Static task
static1
Behavioral task
behavioral1
Sample
0100ee1d2050cecb30f26a7d16b200a8.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
0100ee1d2050cecb30f26a7d16b200a8.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
0100ee1d2050cecb30f26a7d16b200a8
-
Size
1.6MB
-
MD5
0100ee1d2050cecb30f26a7d16b200a8
-
SHA1
426187fee1ae8688725f5b812558da3c18fb682b
-
SHA256
48fb47ee178307f4b59656681f24a32d39caa620d0938bea297af9a327eb9c6a
-
SHA512
cd32453f871062b6974eaf51fadd52d713f7baeb22a572dcda7e7435b88791b528af431260cf7b295dad6a6daf07d4a3c39675f7911077fc7b28556faadda97e
-
SSDEEP
49152:mDkL7g95wdLjfDqs4Gsi8GJsiP1Qt1uBJTsB:F7cs4GsigIJTs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0100ee1d2050cecb30f26a7d16b200a8
Files
-
0100ee1d2050cecb30f26a7d16b200a8.exe windows:4 windows x86 arch:x86
fa61ec1dd725e99733fd3cee41f666bb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mfc80
ord4381
ord4399
ord4401
ord4386
ord4777
ord4181
ord4172
ord4980
ord4781
ord4204
ord4790
ord4443
ord4444
ord762
ord1084
ord2902
ord2272
ord876
ord578
ord781
ord2884
ord310
ord3110
ord4239
ord2093
ord1482
ord6306
ord907
ord2882
ord911
ord5563
ord297
ord4104
ord3085
ord3033
ord2766
ord3934
ord3595
ord759
ord549
ord570
ord4261
ord4481
ord2838
ord5213
ord5230
ord4569
ord3948
ord5227
ord5224
ord2931
ord1920
ord737
ord2249
ord3635
ord5567
ord1544
ord1191
ord1187
ord1489
ord6118
ord299
ord6703
ord304
ord3588
ord5173
ord3883
ord340
ord4591
ord596
ord416
ord651
ord784
ord6231
ord2370
ord3681
ord5710
ord1969
ord1281
ord3490
ord5167
ord605
ord715
ord620
ord3397
ord6754
ord1185
ord6752
ord1551
ord1063
ord3879
ord1564
ord6090
ord3652
ord3450
ord3645
ord368
ord4264
ord4482
ord6043
ord5934
ord2768
ord3040
ord4222
ord1922
ord4739
ord4852
ord4257
ord5495
ord2742
ord5412
ord1379
ord5592
ord5156
ord2051
ord2016
ord6238
ord2621
ord2614
ord4566
ord616
ord4705
ord3499
ord635
ord740
ord741
ord587
ord4265
ord1963
ord1362
ord3345
ord4277
ord1306
ord2173
ord5207
ord1904
ord5148
ord3945
ord1557
ord4020
ord2424
ord2425
ord2992
ord5356
ord944
ord4904
ord2940
ord4135
ord5013
ord5009
ord2615
ord1913
ord2246
ord1572
ord5010
ord5168
ord1091
ord1903
ord572
ord3317
ord2991
ord5175
ord5152
ord4240
ord1591
ord2095
ord3164
ord4232
ord1545
ord2086
ord3195
ord4041
ord552
ord430
ord4309
ord6065
ord1554
ord6009
ord5739
ord5740
ord4115
ord5733
ord2430
ord3653
ord1053
ord3076
ord3401
ord1486
ord4384
ord1917
ord2322
ord2131
ord2866
ord4352
ord3500
ord742
ord4267
ord4278
ord5208
ord1905
ord4021
ord2426
ord943
ord2939
ord4310
ord5014
ord5011
ord1914
ord1604
ord3757
ord5169
ord4250
ord553
ord431
ord2145
ord5859
ord4299
ord3654
ord3210
ord1123
ord1934
ord3161
ord4123
ord4001
ord347
ord5174
ord1360
ord4863
ord3740
ord602
ord5988
ord6091
ord5641
ord502
ord5976
ord4860
ord4935
ord6062
ord5731
ord5640
ord325
ord4125
ord4300
ord4929
ord566
ord3333
ord5566
ord4568
ord2248
ord5226
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord354
ord3182
ord4262
ord5203
ord1401
ord5912
ord6724
ord1670
ord1671
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord3641
ord3683
ord757
ord3997
ord1025
ord593
ord5225
ord5119
ord334
ord959
ord437
ord4031
ord5975
ord1054
ord3292
ord1581
ord1643
ord1794
ord6067
ord1280
ord1279
ord5637
ord1966
ord2066
ord3180
ord5719
ord5921
ord5401
ord5414
ord5588
ord5523
ord5647
ord5642
ord5727
ord6037
ord5888
ord6057
ord4161
ord6054
ord5608
ord6060
ord5611
ord2527
ord2264
ord3287
ord503
ord5658
ord2372
ord1201
ord1425
ord1120
ord3567
ord732
ord265
ord266
ord544
ord589
ord6232
ord4078
ord330
ord4776
ord3346
ord4665
ord3672
ord3596
ord3244
ord2094
ord4100
ord1955
ord2371
ord1283
ord1161
ord3255
ord1181
ord5320
ord6286
ord760
ord5331
ord6297
ord3684
ord1968
ord6144
ord562
ord3325
ord1962
ord5161
ord4966
ord2402
ord5202
ord6269
ord5145
ord1351
ord1345
ord4991
ord1352
ord2039
ord2077
ord2081
ord1912
ord3987
ord5355
ord3929
ord4198
ord6014
ord1595
ord1651
ord2875
ord751
ord3677
ord4379
ord4864
ord4861
ord3974
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4244
ord5151
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3344
ord4967
ord1361
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4273
ord3875
ord764
ord1207
msvcr80
_setmbcp
_time64
__CxxFrameHandler3
_winmajor
_purecall
memcpy_s
ceil
strchr
strrchr
strstr
_CIsin
_CIacos
memmove_s
_CIsqrt
__RTDynamicCast
_CIatan
_CIcos
_CItan
fopen
fputs
_CIatan2
atof
isalpha
isalnum
sscanf
atoi
_mktime64
remove
fgets
fclose
strncmp
memcpy
strncpy
sprintf
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_localtime64_s
_invalid_parameter_noinfo
memset
strtok_s
toupper
isspace
isdigit
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_itoa
_acmdln
kernel32
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersion
InterlockedExchange
GetFullPathNameA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateProcessA
WaitForSingleObject
CloseHandle
Sleep
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
FindNextFileA
GetStartupInfoA
DeleteFileA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
FindClose
user32
EnableWindow
LoadIconA
LoadCursorA
SendMessageA
MessageBoxA
SetCursor
LoadImageA
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
SetForegroundWindow
PostMessageA
LoadMenuA
GetSubMenu
GetMenuItemID
MessageBeep
GetKeyState
GetSystemMetrics
ClipCursor
PeekMessageA
ReleaseCapture
SetCapture
GetCapture
DispatchMessageA
GetAsyncKeyState
OffsetRect
SetRectEmpty
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IntersectRect
InflateRect
IsRectEmpty
RedrawWindow
UpdateWindow
SetClassLongA
KillTimer
SetTimer
InvalidateRect
IsWindowVisible
GetClientRect
gdi32
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetBoundsRect
SetBoundsRect
BitBlt
LPtoDP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetBkColor
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateSolidBrush
Rectangle
Ellipse
Arc
DPtoLP
shell32
SHGetFileInfoA
Shell_NotifyIconA
DragAcceptFiles
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
ws2_32
listen
WSAStartup
msvcp80
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??Bios_base@std@@QBEPAXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?eof@ios_base@std@@QBE_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?width@ios_base@std@@QBEHXZ
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 148KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 308KB - Virtual size: 307KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 794B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE