Static task
static1
Behavioral task
behavioral1
Sample
csFlingmTrains334.f23.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
csFlingmTrains334.f23.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
csFlingmTrains334.f23.exe
-
Size
123.0MB
-
MD5
e7cd2dbb6cfc72a99a7fff775c4f8857
-
SHA1
7d813854db153b065f4aa26825e870b1f5db94e8
-
SHA256
7015896de5e534a7319640150694d34c46f3ac0beb87bda7579de0807535d811
-
SHA512
3bc092112bdbbb4aac714cc224872e7554164cf3757655709838e00ab67e4b4c29b361791dd9c96298308738d15e65f0bc6531a35ace337c58a6d737b7ce699d
-
SSDEEP
393216:2LPLQoerMqLCLWOJZaxWRhfMt7pxESLPLQoerMqLCLWOJZaxWRhfMt7pxE:4UoAKaIhfMdNUoAKaIhfMd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource csFlingmTrains334.f23.exe
Files
-
csFlingmTrains334.f23.exe.exe windows:6 windows x64 arch:x64
7b5df0aa01820b5a2726578dd40f3a4c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
InitializeSListHead
GetStdHandle
ExitProcess
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
Sleep
SearchPathA
GetProfileIntA
GetTempPathA
GetTickCount
GetStartupInfoW
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
GetFileAttributesA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
GetStringTypeExA
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
GetCurrentDirectoryA
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
GetAtomNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpA
GetVersionExA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CompareStringA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
SetLastError
FormatMessageA
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FileTimeToDosDateTime
MapViewOfFile
GetFileType
SystemTimeToFileTime
CreateFileMappingA
GetLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
DuplicateHandle
UnmapViewOfFile
SetFilePointer
GetCurrentProcess
WinExec
DeleteFileA
WriteFile
MultiByteToWideChar
GetProcAddress
lstrlenA
lstrcpynA
lstrcpyA
GetNumberFormatA
GetLocaleInfoA
FindClose
FindFirstFileA
MulDiv
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA
GetPrivateProfileStringA
GetFileSize
CloseHandle
CreateFileA
GetModuleFileNameA
ReadFile
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
CopyFileA
HeapSize
InitializeCriticalSectionEx
HeapFree
GetDateFormatW
SizeofResource
RtlUnwind
user32
CopyAcceleratorTableA
CharNextA
CharUpperA
LoadCursorW
WaitMessage
DeleteMenu
LoadImageW
DestroyIcon
TrackMouseEvent
GetDialogBaseUnits
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
RealChildWindowFromPoint
GetSysColorBrush
IntersectRect
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
OffsetRect
SetRectEmpty
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
WindowFromPoint
GetCursorPos
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
InvalidateRgn
GetWindowLongPtrA
GetWindowLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
DrawStateA
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
DrawFrameControl
IsZoomed
LoadMenuW
UnregisterClassA
EnableWindow
SendMessageA
LockWindowUpdate
GetWindowRect
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
PeekMessageA
DispatchMessageA
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetRect
IsRectEmpty
GetNextDlgGroupItem
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
LoadImageA
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
GetMenuState
GetMenuStringA
GetFocus
DrawEdge
EnumDisplayMonitors
SetClassLongPtrA
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
SetWindowLongPtrA
PtInRect
SetCursor
LoadIconW
SetTimer
DestroyCursor
ScreenToClient
CopyIcon
LoadStringA
LoadCursorA
GetMessagePos
wsprintfA
GetAsyncKeyState
ReleaseCapture
SetCapture
SetFocus
MessageBoxA
SetActiveWindow
GetClientRect
GetSysColor
RedrawWindow
DrawIcon
GetSystemMetrics
FillRect
InvalidateRect
DrawTextExA
TabbedTextOutA
GrayStringA
DrawTextA
InflateRect
ReleaseDC
GetParent
KillTimer
SetWindowLongA
RegisterWindowMessageA
IsWindow
MessageBeep
GetDC
UpdateWindow
GetSystemMenu
BringWindowToTop
SetCursorPos
GetTabbedTextExtentW
EmptyClipboard
GetTabbedTextExtentA
FrameRect
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageA
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
ScrollWindow
LoadAcceleratorsA
GetDCEx
gdi32
CreateHatchBrush
CreatePen
CreatePatternBrush
DeleteObject
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
CreateDIBPatternBrushPt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsA
GetTextColor
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
CreateFontA
GetCharWidthA
StretchDIBits
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
CreateBitmap
CopyMetaFileA
CreateRectRgn
CreateSolidBrush
GetBkColor
BitBlt
CreateCompatibleBitmap
ExtTextOutA
GetTextExtentPoint32A
CreateCompatibleDC
RectVisible
TextOutA
GetCurrentObject
Escape
PtVisible
GetStockObject
GetDeviceCaps
DeleteDC
CreateDCA
PatBlt
GetObjectA
CreateFontIndirectA
msimg32
AlphaBlend
TransparentBlt
winspool.drv
DocumentPropertiesA
GetJobA
ClosePrinter
OpenPrinterA
advapi32
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegQueryInfoKeyA
RegEnumValueA
shell32
ExtractIconA
ShellExecuteA
SHAddToRecentDocs
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
SHAppBarMessage
SHBrowseForFolderA
SHGetMalloc
DragFinish
ShellExecuteExA
comctl32
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
shlwapi
PathRemoveExtensionA
PathFindExtensionA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA
uxtheme
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysColor
ole32
OleIsRunning
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleRun
CoInitializeEx
CreateStreamOnHGlobal
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
WriteClassStm
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
GetHGlobalFromILockBytes
CreateGenericComposite
GetRunningObjectTable
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
OleQueryCreateFromData
OleQueryLinkFromData
oleaut32
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SysStringLen
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
OleCreateFontIndirect
SysAllocString
SysReAllocStringLen
SysAllocStringByteLen
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SafeArrayUnaccessData
SysFreeString
SysStringByteLen
oledlg
ord8
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 41KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ