Static task
static1
Behavioral task
behavioral1
Sample
Impactor.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Impactor.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Impactor.exe
-
Size
7.8MB
-
MD5
a6433d847ed65a4d4c0e295b49fbf36a
-
SHA1
d4f5ac28f23c4eb7376ed502a4ecdbed92603428
-
SHA256
0edf4fdf71541686eb779155b1a6ef51d78a150bebbeb58d3c70820a0f416cf5
-
SHA512
9917967085ecc63acadbda06ceb84852faa196c164136369b56f057ec8483ca4111f4fae6f0e3d1042cb3f697457ac290dd7ad631711e6475868dcb0ce8c69aa
-
SSDEEP
196608:pdVSji17pLL2W1aMw8k4ZHBbhDO8S1RTT7H2y56WJ7JUuO+xO0/iitIcPzUcaI7i:3rD1aMwMhD37Ac96EssM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Impactor.exe
Files
-
Impactor.exe.exe windows:4 windows x86 arch:x86
e09cbf76574fe075f2c44d09748c4195
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
AdjustTokenPrivileges
CryptAcquireContextA
CryptGenRandom
DeregisterEventSource
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceA
ReportEventA
comctl32
CreateUpDownControl
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
InitCommonControls
comdlg32
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
PrintDlgW
crypt32
CryptProtectData
CryptUnprotectData
gdi32
Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileW
CreateFontIndirectW
CreateHatchBrush
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
GdiFlush
GetBkColor
GetCharABCWidthsW
GetClipBox
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetEnhMetaFileW
GetMetaFileBitsEx
GetNearestPaletteIndex
GetObjectA
GetObjectW
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
GetWinMetaFileBits
LineTo
MaskBlt
MoveToEx
OffsetRgn
Pie
PlayEnhMetaFile
PolyBezier
PolyPolygon
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
Rectangle
RoundRect
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetMetaFileBitsEx
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
kernel32
AllocConsole
CloseHandle
CopyFileW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DebugBreak
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
EnumResourceNamesW
ExitProcess
ExpandEnvironmentStringsW
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindResourceW
FindVolumeClose
FormatMessageW
FreeConsole
FreeLibrary
GetACP
GetCPInfo
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetHandleInformation
GetLastError
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProfileStringW
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
IsBadReadPtr
IsBadStringPtrA
IsDBCSLeadByteEx
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputCharacterA
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetProcessAffinityMask
SetThreadContext
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
SizeofResource
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
msvcrt
__argc
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_chmod
_chsize
_commit
_close
_close
_ctime64
_dup
_dup2
_endthread
_endthreadex
_environ
_errno
_exit
_fdopen
_fdopen
_filelengthi64
_fileno
_fileno
_findclose
_findfirst
_findnext
_fmode
_fstat64
_fstati64
_fullpath
_get_osfhandle
_getch
_getcwd
_getcwd
_getpid
_gmtime64
_initterm
_iob
_localtime64
_lock
_lseeki64
_mktime64
_open
_mkdir
_mkdir
_onexit
_open
_open_osfhandle
_putws
_read
_read
_setjmp3
_setmode
_sleep
_snwprintf
_stat
_stati64
_strdup
_stricmp
_stricmp
_strnicmp
_telli64
_time64
_strdup
_timezone
_tzset
_umask
_unlink
_unlock
_utime
_vsnprintf
_waccess
_wchmod
_wcsdup
_wfindfirst
_wfindnext
_wfopen
_wfullpath
_wgetenv
_wmkdir
_wopen
_wperror
_wputenv
_wremove
_wrename
_write
_write
_wrmdir
_wstat64
_wstat
_wtoi
_wtol
_wunlink
_wutime64
abort
ctime
atof
atoi
atol
bsearch
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
getwc
gmtime
isalnum
isalpha
islower
isspace
isupper
iswalnum
mktime
iswalpha
iswctype
iswdigit
iswprint
iswspace
isxdigit
localeconv
localtime
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
putwc
qsort
raise
rand
realloc
remove
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
strxfrm
swscanf
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
vswprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncpy
wcspbrk
wcsspn
wcsstr
wcstod
wcstol
wcstombs
wcstoul
wcsxfrm
ole32
CoCreateInstance
CoLockObjectExternal
CoTaskMemAlloc
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
oleaut32
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayUnlock
SysAllocString
SysFreeString
SysReAllocString
SysStringLen
SystemTimeToVariantTime
VarBstrFromCy
VariantInit
VariantTimeToSystemTime
shell32
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ExtractIconExW
ExtractIconW
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
user32
AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsW
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyRect
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateDialogParamW
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdePostAdvise
DdeQueryStringW
DdeUninitialize
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumClipboardFormats
EnumDisplaySettingsW
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDoubleClickTime
GetFocus
GetIconInfo
GetKeyState
GetMenuItemCount
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetProcessWindowStation
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRgn
GetUserObjectInformationW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyA
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterHotKey
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetRect
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoW
ToAscii
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UnregisterHotKey
UpdateWindow
ValidateRect
ValidateRgn
VkKeyScanW
WaitForInputIdle
WindowFromPoint
keybd_event
winspool.drv
ClosePrinter
DocumentPropertiesW
OpenPrinterW
ws2_32
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASetLastError
gethostbyaddr
getservbyname
getservbyport
inet_addr
inet_ntoa
wsock32
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket
adbwinapi
AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync
impactor
afc_client_free
afc_client_new
afc_client_new_with_service_client
afc_file_close
afc_file_open
afc_file_read
afc_file_seek
afc_file_tell
afc_file_truncate
afc_file_write
afc_get_device_info
afc_get_file_info
afc_make_directory
afc_make_link
afc_read_directory
afc_remove_path
afc_remove_path_and_contents
afc_rename_path
afc_set_file_time
afc_truncate
bsd_getopt
curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_global_init
curl_slist_append
curl_slist_free_all
cym_idevicebackup
cym_idevicebackup2
cym_idevicecrashreport
cym_idevicerestore
cym_idevicescreenshot
cym_idevicesyslog
cyr_main
idevice_connection_receive_timeout
idevice_connection_send
idevice_disconnect
idevice_free
idevice_get_udid
idevice_set_debug_level
instproxy_browse
instproxy_client_free
instproxy_client_new
instproxy_client_options_add
instproxy_client_options_free
instproxy_client_options_new
instproxy_client_options_set_return_attributes
instproxy_lookup
libusb_attach_kernel_driver@8
libusb_bulk_transfer@24
libusb_claim_interface@8
libusb_close@4
libusb_control_transfer@32
libusb_detach_kernel_driver@8
libusb_exit@4
libusb_free_config_descriptor@4
libusb_free_device_list@8
libusb_get_config_descriptor@12
libusb_get_device_descriptor@8
libusb_get_device_list@8
libusb_get_string_descriptor_ascii@16
libusb_init@4
libusb_open@8
libusb_ref_device@4
libusb_release_interface@8
libusb_set_debug@8
libusb_set_interface_alt_setting@12
libusb_unref_device@4
libusbmuxd_set_debug_level
lockdownd_client_free
lockdownd_client_new_with_handshake
lockdownd_get_device_name
lockdownd_get_value
lockdownd_service_descriptor_free
lockdownd_start_service
lockdownd_start_service_with_escrow_bag
mobilebackup2_client_free
mobilebackup2_client_new
mobilebackup2_send_request
mobilebackup2_send_status_response
mobilebackup2_version_exchange
nfs_close
nfs_closedir
nfs_fstat64
nfs_ftruncate
nfs_link
nfs_lseek
nfs_lstat64
nfs_mkdir2
nfs_open
nfs_opendir
nfs_read
nfs_readdir
nfs_rename
nfs_rewinddir
nfs_rmdir
nfs_symlink
nfs_truncate
nfs_unlink
nfs_utimes
nfs_write
plist_array_append_item
plist_array_get_item
plist_array_get_size
plist_array_remove_item
plist_array_set_item
plist_copy
plist_dict_get_item
plist_dict_get_size
plist_dict_new_iter
plist_dict_next_item
plist_dict_remove_item
plist_dict_set_item
plist_free
plist_from_bin
plist_from_memory
plist_from_xml
plist_get_bool_val
plist_get_data_val
plist_get_node_type
plist_get_real_val
plist_get_string_val
plist_get_uint_val
plist_new_array
plist_new_bool
plist_new_data
plist_new_date
plist_new_dict
plist_new_real
plist_new_string
plist_new_uint
plist_to_bin
plist_to_xml
property_list_service_client_free
property_list_service_client_new
property_list_service_receive_plist_with_timeout
property_list_service_send_xml_plist
usbmuxd_subscribe
usbmuxd_unsubscribe
wdi_create_list@8
wdi_destroy_list@4
wdi_install_driver@16
wdi_prepare_driver@16
wdi_strerror@4
zip_close
zip_error_fini
zip_error_init
zip_error_set
zip_error_strerror
zip_error_to_data
zip_fclose
zip_file_get_error
zip_file_get_external_attributes
zip_fopen_index
zip_fread
zip_fseek
zip_ftell
zip_get_error
zip_get_name
zip_get_num_entries
zip_name_locate
zip_open_from_source
zip_source_free
zip_source_function_create
zip_stat_index
zip_stat_init
Sections
.text Size: 6.2MB - Virtual size: 6.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 240KB - Virtual size: 240KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 203KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE