Static task
static1
Behavioral task
behavioral1
Sample
19321ee14e9ab4e0693fbb63616a1ac3.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
19321ee14e9ab4e0693fbb63616a1ac3.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
19321ee14e9ab4e0693fbb63616a1ac3
-
Size
1.3MB
-
MD5
19321ee14e9ab4e0693fbb63616a1ac3
-
SHA1
c0ebd6260f04aedfc7000ef3799be2d1108dec0f
-
SHA256
c062279656c40bbe08e0237661972c78e24a0d938b3a26fb70514a41f26694af
-
SHA512
165dee6a52bab0c553adad9a233607174aacf2b3d61cbcbece3feb867f3bf8dd162bd3d36611affde9afc04dd4cf29f5b1e425e4c1746b59b4864bb575d0c173
-
SSDEEP
24576:9URcCVq3jNYn3+EdFh/HO0CkYcX/ggrMFZj0Z4d4vzW4:9u/Vy63+Ezh/JjAZj0Z4doV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 19321ee14e9ab4e0693fbb63616a1ac3
Files
-
19321ee14e9ab4e0693fbb63616a1ac3.exe windows:5 windows x86 arch:x86
ad169b8b1defc3f8fc31875b1238eccb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcr80
wcscpy_s
wcscat_s
_resetstkoflw
calloc
_wcsicmp
_purecall
wcsstr
wcsrchr
??0exception@std@@QAE@ABQBD@Z
_ltow
_itow_s
_vsnprintf_s
wcstoul
??_V@YAXPAX@Z
_CxxThrowException
swprintf_s
memset
memcpy
_recalloc
__CxxFrameHandler3
wcschr
??0exception@std@@QAE@ABQBDH@Z
_errno
_beginthreadex
swscanf
_wcstoui64
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
__RTDynamicCast
_invalid_parameter_noinfo
??_U@YAPAXI@Z
_vscwprintf
vswprintf_s
_mktime64
_wtoi
wcsncmp
_vsnwprintf_s
_ltoa
free
malloc
memmove_s
memcpy_s
_wcsnicmp
iswspace
_callnewh
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
??3@YAXPAX@Z
msvcp80
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHABV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Nomemory@std@@YAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?allocate@?$allocator@G@std@@QAEPAGI@Z
?deallocate@?$allocator@G@std@@QAEXPAGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?rend@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z
advapi32
TraceEvent
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
UnregisterTraceGuids
RegisterTraceGuidsW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
GetLengthSid
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
RegOpenKeyW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptGenRandom
CryptAcquireContextW
kernel32
CreateThread
GetCurrentThread
WaitForMultipleObjects
QueueUserWorkItem
ReleaseMutex
OpenMutexW
MultiByteToWideChar
GetSystemInfo
GetSystemDefaultLCID
GetFileTime
GetFileSizeEx
CreateFileW
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
SetEndOfFile
WriteFile
SetFilePointerEx
GlobalFree
InterlockedExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetLastError
LocalFree
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
CreateMutexW
LockResource
LoadResource
FindResourceW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FindClose
FindNextFileW
SizeofResource
FindResourceExW
GetDriveTypeW
GetLogicalDriveStringsW
FindFirstFileW
SetErrorMode
lstrlenW
MulDiv
lstrcmpW
InterlockedCompareExchange
GetProcAddress
GetModuleHandleW
SetProcessWorkingSetSize
GetLocalTime
GetLocaleInfoW
FileTimeToSystemTime
GetDateFormatW
GetUserDefaultUILanguage
GetTimeFormatW
FreeLibrary
LoadLibraryW
FormatMessageW
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
DeleteFileW
CreateProcessW
CreateDirectoryW
ExpandEnvironmentStringsW
GetFileSize
ReadFile
ResetEvent
LCMapStringW
GetSystemDirectoryW
GetFileAttributesW
WaitForSingleObject
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
CompareFileTime
gdi32
GetTextExtentPoint32W
CreateCompatibleDC
CreateBitmap
BitBlt
SetBkMode
GetTextExtentPointW
GetTextColor
GetCurrentObject
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
GetDeviceCaps
DPtoLP
GetTextMetricsW
RestoreDC
GetStockObject
GetObjectA
GetLayout
SetLayout
CreateSolidBrush
SetTextColor
GetObjectW
DeleteObject
CreateFontIndirectW
SelectObject
CreatePatternBrush
PatBlt
DeleteDC
CreateCompatibleBitmap
GetPixel
LineTo
MoveToEx
CreatePen
SetBkColor
user32
GetDC
ReleaseDC
SetWindowPos
GetWindow
SetTimer
DrawTextW
GetWindowTextLengthW
GetWindowTextW
AllowSetForegroundWindow
FindWindowExW
LoadIconW
GetDesktopWindow
LoadAcceleratorsW
SystemParametersInfoW
TrackMouseEvent
CallWindowProcW
IsRectEmpty
PostMessageW
GetParent
IsWindowEnabled
InvalidateRect
EndPaint
BeginPaint
GetWindowRect
GetWindowLongW
GetDlgCtrlID
DestroyMenu
TrackPopupMenu
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyIcon
IsWindow
CharUpperW
MapWindowPoints
UnregisterClassA
MessageBoxW
CopyIcon
IsMenu
GetClassNameW
GetIconInfo
DrawIconEx
CreateIconIndirect
GetAncestor
GetCapture
GetMessagePos
DrawEdge
GetWindowDC
ReleaseCapture
SetCapture
SetRectEmpty
InflateRect
SetScrollInfo
GetScrollInfo
SetScrollPos
ScrollWindowEx
ScrollWindow
GetScrollPos
GetSystemMetrics
DrawIcon
ShowCursor
GetSysColorBrush
GetDoubleClickTime
MessageBeep
RegisterWindowMessageW
CreatePopupMenu
AppendMenuW
SetForegroundWindow
ExitWindowsEx
KillTimer
GetMessageW
EnableMenuItem
GetSubMenu
LoadMenuW
DialogBoxIndirectParamW
RegisterClassExW
DefWindowProcW
GetSysColor
CheckMenuItem
LoadCursorW
GetClassInfoExW
GetDlgItem
SetDlgItemTextW
GetClientRect
MoveWindow
CharNextW
DestroyWindow
SetWindowTextW
SendMessageW
CreateWindowExW
SetWindowLongW
EndDialog
SetFocus
LockWindowUpdate
ScreenToClient
GetWindowPlacement
GetNextDlgTabItem
PostQuitMessage
RegisterClassW
UnregisterClassW
RedrawWindow
IsChild
IsWindowVisible
GetFocus
DrawFocusRect
EqualRect
SetRect
LoadStringW
IsCharAlphaNumericW
CopyRect
GetKeyState
PtInRect
OffsetRect
SetCursor
GetCursorPos
EnableWindow
ShowWindow
FillRect
GetLastActivePopup
shell32
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
SHGetFolderPathW
ord680
ole32
CoCreateGuid
OleRun
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeEx
CoGetObject
oleaut32
SafeArrayLock
SafeArrayUnlock
SysStringLen
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi
SafeArrayCreate
SafeArrayDestroy
VariantInit
VariantClear
SafeArrayGetUBound
mpclient
MpScanOpen
MpScanResult
MpRegisterEventNotification
MpScanCancel
MpScan
MpScanThreatEnum
MpScanThreatOpen
MpScanHistoryEnum
MpScanHistoryOpen
MpConfigUnregisterNotifications
MpConfigRegisterForNotifications
MpElevationHandleClose
MpElevationHandleAttach
MpCleanThreats
MpCleanSetAction
MpCleanOpen
MpCleanPreCheck
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpClientUtilExportFunctions
MpConfigInitialize
MpConfigUninitialize
MpFreeMemory
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigClose
MpConfigOpen
MpFormatVErrorMessage
MpClose
MpOpen
MpAllocMemory
MpConfigSetValue
MpConfigDelValue
MpUnregisterEventNotification
MpScanClose
MpScanThreatClose
MpScanHistoryClose
MpCleanClose
MpQuarantineClose
MpQuarantineQuery
MpQuarantineEnum
MpQuarantineOpen
MpGetThreatLocalizedInfo
MpGetThreatStaticInfo
MpSignaturesUpdateClose
MpSignaturesUpdateCancel
MpDownloadAndUpdateSignaturesEx
MpScanCreateReport
gdiplus
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRect
GdipCreateHICONFromBitmap
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipReleaseDC
GdipGetDC
GdipDrawRectangleI
GdipDrawPath
GdipDrawImageRectRectI
GdipFillPath
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipAddPathArcI
GdipLoadImageFromStream
GdipSetSmoothingMode
GdipCloneBrush
GdipDeletePen
GdipCreateFontFromDC
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawLineI
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFillRectangle
GdipCloneBitmapAreaI
GdiplusStartup
GdipCreatePen1
GdipDeleteBrush
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipLoadImageFromStreamICM
GdipCreateFontFromLogfontA
comctl32
ord410
ord412
ord413
ImageList_Create
ImageList_ReplaceIcon
ImageList_LoadImageW
ImageList_Destroy
InitCommonControlsEx
shlwapi
StrCmpNW
StrDupW
StrStrIW
StrStrW
StrChrW
StrCmpNIW
StrCmpIW
oleacc
LresultFromObject
AccessibleObjectFromWindow
msmpres
GetMsMpResModuleHandle
rpcrt4
UuidFromStringW
mprtmon
MpGetRealtimeManager
MpShutdownRealtimeMonitoring
MpInitializeRealtimeMonitoring
MpConstructCDetections
MpConstructOnDemandDetection
netapi32
NetGetJoinInformation
NetApiBufferFree
winhttp
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpConnect
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
urlmon
IsValidURL
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 795KB - Virtual size: 794KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 16KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE