D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb
Static task
static1
Behavioral task
behavioral1
Sample
8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721.exe
Resource
win10v2004-20231215-en
General
-
Target
8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721
-
Size
2.8MB
-
MD5
d88957ce73ecc965e9e20135485ba261
-
SHA1
677d695691f1a09af9c7cc912c000dfe654042aa
-
SHA256
8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721
-
SHA512
4074fa9ae7d011ede4bbdd78626b55d4e16161899e4c7febee80ff3335e15a8ae6f62339820175e47e80729599d8083f212f6797c9c591e377e18151f90411b4
-
SSDEEP
49152:OoN5hj0b85135CIxzHOldFEFIJuCPcXqut1Z36OJIeb6gP3yTotvDdvPhgo7gq0y:OoP+APAtfzJebdgqX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721
Files
-
8f85511a3740813e02772f3c3de36a0212c4b92144edc1570b7ceec367e84721.exe windows:5 windows x86 arch:x86
8db8fb9e60bb3feaa9b5391615e2c7bd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
psapi
GetModuleFileNameExA
ws2_32
htons
WSAStartup
WSAGetLastError
WSACleanup
closesocket
setsockopt
ioctlsocket
socket
__WSAFDIsSet
select
shutdown
connect
recv
send
htonl
ntohl
gethostbyname
dbghelp
MiniDumpWriteDump
kernel32
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
TerminateThread
FreeResource
GetUserDefaultUILanguage
RaiseException
DecodePointer
CreateDirectoryW
GetCurrentProcessId
SetUnhandledExceptionFilter
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
GetExitCodeProcess
IsDBCSLeadByte
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
CopyFileW
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
InitializeCriticalSection
GetSystemDefaultLangID
OpenProcess
SleepEx
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
MulDiv
GetACP
lstrlenW
GlobalLock
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
EnterCriticalSection
LocalFileTimeToFileTime
GlobalAlloc
lstrcpyW
lstrcmpiW
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStdHandle
SetEnvironmentVariableA
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetStringTypeW
EncodePointer
LeaveCriticalSection
GetFileTime
GetSystemDirectoryW
GetModuleFileNameA
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
GetSystemInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetLocalTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteFileW
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentThreadId
GlobalFree
MultiByteToWideChar
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
user32
EnumDisplayDevicesW
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DestroyWindow
DefWindowProcW
GetSystemMetrics
TrackPopupMenu
DestroyMenu
ClientToScreen
SetCaretPos
GetCaretPos
MessageBoxW
InvalidateRect
IsWindow
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
OffsetRect
InflateRect
UnionRect
wsprintfW
GetWindowRect
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
GetMessageW
TranslateMessage
DispatchMessageW
HideCaret
ShowCaret
CreateCaret
GetWindowRgn
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetKeyNameTextW
GetCaretBlinkTime
CreatePopupMenu
AppendMenuW
SendMessageW
EnableMenuItem
GetPropW
IsWindowEnabled
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
EqualRect
CreateAcceleratorTableW
GetGUIThreadInfo
SetForegroundWindow
MapVirtualKeyExW
FillRect
DrawTextW
SetRect
CharPrevW
MoveWindow
UpdateLayeredWindow
GetKeyboardLayout
gdi32
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
PlayEnhMetaFile
CreateCompatibleBitmap
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
StretchBlt
SelectObject
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
TextOutW
GdiFlush
CreateRectRgn
PtInRegion
CreatePatternBrush
GetBitmapBits
SetBitmapBits
SetStretchBltMode
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetObjectA
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
SaveDC
CreatePen
GetTextExtentPoint32W
advapi32
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
shell32
SHGetPathFromIDListW
DragQueryFileW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW
ord165
ole32
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
RegisterDragDrop
CreateStreamOnHGlobal
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
DoDragDrop
comctl32
ord17
_TrackMouseEvent
gdiplus
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipTranslateWorldTransform
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawImageRectI
GdipRotateWorldTransform
GdipFillRectangleI
GdipDrawString
GdipCloneStringFormat
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
winhttp
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
shlwapi
PathAddBackslashW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
d3d9
Direct3DCreate9
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
netapi32
Netbios
Exports
Exports
??4BeaconClient@@QAEAAV0@$$QAV0@@Z
??4BeaconClient@@QAEAAV0@ABV0@@Z
?GetCommParamGetter@BeaconClient@@SAABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@XZ
?GetCommcomParams@BeaconClient@@SAABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@XZ
?GetConfig@BeaconClient@@SAABUBeaconConfig@@XZ
?InitSDK@BeaconClient@@SAXABUBeaconConfig@@@Z
?PrepareParams@BeaconClient@@SA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@ABV23@_J@Z
?Quit@BeaconClient@@SAXXZ
?Report@BeaconClient@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@W4RequestPriority@Beacon@@@Z
?SetCommParamGetter@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@@Z
?SetCommonParams@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 411KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.QMGuid Size: 512B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 446KB - Virtual size: 446KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ