Static task
static1
Behavioral task
behavioral1
Sample
79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac
-
Size
4.6MB
-
MD5
4c5da495209823d42f4c60e409138177
-
SHA1
85eb8cacefbcce9ff4b650f03a0124183c838f10
-
SHA256
79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac
-
SHA512
e3191e5887d0509ca316bb45c61785a88823876bf1f22d8f18e21321c4379a5272fcc4e4c52cf5260191ef9cf795624e1bc3c05080879827c9643f9671e3e7f5
-
SSDEEP
98304:f9AaaWBhQaOh5HjmI1W/gEsEBMKlHLhp:fmFfaOh96BMKlHdp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac
Files
-
79eba4bb01ed7df05f840e1559ac471c6b67e78cad3ca62ff56e186f04dd2cac.exe windows:6 windows x86 arch:x86
98ddd0545e2f0ac0fcb9f7f11e9be5c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
hid
HidD_GetFeature
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetInputReport
HidD_SetOutputReport
HidD_SetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_MaxUsageListLength
HidP_GetUsages
HidP_GetUsageValue
HidP_GetScaledUsageValue
kernel32
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetProcessAffinityMask
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
MoveFileW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetUserDefaultLCID
GetTimeZoneInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetACP
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringW
GetNativeSystemInfo
GetExitCodeThread
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
ReplaceFileW
GetTempFileNameW
GetConsoleCP
GetDiskFreeSpaceW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetCurrentDirectoryW
lstrcmpiW
LocalUnlock
LocalLock
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GetFileAttributesW
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
CreateSemaphoreW
CreateMutexW
ReleaseSemaphore
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CopyFileW
FormatMessageW
LocalFree
GlobalSize
SetLastError
FreeLibrary
GetProcAddress
CreateFileA
DeviceIoControl
TlsFree
TlsAlloc
InitializeConditionVariable
WakeAllConditionVariable
TlsSetValue
TryEnterCriticalSection
SleepConditionVariableCS
IsWow64Process
CreateIoCompletionPort
QueryPerformanceCounter
FormatMessageA
GetCurrentProcessId
VerSetConditionMask
CancelIoEx
QueryPerformanceFrequency
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
PostQueuedCompletionStatus
ReleaseMutex
CreateMutexA
GetQueuedCompletionStatus
GetCurrentProcess
VerifyVersionInfoA
GetSystemTimeAsFileTime
CancelWaitableTimer
CreateWaitableTimerW
SetWaitableTimer
TlsGetValue
SleepEx
GetCurrentThreadId
InitializeCriticalSection
CancelIo
GetOverlappedResult
ReadFile
GetTickCount
GetLocalTime
Beep
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
TerminateThread
ExitThread
CreateThread
ExitProcess
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
OutputDebugStringW
GetTempPathW
WriteFile
CreateFileW
CreateDirectoryW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
FindResourceW
MulDiv
SizeofResource
LockResource
LoadResource
FileTimeToLocalFileTime
SetErrorMode
RtlCaptureStackBackTrace
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
GetAtomNameW
GetStringTypeExW
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
GetEnvironmentStringsW
user32
MessageBeep
GetTabbedTextExtentW
IsClipboardFormatAvailable
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
WindowFromPoint
IntersectRect
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
MsgWaitForMultipleObjectsEx
MapVirtualKeyW
GetKeyNameTextW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetWindowThreadProcessId
LoadMenuW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetRect
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnableWindow
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsRectEmpty
GetNextDlgGroupItem
TrackMouseEvent
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
IsWindowVisible
EndDeferWindowPos
InvalidateRgn
GetDialogBaseUnits
DeleteMenu
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
CharNextW
CopyAcceleratorTableW
GetLastActivePopup
RedrawWindow
GetWindowRect
GetParent
RegisterWindowMessageW
SendMessageW
BroadcastSystemMessageW
RegisterDeviceNotificationW
PostMessageW
IsIconic
SetTimer
KillTimer
GetSystemMetrics
DrawIcon
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
UpdateWindow
WindowFromDC
InvalidateRect
GetClientRect
EqualRect
LoadIconW
UnregisterClassW
SetWindowPos
GetSystemMenu
AppendMenuW
GetUpdateRect
GetDC
IsWindow
GetWindowLongW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
UnionRect
PostThreadMessageW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
DestroyCursor
GetWindowRgn
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetDCEx
DrawFocusRect
gdi32
TextOutW
ExtTextOutW
GetTextExtentPoint32W
CopyMetaFileW
CreateDCW
CreateBitmap
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetObjectW
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetCharWidthW
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
StretchDIBits
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
StretchBlt
SelectObject
RectVisible
Escape
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetStockObject
GetDeviceCaps
CreateFontW
OffsetViewportOrgEx
PtVisible
CreateFontIndirectW
msimg32
AlphaBlend
TransparentBlt
winspool.drv
GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter
advapi32
RegSetValueExW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueW
shell32
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
DragFinish
DragQueryFileW
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
comctl32
_TrackMouseEvent
shlwapi
StrStrIW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
StrCatW
uxtheme
GetThemeColor
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
IsAppThemed
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
ole32
OleCreate
WriteClassStm
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateFileMoniker
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
PropVariantCopy
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleRegGetMiscStatus
CoUninitialize
oleaut32
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SafeArrayDestroyData
SysFreeString
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayGetUBound
SysStringByteLen
SafeArrayGetLBound
oledlg
OleUIBusyW
gdiplus
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageI
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipDrawCachedBitmap
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdiplusStartup
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
imm32
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
winmm
PlaySoundW
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 666KB - Virtual size: 665KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 42KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.giats Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 751KB - Virtual size: 750KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ