Static task
static1
Behavioral task
behavioral1
Sample
1b9109a3c01401161719225c191f02e5.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
1b9109a3c01401161719225c191f02e5.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
1b9109a3c01401161719225c191f02e5
-
Size
265KB
-
MD5
1b9109a3c01401161719225c191f02e5
-
SHA1
f664d8845673961e4c6e268c3b97706d62064820
-
SHA256
7883162a31673fb9ae76d7eda870e2ab72f8982de07ae7de5438d246d6a18e3a
-
SHA512
05fd69f7c87139a8c990d72c6bf8b6be784d10d36e233e1fe1cc81e5b3f5474891595298236b12d7f620b18a9877a3be3082cd5b04060a8d5e9ad81bff71aa1f
-
SSDEEP
6144:5idKcp//IVlz+b9OFzMAv2+h2NY2zWd7qp/E:cdKcBCV+b90Pv282zE7qp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1b9109a3c01401161719225c191f02e5
Files
-
1b9109a3c01401161719225c191f02e5.exe windows:4 windows x86 arch:x86
42810b3905c88ac19c10f231e4c58a80
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
LockFile
EnumCalendarInfoW
HeapCreate
SetTimeZoneInformation
GlobalFindAtomA
VirtualProtect
EnumResourceTypesW
GetLocaleInfoA
Toolhelp32ReadProcessMemory
FileTimeToDosDateTime
CreateConsoleScreenBuffer
GetPrivateProfileStringW
DisableThreadLibraryCalls
WaitCommEvent
GetEnvironmentStringsA
InterlockedIncrement
ConvertDefaultLocale
GlobalMemoryStatus
FindAtomW
EscapeCommFunction
LoadLibraryW
GlobalFlags
GetProfileSectionA
SuspendThread
BeginUpdateResourceW
GlobalLock
GetProcessHeap
GetStringTypeA
GetConsoleScreenBufferInfo
LocalFileTimeToFileTime
Thread32First
GetThreadSelectorEntry
ResumeThread
ResetEvent
BeginUpdateResourceA
GetProcessAffinityMask
GetFullPathNameW
DosDateTimeToFileTime
RtlMoveMemory
GetCurrentDirectoryA
TryEnterCriticalSection
GetDateFormatA
GlobalFree
FindAtomA
SetThreadPriorityBoost
GlobalSize
GetModuleFileNameW
LocalAlloc
OutputDebugStringW
GetStringTypeExW
SetSystemTime
MoveFileA
Thread32Next
FindCloseChangeNotification
EnterCriticalSection
OpenEventW
FormatMessageA
GetLocalTime
CreateFileW
InterlockedDecrement
SetCriticalSectionSpinCount
FileTimeToLocalFileTime
PulseEvent
SetThreadPriority
SetConsoleWindowInfo
FindNextChangeNotification
GetMailslotInfo
GetFileAttributesA
UnlockFile
GetPrivateProfileIntA
OutputDebugStringA
SetComputerNameW
CreateProcessW
TransmitCommChar
GetWindowsDirectoryW
GetNumberOfConsoleMouseButtons
VirtualProtectEx
LoadResource
CreateProcessA
DeleteFileW
GetFullPathNameA
GetProfileSectionW
SearchPathW
EnumTimeFormatsW
GetUserDefaultLCID
WriteProcessMemory
OpenMutexW
GlobalAddAtomA
GetTempPathA
GetLogicalDrives
GetNumberOfConsoleInputEvents
lstrcat
SetVolumeLabelW
OpenMutexA
GetThreadTimes
CreateTapePartition
EnumCalendarInfoExW
FindResourceExW
HeapUnlock
GlobalUnWire
SetConsoleCP
GetPrivateProfileStringA
ConnectNamedPipe
SetConsoleScreenBufferSize
CopyFileA
MoveFileExW
GetThreadPriorityBoost
FindClose
TlsSetValue
lstrcpynW
EnumDateFormatsExW
EraseTape
lstrlen
OpenSemaphoreA
GlobalUnlock
SetThreadAffinityMask
FindFirstFileExA
SetComputerNameA
GetProfileStringW
GetTempFileNameW
FileTimeToSystemTime
lstrcmpi
ReadFileEx
EnumSystemLocalesW
WriteProfileSectionA
GetWindowsDirectoryA
GetEnvironmentStringsW
GetDiskFreeSpaceA
MapViewOfFile
GetSystemDefaultLangID
ExpandEnvironmentStringsW
GetPrivateProfileSectionW
CreateMailslotA
GetPrivateProfileStructW
MultiByteToWideChar
LocalHandle
GetStdHandle
GetStringTypeW
GetTimeFormatA
LocalLock
FillConsoleOutputAttribute
CreateFileMappingW
ReadConsoleInputW
SetThreadIdealProcessor
GetNamedPipeHandleStateW
GetVolumeInformationA
GetProcessHeaps
WriteFile
GetSystemInfo
InterlockedCompareExchange
WriteConsoleOutputA
DeleteFiber
ReadConsoleOutputW
EnumDateFormatsExA
GetConsoleCP
EnumResourceTypesA
IsValidCodePage
GetThreadLocale
GlobalUnfix
GetLogicalDriveStringsA
FindFirstChangeNotificationA
SetThreadContext
CopyFileExA
GetLongPathNameW
CreateNamedPipeA
InitializeCriticalSection
GetCurrencyFormatA
CreateFileA
SetConsoleCtrlHandler
WideCharToMultiByte
GetDateFormatW
MoveFileExA
PeekConsoleInputA
Process32Next
FoldStringW
SetLastError
GetPrivateProfileIntW
LocalFlags
ExpandEnvironmentStringsA
GlobalGetAtomNameW
VirtualUnlock
MoveFileW
GlobalFix
WritePrivateProfileStringW
GlobalGetAtomNameA
GetSystemTime
CreateRemoteThread
CreateFileMappingA
FindResourceExA
GetStringTypeExA
HeapWalk
GetFileAttributesExA
lstrlenW
ResetWriteWatch
GetLongPathNameA
OpenProcess
GetVersionExA
FindNextFileA
lstrcatA
GetCurrentThread
HeapLock
CreateToolhelp32Snapshot
AddAtomA
SystemTimeToFileTime
SleepEx
GetNamedPipeHandleStateA
SetConsoleMode
GetConsoleCursorInfo
Heap32ListFirst
SetConsoleTextAttribute
VirtualAllocEx
EnumResourceLanguagesA
CompareFileTime
lstrcpy
FindResourceW
GetTempPathW
OpenWaitableTimerW
FormatMessageW
CreatePipe
FindFirstFileW
GetProcAddress
FillConsoleOutputCharacterW
GetCommandLineW
GetProfileIntW
CreateMutexW
GetPrivateProfileSectionNamesA
CloseHandle
SetEnvironmentVariableW
EnumCalendarInfoExA
ReleaseSemaphore
TlsFree
ReadConsoleInputA
GetLocaleInfoW
SetCurrentDirectoryA
lstrcatW
GlobalAlloc
GetPriorityClass
GlobalWire
CreateWaitableTimerA
WritePrivateProfileSectionW
GetConsoleTitleW
GlobalHandle
ReadConsoleOutputAttribute
ReadConsoleW
GetPrivateProfileStructA
GetLogicalDriveStringsW
EnumDateFormatsA
SystemTimeToTzSpecificLocalTime
WaitNamedPipeW
DebugBreak
OpenSemaphoreW
ContinueDebugEvent
MapViewOfFileEx
GetProfileIntA
InterlockedExchangeAdd
GetShortPathNameW
FlushInstructionCache
GetAtomNameW
CommConfigDialogW
GetSystemTimeAdjustment
DeviceIoControl
GetStartupInfoA
SetCurrentDirectoryW
Heap32ListNext
GetFileAttributesW
GetACP
DisconnectNamedPipe
GetDiskFreeSpaceExW
VirtualLock
CreateMailslotW
SetPriorityClass
WriteConsoleOutputW
GetVolumeInformationW
GetVersionExW
SetLocaleInfoW
ReadConsoleOutputCharacterW
GetSystemDirectoryW
CreateEventW
EnumSystemCodePagesA
WaitNamedPipeA
ReadDirectoryChangesW
WaitForSingleObject
GetAtomNameA
SetConsoleActiveScreenBuffer
LoadLibraryExW
GetConsoleMode
GetComputerNameW
SetEndOfFile
FindNextFileW
GetSystemDefaultLCID
GetEnvironmentVariableW
FreeEnvironmentStringsA
IsDebuggerPresent
SetFileAttributesA
GetPrivateProfileSectionNamesW
LocalReAlloc
CreateThread
CreateEventA
GlobalAddAtomW
FreeLibraryAndExitThread
FindFirstFileA
GetConsoleOutputCP
GetFileType
FlushViewOfFile
GetCompressedFileSizeA
LockResource
RemoveDirectoryW
WriteConsoleOutputAttribute
EnumSystemLocalesA
GetShortPathNameA
HeapCompact
GetQueuedCompletionStatus
AddAtomW
GetNumberFormatW
LoadLibraryExA
GetExitCodeProcess
ReadProcessMemory
FlushFileBuffers
SetSystemTimeAdjustment
GetPrivateProfileSectionA
GetExitCodeThread
FreeLibrary
CompareStringA
GetFileAttributesExW
TlsAlloc
LockFileEx
Sleep
ReadFile
LocalSize
CreateDirectoryExA
LeaveCriticalSection
GetFileTime
GlobalFindAtomW
EnumResourceNamesW
GetDiskFreeSpaceW
SetFileTime
GetUserDefaultLangID
wininet
InternetWriteFile
InternetAlgIdToStringW
InternetSetDialState
InternetWriteFileExA
InternetAttemptConnect
FtpPutFileA
FindNextUrlCacheGroup
InternetOpenUrlW
GopherOpenFileW
FtpCreateDirectoryW
InternetGetConnectedState
FtpCommandA
RetrieveUrlCacheEntryStreamA
GetUrlCacheEntryInfoExA
LoadUrlCacheContent
UnlockUrlCacheEntryFile
HttpEndRequestW
GopherFindFirstFileW
FindNextUrlCacheEntryA
GetUrlCacheConfigInfoA
GopherCreateLocatorW
FtpGetCurrentDirectoryA
FtpRenameFileW
FtpDeleteFileW
GetUrlCacheConfigInfoW
InternetQueryOptionW
DeleteIE3Cache
InternetConfirmZoneCrossingA
RetrieveUrlCacheEntryFileW
FindFirstUrlCacheGroup
InternetReadFile
InternetOpenA
HttpOpenRequestA
FtpFindFirstFileW
FindFirstUrlCacheEntryExA
CreateUrlCacheEntryA
InternetQueryOptionA
DeleteUrlCacheEntry
GopherGetLocatorTypeW
FindCloseUrlCache
FindNextUrlCacheEntryExW
InternetGoOnlineW
GetUrlCacheEntryInfoA
GetUrlCacheGroupAttributeA
HttpAddRequestHeadersA
InternetCanonicalizeUrlW
FtpRenameFileA
FtpGetFileW
InternetLockRequestFile
InternetCombineUrlA
InternetUnlockRequestFile
InternetReadFileExA
HttpSendRequestA
FtpGetFileEx
FtpSetCurrentDirectoryW
DetectAutoProxyUrl
HttpAddRequestHeadersW
InternetConnectW
InternetTimeFromSystemTimeA
InternetConnectA
ShowSecurityInfo
InternetGetCertByURL
InternetShowSecurityInfoByURL
HttpOpenRequestW
InternetSecurityProtocolToStringW
InternetGoOnlineA
FtpGetFileA
InternetDialA
InternetSetDialStateA
InternetSetCookieW
CreateUrlCacheGroup
SetUrlCacheEntryGroupW
IncrementUrlCacheHeaderData
GetUrlCacheEntryInfoExW
InternetInitializeAutoProxyDll
FindNextUrlCacheEntryExA
InternetGetCertByURLA
GopherCreateLocatorA
InternetCreateUrlA
HttpCheckDavCompliance
UnlockUrlCacheEntryFileW
FtpCommandW
ResumeSuspendedDownload
SetUrlCacheGroupAttributeW
HttpQueryInfoW
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCheckConnectionA
InternetGetConnectedStateExA
FindNextUrlCacheEntryW
FindFirstUrlCacheContainerW
InternetQueryDataAvailable
DeleteUrlCacheContainerW
CreateUrlCacheEntryW
InternetSetOptionA
InternetShowSecurityInfoByURLW
GetUrlCacheEntryInfoW
InternetConfirmZoneCrossing
InternetFortezzaCommand
InternetTimeToSystemTimeA
SetUrlCacheEntryGroup
ReadUrlCacheEntryStream
GopherGetAttributeW
FtpFindFirstFileA
GopherGetAttributeA
FindFirstUrlCacheEntryW
GopherOpenFileA
FindFirstUrlCacheEntryExW
ShowClientAuthCerts
UpdateUrlCacheContentPath
SetUrlCacheEntryInfoA
FindNextUrlCacheContainerW
DeleteUrlCacheGroup
InternetSetCookieA
GopherGetLocatorTypeA
UnlockUrlCacheEntryFileA
UrlZonesDetach
InternetDial
RunOnceUrlCache
DeleteUrlCacheContainerA
FindNextUrlCacheContainerA
SetUrlCacheHeaderData
InternetOpenW
ShowCertificate
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
RegisterUrlCacheNotification
SetUrlCacheEntryGroupA
InternetShowSecurityInfoByURLA
InternetOpenUrlA
InternetCreateUrlW
InternetGetConnectedStateExW
SetUrlCacheGroupAttributeA
RetrieveUrlCacheEntryStreamW
InternetTimeFromSystemTimeW
InternetCheckConnectionW
FreeUrlCacheSpaceA
InternetGetCookieW
InternetTimeFromSystemTime
GopherFindFirstFileA
FtpSetCurrentDirectoryA
RetrieveUrlCacheEntryFileA
ShowX509EncodedCertificate
InternetTimeToSystemTime
InternetSetDialStateW
CreateUrlCacheContainerW
IsHostInProxyBypassList
FtpRemoveDirectoryA
InternetGetLastResponseInfoW
InternetCombineUrlW
InternetCrackUrlA
InternetHangUp
FtpPutFileW
InternetSetOptionW
GetUrlCacheGroupAttributeW
InternetFindNextFileW
InternetWriteFileExW
InternetGoOnline
InternetCloseHandle
FtpRemoveDirectoryW
FtpOpenFileW
DeleteUrlCacheEntryA
HttpEndRequestA
GetUrlCacheHeaderData
gdi32
StrokePath
AbortDoc
ExtFloodFill
GetViewportOrgEx
EndPath
EnumFontFamiliesExW
GetEnhMetaFileDescriptionW
GetDCOrgEx
GetTextCharset
GetICMProfileW
CreateCompatibleDC
BitBlt
SetPixel
BeginPath
GdiSetBatchLimit
GetOutlineTextMetricsA
SaveDC
LineDDA
EnumFontFamiliesA
GetFontData
CreateScalableFontResourceA
OffsetRgn
CreateEllipticRgnIndirect
Arc
FlattenPath
CreateColorSpaceA
GetPixel
GetLogColorSpaceW
GetMiterLimit
GetNearestColor
GetObjectA
SelectObject
ExtTextOutW
SetWinMetaFileBits
SetGraphicsMode
PaintRgn
SetColorAdjustment
TranslateCharsetInfo
ScaleViewportExtEx
GetICMProfileA
CopyEnhMetaFileA
SetICMProfileW
GetKerningPairsA
CreateBrushIndirect
SetDeviceGammaRamp
FrameRgn
DPtoLP
GetPixelFormat
StartPage
CreatePolygonRgn
CreateDCA
PolyDraw
GetObjectW
SelectClipPath
GetTextCharacterExtra
SetColorSpace
CreatePatternBrush
EndDoc
TextOutA
RemoveFontResourceW
GetEnhMetaFileBits
GetCharWidthW
PolyBezierTo
SetMetaRgn
GetBkColor
FillPath
GetEnhMetaFileDescriptionA
PolyPolygon
UpdateColors
SetViewportExtEx
ColorCorrectPalette
ExtTextOutA
LPtoDP
SetBitmapBits
SetMapMode
GetWindowExtEx
GdiPlayScript
EnumICMProfilesA
CheckColorsInGamut
OffsetViewportOrgEx
GetTextExtentExPointW
TextOutW
FixBrushOrgEx
SetDIBits
Polygon
StretchDIBits
CreateSolidBrush
CreateBitmap
DeleteDC
EnumFontFamiliesW
PlayMetaFile
ColorMatchToTarget
AddFontResourceW
CloseMetaFile
SetAbortProc
GetTextFaceW
CreateDiscardableBitmap
CreateEnhMetaFileW
Escape
GdiFlush
GetRasterizerCaps
GetMetaFileA
LineTo
CreateDIBPatternBrushPt
GetWinMetaFileBits
SetDIBitsToDevice
GetColorAdjustment
GetSystemPaletteUse
GetTextColor
GetLayout
GetFontLanguageInfo
GetWorldTransform
ScaleWindowExtEx
SetPixelFormat
RectInRegion
CreateHalftonePalette
PathToRegion
GdiPlayJournal
StrokeAndFillPath
GetWindowOrgEx
GetOutlineTextMetricsW
SetTextAlign
GetTextFaceA
GetCharABCWidthsW
DeviceCapabilitiesExW
FillRgn
gdiPlaySpoolStream
PolyBezier
GetViewportExtEx
GetStretchBltMode
CreateFontIndirectA
GetMapMode
RestoreDC
CreatePen
RoundRect
PolyTextOutA
GetPaletteEntries
ArcTo
EnumEnhMetaFile
GetPolyFillMode
RemoveFontResourceA
GetRandomRgn
UnrealizeObject
PolylineTo
SetBoundsRect
Ellipse
GetCharABCWidthsFloatA
GetTextExtentExPointA
CreateHatchBrush
GetKerningPairs
SetBkColor
CloseEnhMetaFile
AnimatePalette
CancelDC
GdiGetBatchLimit
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetWindowOrgEx
GetTextExtentPointA
DeleteEnhMetaFile
CreateICA
EnumFontFamiliesExA
AngleArc
FloodFill
Polyline
OffsetWindowOrgEx
PlgBlt
SetEnhMetaFileBits
SetMiterLimit
CreateMetaFileA
Chord
GetCurrentPositionEx
GetCharABCWidthsFloatW
SetDIBColorTable
GetClipBox
GetCharacterPlacementA
DeleteMetaFile
EnumMetaFile
ExtEscape
AddFontResourceA
SetLayout
CreatePalette
SetBitmapDimensionEx
SetBkMode
SetTextColor
Pie
CopyMetaFileA
comdlg32
FindTextA
ChooseColorW
FindTextW
GetSaveFileNameA
ChooseFontA
ChooseColorA
ReplaceTextW
ChooseFontW
PageSetupDlgW
ReplaceTextA
GetOpenFileNameW
Sections
.text Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ