Static task
static1
Behavioral task
behavioral1
Sample
5a353bfec198306556d2a7091da368ec.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5a353bfec198306556d2a7091da368ec.exe
Resource
win10v2004-20231215-en
General
-
Target
5a353bfec198306556d2a7091da368ec
-
Size
872KB
-
MD5
5a353bfec198306556d2a7091da368ec
-
SHA1
e17007a0c7ad2721fa3cf37255d7096c2ab20336
-
SHA256
7416a62aa39e24d42293c8758615e5493fc0963ec155870853bc24b0665b77a3
-
SHA512
cec670c1eba016a20a2401107867461c0470e0dddb7e9a6b6cb46911d00ae53ae58f443e679052bb7235bc9500ca98f44ffdf04a996e781869ae0b90c2294df1
-
SSDEEP
12288:yJwfjDCwXkIUTHBgx2In9wZAaHAsdR+Wmb0J/zk8EzmlLXq729Bg+sxTZ80xJoAX:Cwfjylm2y9wZgWRwb0bEqc9l9z9S
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5a353bfec198306556d2a7091da368ec
Files
-
5a353bfec198306556d2a7091da368ec.exe windows:5 windows x86 arch:x86
6a6d1cb6dc84d2fcee7d6aefbfd3653e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcmpW
GetConsoleInputExeNameA
GetConsoleHardwareState
GetStartupInfoW
OutputDebugStringW
SetFileAttributesA
VirtualAlloc
GetTickCount
_hwrite
GetConsoleProcessList
LoadLibraryA
RestoreLastError
OpenFileMappingA
Process32FirstW
LocalHandle
SetConsoleCP
GlobalUnlock
LocalSize
AttachConsole
GetModuleHandleA
FindResourceExW
HeapWalk
EnumSystemCodePagesA
WriteConsoleOutputW
WaitForDebugEvent
SearchPathW
GetConsoleCharType
OpenThread
GetModuleHandleW
SetPriorityClass
LZCopy
GetTempFileNameA
CloseHandle
GetSystemDirectoryW
ReadConsoleOutputCharacterA
PrivMoveFileIdentityW
msdart
?IsWinNT@CMdVersionInfo@@SAHXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
MPDeleteCriticalSection
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?IsValid@CLKRHashTable@@QBE_NXZ
?Lock@CLockedDoubleList@@QAEXXZ
??0CCritSec@@QAE@XZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
mpRealloc
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
MpHeapFree
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
??4CSingleList@@QAEAAV0@ABV0@@Z
?Unlock@CLockedDoubleList@@QAEXXZ
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?_LockSpin@CSpinLock@@AAEXXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
MpHeapSize
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?IsWin2k@CMdVersionInfo@@SAHXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
cmutil
?GPPB@CIniA@@QBEHPBD0H@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?IsEnabled@CmLogFile@@QAEHXZ
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
CmStripPathAndExtW
?SetSection@CIniW@@QAEXPBG@Z
SzToWz
CmLoadSmallIconA
??0CRandom@@QAE@I@Z
CmLoadImageW
?SetParams@CmLogFile@@QAEJHKPBD@Z
?SetEntryFromIdx@CIniA@@QAEXK@Z
CmStrtokA
CmStrStrA
ReleaseBold
??1CIniA@@QAE@XZ
?WPPB@CIniW@@QAEXPBG0H@Z
?Banner@CmLogFile@@QAEXXZ
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
CmAtolW
CmLoadIconA
SzToWzWithAlloc
?GetFile@CIniA@@QBEPBDXZ
?GetSection@CIniW@@QBEPBGXZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
CmStripFileNameW
??1CIniW@@QAE@XZ
GetOSBuildNumber
dbnetlib
InitSSPIPackage
InitEnumServers
ConnectionTransact
ConnectionObjectSize
ConnectionRead
GetNextEnumeration
ConnectionServerEnum
TermSession
ConnectionFlushCache
GenClientContext
ConnectionVer
ConnectionError
ConnectionWrite
InitSession
ConnectionOpenW
ConnectionOption
ConnectionClose
ConnectionCheckForData
ConnectionServerEnumW
ConnectionGetSvrUser
ConnectionWriteOOB
ConnectionMode
ConnectionStatus
TermSSPIPackage
ConnectionErrorW
CloseEnumServers
ConnectionOpen
ConnectionSqlVer
shlwapi
StrIsIntlEqualW
PathIsDirectoryEmptyA
PathAppendW
UrlGetPartW
SHQueryInfoKeyW
PathGetArgsA
PathRemoveExtensionW
SHLoadIndirectString
StrRStrIA
IntlStrEqWorkerW
PathBuildRootA
StrDupW
SHRegEnumUSKeyA
DelayLoadFailureHook
StrStrNW
SHOpenRegStream2W
IntlStrEqWorkerA
StrCmpNW
SHDeleteKeyA
StrPBrkA
PathIsContentTypeA
PathUnExpandEnvStringsW
PathGetArgsW
PathAddBackslashA
PathAddBackslashW
StrCSpnA
SHDeleteValueW
PathFileExistsW
nddeapi
NDdeShareSetInfoA
NDdeSetShareSecurityA
NDdeSpecialCommandW
NDdeIsValidShareNameA
NDdeSetTrustedShareA
NDdeGetErrorStringW
NDdeShareSetInfoW
NDdeGetTrustedShareW
NDdeGetShareSecurityW
NDdeShareGetInfoA
NDdeShareEnumA
NDdeTrustedShareEnumW
NDdeShareAddW
NDdeSetShareSecurityW
NDdeGetShareSecurityA
NDdeIsValidAppTopicListA
NDdeShareEnumW
NDdeShareDelW
NDdeIsValidAppTopicListW
NDdeShareGetInfoW
NDdeIsValidShareNameW
NDdeSpecialCommandA
NDdeGetTrustedShareA
NDdeGetErrorStringA
NDdeShareDelA
NDdeSetTrustedShareW
NDdeShareAddA
msasn1
ASN1BERDecBitString2
ASN1BERDecU16Val
ASN1BERDecTag
ASN1BEREncGeneralizedTime
ASN1intx_uoctets
ASN1DecSetError
ASN1EncSetError
ASN1BERDecLength
ASN1objectidentifier_free
ASN1BERDecS32Val
ASN1char16string_free
ASN1BERDecBool
ASN1_Decode
ASN1intx_sub
ASN1CEREncChar32String
ASN1BEREncObjectIdentifier
ASN1BERDecOctetString2
ASN1BERDotVal2Eoid
ASN1BERDecU8Val
ASN1BERDecCheck
ASN1BERDecUTCTime
ASN1bitstring_free
ASN1BERDecOpenType
ASN1BEREncU32
ASN1charstring_cmp
ASN1BERDecOctetString
ASN1open_free
ASN1utctime_cmp
ASN1BEREncCharString
ASN1intx2int32
ASN1BEREncEoid
ASN1BERDecChar32String
ASN1BEREncS32
ASN1BEREncFlush
ASN1BERDecSXVal
ASN1CEREncBeginBlk
ASN1ztchar16string_free
ASN1BEREncNull
ASN1BERDecPeekTag
Sections
.text Size: 547KB - Virtual size: 547KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 314KB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ