Static task
static1
Behavioral task
behavioral1
Sample
Ascent Premium Proxy.exe
Resource
win10-20231215-en
General
-
Target
Ascent Premium Proxy.exe
-
Size
2.1MB
-
MD5
187af0af4063e3e824f7f42a1f3e8684
-
SHA1
826b9b5ea5ab073609a5eda5a65fbbdb12261b83
-
SHA256
f223de14126c4ce3f520cb4161d3aa0ebfcbb606b98731eca79e4e6799856fdf
-
SHA512
e39a9f271d3de9c2b7acc28e838947fcdff5a73772bd58f1c528dc3bbf3697757a7052a08e2ad80052ca250a4bbb2a54fd6f50b7c7fc407900f3e0de2cfdbbe6
-
SSDEEP
24576:nc72TfSNQLas/1tksHEjAIkzprSbXBd58ZwEQO9OaQIkADYN8hVnznxxzWrEdk9/:nc72TqNC53ksRmiRswDa8hVznxxz2P5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Ascent Premium Proxy.exe
Files
-
Ascent Premium Proxy.exe.exe windows:6 windows x64 arch:x64
97bc15035e44a13012a227dc5e13a29f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
kernel32
InitializeCriticalSectionEx
FormatMessageA
HeapSize
HeapFree
SetLastError
HeapAlloc
LeaveCriticalSection
lstrlenW
GetModuleFileNameW
GetCurrentProcessId
WaitNamedPipeW
PeekNamedPipe
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileW
LocalFree
SleepEx
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcess
HeapReAlloc
GetProcessHeap
SetConsoleTitleA
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
SetConsoleTextAttribute
CreateThread
Sleep
GetStdHandle
HeapDestroy
DeleteCriticalSection
VerifyVersionInfoA
GetTickCount
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
EnterCriticalSection
user32
EmptyClipboard
GetClipboardData
TrackMouseEvent
SetClipboardData
UnregisterClassW
RegisterClassExW
CreateWindowExW
IsChild
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetKeyState
UpdateWindow
DefWindowProcW
SetWindowPos
IsIconic
BringWindowToTop
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
SetWindowTextW
GetClientRect
AdjustWindowRectEx
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
SetProcessDPIAware
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetWindowLongW
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBoxA
gdi32
GetDeviceCaps
advapi32
OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
libcrypto-3-x64
OPENSSL_sk_num
BIO_ctrl
BIO_new_socket
ASN1_STRING_length
ASN1_STRING_get0_data
EVP_MD_CTX_new
EVP_MD_CTX_free
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_DigestFinal_ex
EVP_md5
EVP_sha256
EVP_sha512
X509_STORE_free
X509_STORE_add_cert
X509_free
d2i_X509
X509_get_subject_name
X509_NAME_get_text_by_NID
X509_get_ext_d2i
GENERAL_NAMES_free
OPENSSL_sk_value
libssl-3-x64
TLS_server_method
SSL_set_verify
SSL_CTX_free
SSL_CTX_new
SSL_pending
SSL_set_bio
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get1_peer_certificate
SSL_new
SSL_free
SSL_connect
SSL_read_ex
SSL_write_ex
SSL_ctrl
SSL_get_error
TLS_client_method
SSL_shutdown
SSL_CTX_load_verify_locations
SSL_get_verify_result
OPENSSL_init_ssl
SSL_CTX_set_options
SSL_CTX_use_certificate_chain_file
SSL_accept
SSL_CTX_get_cert_store
SSL_CTX_ctrl
SSL_CTX_set_cert_store
msvcp140
_Cnd_timedwait
_Mtx_current_owns
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Random_device@std@@YAIXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@D@std@@2V0locale@2@A
_Thrd_join
_Thrd_hardware_concurrency
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
ws2_32
select
listen
getsockopt
getsockname
setsockopt
connect
closesocket
shutdown
socket
sendto
WSAStartup
WSAGetLastError
WSARecvFrom
WSASendTo
getpeername
recv
send
WSASocketW
getaddrinfo
freeaddrinfo
getnameinfo
inet_pton
WSAAddressToStringA
WSASetLastError
WSAIoctl
recvfrom
WSACleanup
ioctlsocket
bind
accept
__WSAFDIsSet
ntohs
ntohl
htons
htonl
gethostbyname
gethostname
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertOpenStore
CertFindCertificateInStore
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA
winmm
timeBeginPeriod
timeEndPeriod
timeGetTime
imm32
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
d3dcompiler_47
D3DCompile
normaliz
IdnToAscii
wldap32
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord45
ord50
ord143
ord217
ord46
ord211
ord60
rpcrt4
UuidToStringA
UuidCreate
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140
__std_exception_copy
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strrchr
strstr
memcmp
memchr
memcpy
strchr
__std_terminate
memset
memmove
__std_exception_destroy
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_cexit
_seh_filter_exe
_crt_atexit
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_beginthreadex
_exit
__p___argc
terminate
__p___argv
system
_c_exit
abort
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_getpid
strerror
__sys_nerr
_invalid_parameter_noinfo
exit
_resetstkoflw
_errno
_register_thread_local_exe_atexit_callback
api-ms-win-crt-heap-l1-1-0
malloc
calloc
_set_new_mode
realloc
_callnewh
free
api-ms-win-crt-stdio-l1-1-0
fputs
__acrt_iob_func
__stdio_common_vfprintf
_lseeki64
_get_stream_buffer_pointers
_popen
fclose
_pclose
fgets
__stdio_common_vswprintf
fopen
fflush
fgetc
fgetpos
fputc
fread
__stdio_common_vsscanf
_wfopen
feof
_open
ftell
fseek
_close
_set_fmode
_write
__stdio_common_vsprintf_s
__stdio_common_vsprintf
ungetc
setvbuf
fwrite
__p__commode
_read
_fseeki64
fsetpos
api-ms-win-crt-utility-l1-1-0
srand
qsort
rand
api-ms-win-crt-convert-l1-1-0
strtoull
strtol
strtod
atoi
strtof
atof
strtoll
strtoul
api-ms-win-crt-environment-l1-1-0
getenv
_dupenv_s
api-ms-win-crt-string-l1-1-0
toupper
strncmp
strncpy
isdigit
strpbrk
_strdup
isspace
strcmp
tolower
strcspn
strspn
_stricmp
isupper
api-ms-win-crt-filesystem-l1-1-0
_access_s
_unlink
_unlock_file
remove
_fstat64
_stat64
_access
_lock_file
api-ms-win-crt-math-l1-1-0
log
powf
logf
_dsign
_dclass
ceil
ceilf
pow
acosf
sinf
floor
__setusermatherr
cosf
sqrtf
fmodf
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
_localtime64
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
shell32
ShellExecuteA
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 255KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ