenBufferInfo
GetProcessTimes
SetThreadAffinityMask
GetFileTime
WritePrivateProfileStringA
CreateWaitableTimerW
CreateThread
AllocConsole
GetTempPathA
GetStringTypeA
LocalHandle
CreateProcessW
GetCalendarInfoA
GetProfileIntW
SetFileTime
FindFirstChangeNotificationW
FlushInstructionCache
SetConsoleMode
GetConsoleCP
DuplicateHandle
CreateFileW
GetWindowsDirectoryA
FreeEnvironmentStringsW
lstrcatW
WriteConsoleA
lstrlenW
DeviceIoControl
SetComputerNameA
EraseTape
GetDriveTypeA
GetEnvironmentVariableW
lstrlenA
GetFileAttributesExW
GetProfileSectionA
WaitForSingleObjectEx
EnumResourceLanguagesA
FlushFileBuffers
GetMailslotInfo
GetFileAttributesA
WriteProfileStringW
GetModuleFileNameW
GlobalCompact
CreateMailslotA
FindClose
WriteProfileStringA
EnumSystemCodePagesW
OpenProcess
OpenSemaphoreA
GetEnvironmentStrings
FileTimeToLocalFileTime
SetConsoleScreenBufferSize
FreeLibrary
EnumResourceNamesA
SetCriticalSectionSpinCount
DefineDosDeviceA
WriteConsoleOutputW
WaitForDebugEvent
EnumDateFormatsW
GetStartupInfoA
GetNumberOfConsoleMouseButtons
SetFilePointer
CreateMailslotW
SetConsoleCtrlHandler
GetTempFileNameA
EnumTimeFormatsW
GetShortPathNameA
GlobalGetAtomNameW
FindNextFileW
lstrcmp
GlobalAlloc
LoadLibraryW
GetLogicalDrives
UnlockFile
DosDateTimeToFileTime
CreateSemaphoreW
AddAtomA
SetLocaleInfoW
ReadConsoleOutputCharacterW
SignalObjectAndWait
GlobalLock
RemoveDirectoryW
SetEvent
EnumSystemLocalesA
GetLongPathNameW
GetProfileStringA
Module32First
GetNumberOfConsoleInputEvents
SearchPathA
ResetWriteWatch
HeapWalk
CreateDirectoryExA
SetCurrentDirectoryA
lstrcpyW
HeapCreate
GetFullPathNameA
GetFileAttributesExA
WritePrivateProfileSectionA
HeapUnlock
UnlockFileEx
MapViewOfFileEx
ReleaseMutex
FindFirstFileExW
lstrcpynW
WriteConsoleOutputCharacterW
EnumResourceTypesA
wsock32
ord1104
getservbyname
ord1112
getsockopt
ord1100
getprotobyname
recvfrom
inet_ntoa
ord1140
WSACleanup
htonl
ord1115
ord1141
WSACancelAsyncRequest
ord1110
WSAAsyncGetHostByName
ord1142
connect
getservbyport
WSAAsyncGetProtoByName
sendto
ord1101
getprotobynumber
shutdown
getsockname
WEP
inet_addr
ord1111
WSAAsyncGetHostByAddr
gethostname
WSAIsBlocking
wininet
InternetSetOptionA
InternetTimeFromSystemTimeW
InternetCombineUrlW
GetUrlCacheGroupAttributeA
InternetSetOptionW
ReadUrlCacheEntryStream
InternetGetConnectedStateEx
FindNextUrlCacheContainerW
InternetErrorDlg
HttpEndRequestA
UnlockUrlCacheEntryFile
RetrieveUrlCacheEntryStreamA
IsUrlCacheEntryExpiredW
InternetTimeToSystemTimeW
InternetCrackUrlA
InternetAutodialHangup
HttpAddRequestHeadersA
FtpGetCurrentDirectoryW
FtpCommandA
GopherFindFirstFileW
InternetConfirmZoneCrossingW
FindFirstUrlCacheEntryExW
CreateUrlCacheGroup
FtpRenameFileW
DeleteIE3Cache
InternetFindNextFileA
InternetAlgIdToStringA
HttpOpenRequestW
InternetSecurityProtocolToStringW
RetrieveUrlCacheEntryFileW
FindNextUrlCacheEntryExW
InternetQueryFortezzaStatus
IsUrlCacheEntryExpiredA
FindNextUrlCacheEntryA
InternetGetCookieW
HttpQueryInfoW
SetUrlCacheEntryGroupA
InternetHangUp
FtpRemoveDirectoryW
InternetCanonicalizeUrlA
CommitUrlCacheEntryW
FindFirstUrlCacheEntryA
GopherGetLocatorTypeW
InternetGetConnectedStateExW
InternetGetLastResponseInfoW
SetUrlCacheEntryInfoW
InternetCheckConnectionA
InternetDialW
SetUrlCacheConfigInfoW
HttpEndRequestW
ShowCertificate
InternetInitializeAutoProxyDll
InternetQueryOptionA
SetUrlCacheEntryInfoA
ShowSecurityInfo
InternetSecurityProtocolToStringA
FindFirstUrlCacheEntryExA
FtpFindFirstFileW
InternetCombineUrlA
InternetWriteFileExA
InternetSetOptionExW
GopherGetAttributeA
FtpDeleteFileA
UnlockUrlCacheEntryFileW
InternetGetConnectedState
FindNextUrlCacheEntryExA
SetUrlCacheHeaderData
FtpPutFileA
IsHostInProxyBypassList
ShowX509EncodedCertificate
CommitUrlCacheEntryA
FindFirstUrlCacheEntryW
FtpGetFileSize
InternetOpenW
InternetTimeToSystemTimeA
FtpGetFileW
DeleteUrlCacheEntryW
InternetGoOnline
UrlZonesDetach
FtpPutFileEx
HttpSendRequestA
UpdateUrlCacheContentPath
SetUrlCacheGroupAttributeW
SetUrlCacheEntryGroupW
GopherFindFirstFileA
InternetQueryDataAvailable
FtpRenameFileA
InternetSetDialState
InternetCreateUrlW
GopherGetLocatorTypeA
FindNextUrlCacheEntryW
RegisterUrlCacheNotification
GopherGetAttributeW
InternetFindNextFileW
InternetGetCertByURLA
InternetGoOnlineA
InternetGetCertByURL
SetUrlCacheEntryGroup
DetectAutoProxyUrl
FtpGetFileA
CreateUrlCacheEntryW
ResumeSuspendedDownload
InternetOpenUrlW
HttpSendRequestExW
InternetConfirmZoneCrossingA
InternetFortezzaCommand
GopherCreateLocatorA
InternetCreateUrlA
FindNextUrlCacheContainerA
InternetTimeFromSystemTime
InternetConnectW
DeleteUrlCacheEntry
FtpOpenFileA
IncrementUrlCacheHeaderData
GetUrlCacheConfigInfoA
UnlockUrlCacheEntryFileA
FreeUrlCacheSpaceW
FtpGetCurrentDirectoryA
GopherCreateLocatorW
HttpSendRequestExA
HttpQueryInfoA
InternetGetConnectedStateExA
InternetAttemptConnect
FtpRemoveDirectoryA
InternetSetDialStateA
GopherOpenFileW
CreateUrlCacheContainerA
UnlockUrlCacheEntryStream
InternetGetLastResponseInfoA
InternetShowSecurityInfoByURLA
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE