Static task
static1
Behavioral task
behavioral1
Sample
7090e7637b2abb8238ad84c5abeac8af.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7090e7637b2abb8238ad84c5abeac8af.dll
Resource
win10v2004-20231215-en
General
-
Target
7090e7637b2abb8238ad84c5abeac8af
-
Size
296KB
-
MD5
7090e7637b2abb8238ad84c5abeac8af
-
SHA1
2ba114286cb2de163f4b4479bb7307ae4b9dcf2e
-
SHA256
d8e51757a46584d9b02a95142a85f7ac4c0d283dca95427bc28cee8e55d2bc36
-
SHA512
47efa067a5ddd399c80f6f238883f57e1929e9037a9b766c6ad76bf7081511611323ec3443563915202a05f71f35e42a63cc94eb7f6987536ccbc3e9f4f2a80b
-
SSDEEP
6144:GXR2egFqbFP6WIhJR6l36Me1DkAOyjAEx:Gh2jk5DqR6lqMe1DkI8Ex
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7090e7637b2abb8238ad84c5abeac8af
Files
-
7090e7637b2abb8238ad84c5abeac8af.dll windows:4 windows x86 arch:x86
f0dcbe5e26a489b0047b839e35f3534d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
WriteProcessMemory
VirtualProtect
GetProcAddress
Sleep
GetModuleHandleA
CreateThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetTickCount
Module32Next
Module32First
CreateToolhelp32Snapshot
ExitProcess
VirtualQuery
HeapAlloc
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
VirtualAlloc
LoadLibraryA
GetOEMCP
GetACP
IsBadCodePtr
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
InitializeCriticalSection
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
TerminateProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
IsBadReadPtr
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RaiseException
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
InterlockedExchange
user32
wsprintfA
GetAsyncKeyState
vstdlib
RandomFloat
RandomSeed
Q_strncpy
Q_snprintf
KeyValuesSystem
Q_strnicmp
tier0
Msg
g_VProfCurrentProfile
?EnterScope@CVProfNode@@QAEXXZ
?ExitScope@CVProfNode@@QAE_NXZ
Error
g_pMemAlloc
GetCPUInformation
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
Sections
.text Size: 212KB - Virtual size: 210KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 247KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ