Static task
static1
General
-
Target
TrafficMonitor.exe
-
Size
1.6MB
-
MD5
dd9314760a874384e144c672b3afc831
-
SHA1
56b4fcfab951cd68975ab89aa0e1c1c829576847
-
SHA256
070910459ef308c9ae310b7180fa1adfdb3b75970a7428be42c7789353583530
-
SHA512
a0caf798a358233493d4dfc290c5c4e05d5a856e05496d5affb07bc0be71599543159d63ed2300cc7a2b5612d4fd6b788d6ac087cec3385bf33f9e2f556cdff6
-
SSDEEP
24576:CnY2lTamU9rW+rIMWPp1XWdIm2Ijkbiz:C5lTamU9r0XWdI2z
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TrafficMonitor.exe
Files
-
TrafficMonitor.exe.exe windows:6 windows x64 arch:x64
95be08c8f6ef51ed6b475db75701515b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
openhardwaremonitorapi
?GetErrorMessage@OpenHardwareMonitorApi@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?CreateInstance@OpenHardwareMonitorApi@@YA?AV?$shared_ptr@VIOpenHardwareMonitor@OpenHardwareMonitorApi@@@std@@XZ
mfc140u
ord7650
ord14210
ord12223
ord12222
ord2439
ord5183
ord8023
ord12544
ord8084
ord8167
ord14219
ord2269
ord3057
ord6285
ord1491
ord4079
ord8437
ord2907
ord3748
ord14194
ord2689
ord9984
ord1671
ord2149
ord14221
ord6090
ord3952
ord1121
ord489
ord6260
ord5750
ord10703
ord8730
ord3953
ord497
ord3078
ord1111
ord6303
ord8449
ord14073
ord942
ord14168
ord1053
ord6251
ord8817
ord3056
ord4078
ord8063
ord8501
ord12761
ord12762
ord6549
ord3828
ord13617
ord12738
ord6566
ord2344
ord2346
ord2350
ord7518
ord9739
ord9738
ord10835
ord8702
ord10811
ord11435
ord8604
ord8614
ord10806
ord9217
ord9682
ord9677
ord9205
ord9215
ord9200
ord10967
ord10964
ord8003
ord11770
ord6630
ord2627
ord11805
ord8917
ord13869
ord13573
ord10199
ord7372
ord1405
ord935
ord7136
ord12265
ord12442
ord3726
ord3728
ord11999
ord11677
ord533
ord8471
ord6250
ord356
ord8043
ord7551
ord6724
ord12967
ord13679
ord6313
ord1424
ord14216
ord8826
ord3164
ord4095
ord7151
ord5468
ord1665
ord13999
ord4725
ord5672
ord2479
ord8161
ord3803
ord6361
ord4086
ord8441
ord5641
ord5604
ord13299
ord13309
ord7780
ord7775
ord6717
ord7382
ord13199
ord8507
ord7783
ord1432
ord6596
ord5904
ord8829
ord3167
ord3273
ord4098
ord7159
ord1667
ord1503
ord7394
ord6821
ord11921
ord4721
ord7249
ord1158
ord8823
ord4084
ord6906
ord3742
ord12746
ord2473
ord1086
ord438
ord11871
ord3915
ord8926
ord4445
ord4722
ord4726
ord10164
ord7265
ord1192
ord583
ord7882
ord2703
ord1057
ord990
ord6258
ord8900
ord5916
ord11902
ord8819
ord2698
ord13401
ord6002
ord3058
ord4081
ord8439
ord2906
ord3746
ord2903
ord3713
ord9159
ord13761
ord4335
ord2212
ord10163
ord7233
ord1089
ord446
ord6848
ord266
ord265
ord12443
ord11813
ord8731
ord10704
ord2475
ord1641
ord6247
ord2370
ord2270
ord11085
ord3308
ord3307
ord3071
ord6000
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord6588
ord5706
ord13397
ord3212
ord3209
ord7913
ord2697
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord11625
ord14209
ord8656
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord3278
ord3172
ord11850
ord5080
ord5363
ord5552
ord9041
ord5339
ord5582
ord4656
ord1033
ord296
ord3756
ord6320
ord7920
ord6728
ord11929
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9946
ord8901
ord1489
ord5237
ord9068
ord4499
ord1369
ord878
ord3951
ord11854
ord2187
ord12706
ord5240
ord10124
ord11933
ord11901
ord13864
ord285
ord12606
ord5555
ord9941
ord6614
ord7054
ord13109
ord940
ord2178
ord7716
ord2311
ord5709
ord2921
ord4357
ord2514
ord1452
ord985
ord964
ord280
ord2006
ord13136
ord1430
ord1670
ord1501
ord6262
ord5245
ord1450
ord983
ord7393
ord9109
ord11594
ord7235
ord12720
ord13568
ord6634
ord12949
ord11855
ord1091
ord450
ord6850
ord12763
ord1420
ord6584
ord3161
ord3270
ord6866
ord1504
ord3484
ord5006
ord13006
ord286
ord13767
ord1157
ord6254
ord5748
ord4832
ord4847
ord4771
ord3599
ord1691
ord6287
ord8818
ord1440
ord973
ord10860
kernel32
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
CreateMutexW
CopyFileW
GlobalMemoryStatusEx
InitializeCriticalSectionEx
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
MulDiv
DeleteFileW
SetThreadUILanguage
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LoadResource
CreateDirectoryW
GetSystemDirectoryW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryW
SetUnhandledExceptionFilter
SetErrorMode
OutputDebugStringW
LocalFree
GetTempPathW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetLocalTime
GetSystemTimes
GetModuleFileNameW
GetLastError
user32
SetTimer
GetDlgCtrlID
ReleaseDC
GetDC
DrawIconEx
GetMenuItemID
GetMenuItemCount
LoadImageW
GetWindow
CloseClipboard
SetClipboardData
EmptyClipboard
FindWindowExW
GetShellWindow
GetClassNameW
GetForegroundWindow
FillRect
SetWindowLongW
LoadCursorW
SetCursor
ChildWindowFromPoint
ScreenToClient
GetCursorPos
IsWindow
CheckMenuRadioItem
GetSubMenu
PtInRect
OffsetRect
LoadMenuW
EnableMenuItem
GetDesktopWindow
SetParent
InflateRect
GetParent
SetForegroundWindow
ShowWindow
PostMessageW
LoadIconW
EnableWindow
LoadBitmapW
GetWindowRect
GetClientRect
SendMessageW
GetSysColor
SetRectEmpty
SetMenuDefaultItem
GetKeyState
CreatePopupMenu
AppendMenuW
GetClassInfoW
GetMonitorInfoW
EnumDisplayMonitors
RegisterWindowMessageW
EqualRect
GetSystemMetrics
CopyRect
KillTimer
DeleteMenu
SetWindowRgn
SetMenuItemInfoW
CheckMenuItem
IsRectEmpty
MoveWindow
GetWindowLongW
SetLayeredWindowAttributes
MonitorFromRect
InvalidateRect
FindWindowW
OpenClipboard
gdi32
SetRectRgn
EqualRgn
SetDIBColorTable
DeleteObject
CreateFontW
GetDeviceCaps
CombineRgn
GetPixel
Rectangle
CreatePen
CreateDIBSection
GetCurrentObject
DeleteDC
StretchBlt
SetBrushOrgEx
CreateRectRgnIndirect
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateRectRgn
advapi32
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
shell32
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteW
comctl32
_TrackMouseEvent
InitCommonControlsEx
ord381
shlwapi
PathFileExistsW
ord191
uxtheme
DrawThemeParentBackground
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
gdiplus
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
msvcp140
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
pdh
PdhAddCounterW
PdhCollectQueryData
PdhGetRawCounterValue
PdhCalculateCounterFromRawValue
PdhCloseQuery
PdhOpenQueryW
dbghelp
MiniDumpWriteDump
iphlpapi
GetIfTable
GetNumberOfInterfaces
GetAdaptersInfo
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strchr
memset
__current_exception
__current_exception_context
memmove
__C_specific_handler
__std_terminate
_purecall
memcpy
memcmp
memchr
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
_CxxThrowException
api-ms-win-crt-convert-l1-1-0
atoll
atoi
_wtoi
api-ms-win-crt-runtime-l1-1-0
_errno
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_resetstkoflw
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo
api-ms-win-crt-string-l1-1-0
isspace
wcscat_s
isdigit
strncmp
isalpha
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
fflush
_set_fmode
setvbuf
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
fclose
_get_stream_buffer_pointers
fputc
ungetc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
api-ms-win-crt-filesystem-l1-1-0
_wfindnext64i32
_findclose
_wfindfirst64i32
_lock_file
_unlock_file
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
free
calloc
api-ms-win-crt-math-l1-1-0
__setusermatherr
log
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 456KB - Virtual size: 455KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 143KB - Virtual size: 143KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ