__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
Behavioral task
behavioral1
Sample
470e11682abb522051bfe838db8c2f239ab4efca23c8c5956cedb3282e12f94e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
470e11682abb522051bfe838db8c2f239ab4efca23c8c5956cedb3282e12f94e.exe
Resource
win10v2004-20231215-en
Target
470e11682abb522051bfe838db8c2f239ab4efca23c8c5956cedb3282e12f94e.exe
Size
342KB
MD5
fd662e8647b16c7707117adfa9270f35
SHA1
ed2e9ca1dc151b632c4c851dfb79205c92683d10
SHA256
1be8e28cc326a59390ab47c591700559a01e6187e2fb4cea97abbab4da00aa1b
SHA512
18852b3200ce7fd877f82551d9a132001cbf9ead27ddc0839039abec7f36d3302bc88c77da225e4f2fb02a5a638ad5a8f5f4618a3c105c1f6a5ace87660f7f62
SSDEEP
6144:Ix2QdiglMFGfzIBeZO8Wf2cMR3CO/xZqqDLuz+4pQoL27aR9:IAQsgScEyd3CJqnuq4z2mR9
resource | yara_rule |
---|---|
sample | INDICATOR_SUSPICIOUS_GENRansomware |
Checks for missing Authenticode signature.
resource |
---|
470e11682abb522051bfe838db8c2f239ab4efca23c8c5956cedb3282e12f94e.exe |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
SetFileAttributesW
GetFileType
SetFileTime
GetFileTime
GetACP
CloseHandle
LocalFree
SizeofResource
GetCurrentProcessId
UnlockFile
FindNextFileW
VirtualFree
ExitProcess
GetNumberOfConsoleInputEvents
RtlUnwind
SetFilePointerEx
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
GetFileSizeEx
LoadLibraryA
ResetEvent
GetVolumeInformationW
FreeResource
GetVersion
RaiseException
MoveFileW
FormatMessageW
OpenProcess
SwitchToThread
LockResource
LoadLibraryExW
TerminateProcess
SetPriorityClass
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
Sleep
EnterCriticalSection
GetDiskFreeSpaceExW
SetFilePointer
LoadResource
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetCurrentProcess
AllocConsole
VirtualAlloc
GetCommandLineW
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetProcAddress
GetVersionExW
VerifyVersionInfoW
GetWindowsDirectoryW
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
LockFile
GetConsoleCP
PeekConsoleInputW
lstrlenW
SetEndOfFile
QueryPerformanceCounter
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
FreeConsole
GetLocalTime
WaitForSingleObject
WriteFile
FlushConsoleInputBuffer
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
gethostbyaddr
WSAStartup
closesocket
socket
WSAIoctl
ShellExecuteW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
CharUpperBuffA
CharUpperBuffW
CharNextW
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
GetKeyboardLayoutList
MessageBoxW
GetIpNetTable
SysAllocStringLen
SysFreeString
SysReAllocStringLen
NetWkstaGetInfo
NetApiBufferFree
NetShareEnum
CloseServiceHandle
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
GetUserNameW
RegCloseKey
OpenSCManagerW
RegOpenKeyExW
EnumServicesStatusA
EnumServicesStatusW
__dbk_fcall_wrapper
dbkFCallWrapperAddr
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ