??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382
-
Size
1.4MB
-
MD5
3202b5431eb2f031bda1a421acff78b5
-
SHA1
3bef4552bd6a9017ded3c55250c7e4707f9529d9
-
SHA256
a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382
-
SHA512
4313c24b6356777bfd204ae997353de728fe35d9f7611ea9ca0857e3a47247a0161712628656e343e6842791901b3bc43b7121fe8f4543cf0f5b078319f009fb
-
SSDEEP
24576:tm0ob9LnVm6C/CxxrPnYrUKi34B+fsxbHedivmYrtmbE6tmEF/uanOzKarI+O:tm0ob9LVqMVQ84B+fACivmYJmbE6I+5l
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382
Files
-
a158744cc8d9e7b19b4a54b8317d6302b6b5980de1c22dd9d2cf89f502069382.exe windows:4 windows x86 arch:x86
abc499dac753bb7b58da9727cc3c5a3d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
urlmon
URLDownloadToCacheFileW
kernel32
GetTempPathW
QueryPerformanceCounter
GetFullPathNameW
HeapFree
GetDiskFreeSpaceW
FormatMessageW
GetFullPathNameA
GetVersionExA
HeapDestroy
GetFileAttributesA
HeapCreate
LoadLibraryA
HeapReAlloc
UnlockFile
CreateFileA
HeapValidate
LockFile
CreateFileMappingA
GetTempPathA
HeapCompact
OutputDebugStringW
GetSystemTime
CreateFileMappingW
AreFileApisANSI
DeleteFileA
UnlockFileEx
GetProcessHeap
GetDiskFreeSpaceA
SetFilePointer
GetSystemTimeAsFileTime
MapViewOfFile
FlushFileBuffers
FormatMessageA
UnmapViewOfFile
GetSystemInfo
HeapAlloc
HeapSize
SystemTimeToFileTime
GetFileAttributesExW
LockFileEx
OutputDebugStringA
CreateProcessW
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
GetThreadContext
SetThreadContext
OpenEventW
IsBadWritePtr
lstrcmpW
GetProcAddress
WaitForMultipleObjects
DeleteFileW
EnterCriticalSection
ResetEvent
LeaveCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
TerminateThread
CloseHandle
DeleteCriticalSection
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentThreadId
GetLocalTime
FindResourceW
WritePrivateProfileStringW
GetTickCount
SizeofResource
LockResource
FindClose
LoadResource
FindFirstFileW
FindResourceExW
GetPrivateProfileIntW
lstrlenW
GetCurrentProcessId
ReleaseMutex
InterlockedCompareExchange
GetLastError
CreateMutexW
CreateDirectoryW
GetModuleHandleW
FreeLibrary
TerminateProcess
GetExitCodeProcess
GetFileAttributesW
GlobalFree
lstrcmpiW
GlobalUnlock
OpenMutexW
ExitProcess
GetPrivateProfileStringW
GlobalLock
GlobalAlloc
lstrlenA
WideCharToMultiByte
RaiseException
GetExitCodeThread
GetModuleHandleA
GetSystemDirectoryW
ReadProcessMemory
QueryDosDeviceW
GetLogicalDriveStringsW
GetCurrentThread
InitializeCriticalSectionAndSpinCount
CreateToolhelp32Snapshot
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetVersionExW
WriteFile
SetEndOfFile
SetLastError
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
LoadLibraryExW
ReadFile
FreeResource
Sleep
CreateFileW
GetFileSize
OpenProcess
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetWindowsDirectoryW
LocalFree
user32
SystemParametersInfoW
GetNextDlgTabItem
ClientToScreen
MonitorFromWindow
GetMonitorInfoW
SetRectEmpty
GetParent
GetDlgCtrlID
MoveWindow
KillTimer
ShowWindow
SetCapture
SetWindowPos
PtInRect
UpdateLayeredWindow
ReleaseCapture
ScreenToClient
IntersectRect
OffsetRect
GetWindowRect
EqualRect
GetDlgItem
SetWindowLongW
InvalidateRect
GetDesktopWindow
IsWindowVisible
IsWindowEnabled
PostThreadMessageW
SetWindowTextW
AppendMenuW
IsChild
UpdateWindow
IsDialogMessageW
SetMenuDefaultItem
EnableWindow
CheckMenuRadioItem
FlashWindowEx
SetActiveWindow
EnableMenuItem
GetKeyState
SetTimer
GetSysColor
IsIconic
GetWindow
MapWindowPoints
DestroyWindow
FindWindowExW
CopyRect
DrawIconEx
LoadIconW
DrawTextW
GetCursorPos
WindowFromPoint
GetWindowThreadProcessId
GetShellWindow
DefWindowProcW
SetRect
GetWindowLongW
PostMessageW
SetFocus
IsWindow
CreateWindowExW
EndPaint
BeginPaint
LoadCursorW
GetClientRect
LoadImageW
DestroyIcon
GetSystemMetrics
CharNextW
InflateRect
FindWindowW
RegisterWindowMessageW
LoadBitmapW
SendMessageTimeoutW
UnregisterClassA
GetClassInfoExW
RegisterClassExW
CallWindowProcW
UnhookWindowsHookEx
SetWindowsHookExW
BringWindowToTop
CallNextHookEx
SendMessageW
ReleaseDC
SetCursor
AttachThreadInput
GetWindowTextLengthW
GetWindowTextW
DestroyCursor
GetMenuItemInfoW
GetFocus
AdjustWindowRectEx
DeleteMenu
GetActiveWindow
RedrawWindow
DispatchMessageW
GetMenuItemID
TranslateMessage
GetMessageW
IsRectEmpty
GetMenuItemCount
GetAsyncKeyState
PeekMessageW
CloseClipboard
GetForegroundWindow
SetClipboardData
EmptyClipboard
SetForegroundWindow
OpenClipboard
GetDC
gdi32
SelectClipRgn
CreateFontIndirectW
Rectangle
ExtTextOutW
GetStockObject
CreateCompatibleDC
SetBkColor
CreateCompatibleBitmap
RestoreDC
CreateBitmap
SelectObject
BitBlt
GetObjectW
SetTextColor
StretchBlt
DeleteDC
DeleteObject
SetStretchBltMode
CreateDIBSection
CreatePen
SaveDC
MoveToEx
LineTo
CreateBrushIndirect
RoundRect
SetBkMode
GetCurrentObject
CombineRgn
CreateRoundRectRgn
ExtSelectClipRgn
OffsetRgn
GetTextExtentPoint32W
RectInRegion
SetViewportOrgEx
GetClipRgn
GetTextColor
TextOutW
CreateRectRgnIndirect
GetViewportOrgEx
CreateSolidBrush
Polygon
CreateRectRgn
advapi32
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
GetSecurityDescriptorSacl
RegOpenKeyW
SetSecurityDescriptorSacl
RegDeleteKeyW
RegDeleteValueW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
RegOpenKeyExW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
shell32
ord680
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ole32
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
oleaut32
SysAllocStringLen
VariantTimeToSystemTime
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
shlwapi
StrStrW
PathAppendW
PathFindFileNameW
StrToIntA
StrToIntExA
StrToIntW
PathAddBackslashW
PathFileExistsW
PathFindExtensionW
AssocCreate
PathRemoveArgsW
PathUnquoteSpacesW
PathRemoveFileSpecW
comctl32
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord413
ord412
ord410
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_EndDrag
ImageList_DragLeave
ImageList_BeginDrag
_TrackMouseEvent
msimg32
AlphaBlend
msvcp80
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
gdiplus
GdipCreatePen1
GdipAddPathPieI
GdipAddPathStringI
GdipSetStringFormatAlign
GdipCreateFont
GdipGetFontSize
GdipAddPathRectangleI
GdipMeasureString
GdipFillPath
GdipCreateFontFromLogfontW
GdipSetClipPath
GdipGraphicsClear
GdipCloneBrush
GdipSetStringFormatLineAlign
GdipDrawImageI
GdipSetPenDashStyle
GdipDeleteBrush
GdipFillRectangle
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipTranslateWorldTransform
GdipDrawPath
GdipRotateWorldTransform
GdipClosePathFigure
GdipResetWorldTransform
GdipAddPathArcI
GdipDrawLinesI
GdipDeletePath
GdipSetTextRenderingHint
GdipDrawImageRect
GdipDrawRectangleI
GdipDeleteFont
GdipCreateSolidFill
GdipSetCompositingQuality
GdipDrawLine
GdipDrawString
GdipCreateBitmapFromScan0
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipSetPenMode
GdipFillRectangleI
GdipSetPixelOffsetMode
GdipSetPenStartCap
GdipGetFamily
GdipSetPenEndCap
GdipCreateStringFormat
GdipDeletePen
GdipDeleteStringFormat
GdipDrawImagePointsRectI
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipSetInterpolationMode
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipDeletePrivateFontCollection
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipLoadImageFromFile
GdipFree
GdipDeleteFontFamily
GdipCreatePath
GdipCreateImageAttributes
GdipDeleteGraphics
GdipPrivateAddFontFile
GdipDisposeImageAttributes
GdipCreateFromHDC
GdipImageRotateFlip
GdipGetFontCollectionFamilyCount
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipGetFontCollectionFamilyList
GdipDrawImageRectRect
GdipCloneFontFamily
GdipAlloc
GdipDisposeImage
GdipCloneImage
msvcr80
vswprintf_s
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memset
_beginthreadex
fflush
fclose
fwprintf
wcslen
wcsstr
_wfsopen
wcscmp
memmove_s
memcpy_s
_vscwprintf
wcschr
labs
calloc
??_V@YAXPAX@Z
wcscpy
malloc
free
_recalloc
_mbscmp
_purecall
wcsrchr
_snwprintf
??8type_info@@QBE_NABV0@@Z
memcpy
strcmp
strlen
_waccess
_wcsicmp
wcspbrk
wcsncpy_s
_wcslwr_s
wcscspn
wcsspn
iswspace
swprintf_s
wcsncmp
memcmp
_wtoi
atoi
fprintf
_stricmp
strchr
strncmp
tolower
isalpha
isalnum
isspace
_wcsnicmp
_time64
_mktime64
_localtime64_s
floor
_wcsrev
_wcsupr_s
ceil
wcscat
swscanf_s
_vscprintf
vsprintf_s
_mbsstr
wcscpy_s
_msize
memmove
realloc
wcscat_s
_mbschr
__RTDynamicCast
abs
_mbsicmp
sqrt
clock
_resetstkoflw
_swprintf
_mbslwr_s
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_CxxThrowException
_vsnprintf_s
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??3@YAXPAX@Z
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
iphlpapi
GetAdaptersInfo
setupapi
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
Exports
Exports
Sections
.text Size: 748KB - Virtual size: 746KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 168KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 460KB - Virtual size: 460KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE