Static task
static1
Behavioral task
behavioral1
Sample
96f89da8528238552b28eb2e29d90cdc.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
96f89da8528238552b28eb2e29d90cdc.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
96f89da8528238552b28eb2e29d90cdc
-
Size
122KB
-
MD5
96f89da8528238552b28eb2e29d90cdc
-
SHA1
e0a2d105c91d1d1f6c0b1e892aaa98ff6c6fd9a2
-
SHA256
c6e41338118f2ce0171bc60292c0cae669862dc37531a5c789a6e3c1e2b7ba4f
-
SHA512
af3c7f0337ae32f6ad1dc518b5e795616f3e407d84a9c166bf565f046002243efd2a5bb48020b27214d3833bbf2278c8ddc7e0157d2e57b1e49f22b1f9e2b330
-
SSDEEP
3072:syFZ0Uu/Ejb2oBBEnwDDwLK9HdFyGAd9qN1gSDjeL0jduAwGQZFUSvv:syFZlAEjbbEUVyGA+DjeL0jduTvv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 96f89da8528238552b28eb2e29d90cdc
Files
-
96f89da8528238552b28eb2e29d90cdc.exe windows:5 windows x86 arch:x86
1c5a9b8c9cb58e02b484133aeb66c249
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
CreatePropertySheetPageW
PropertySheetW
PropertySheetA
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_Draw
InitCommonControls
advapi32
SetNamedSecurityInfoW
EqualSid
RegConnectRegistryW
DeregisterEventSource
ControlService
LookupPrivilegeValueW
RegSetValueA
RegQueryValueExW
SetSecurityDescriptorOwner
LockServiceDatabase
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
RegEnumKeyW
RegQueryValueW
RegisterEventSourceW
GetAclInformation
RegisterTraceGuidsW
LookupAccountNameW
RegQueryValueA
RegDeleteValueW
CryptDestroyKey
GetLengthSid
SetSecurityDescriptorGroup
RegCloseKey
DeleteService
SetServiceStatus
RegQueryInfoKeyA
GetAce
RevertToSelf
GetTraceEnableLevel
CopySid
GetUserNameW
RegEnumValueW
OpenSCManagerA
RegOpenKeyW
OpenServiceA
SetEntriesInAclW
CryptCreateHash
ConvertSidToStringSidW
UnregisterTraceGuids
AdjustTokenPrivileges
CryptHashData
GetSecurityDescriptorControl
RegDeleteKeyW
GetSecurityDescriptorOwner
CryptAcquireContextW
RegEnumKeyExW
QueryServiceConfigW
RegQueryInfoKeyW
UnlockServiceDatabase
GetTraceEnableFlags
GetSidSubAuthorityCount
RegQueryValueExA
LookupAccountSidW
ConvertStringSidToSidW
RegOpenKeyA
LsaFreeMemory
RegDeleteValueA
IsValidSecurityDescriptor
GetTraceLoggerHandle
RegSetValueExA
SetFileSecurityW
FreeSid
RegDeleteKeyA
DuplicateTokenEx
RegSetValueExW
GetUserNameA
LsaQueryInformationPolicy
RegEnumKeyExA
GetSidLengthRequired
IsValidSid
AllocateAndInitializeSid
CryptGenRandom
OpenThreadToken
CryptReleaseContext
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
RegCreateKeyW
ReportEventW
OpenServiceW
RegSetValueW
RegCreateKeyExW
LsaOpenPolicy
AddAce
OpenProcessToken
CryptGetHashParam
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
CloseServiceHandle
ntdll
NtClose
NtQuerySecurityObject
NtQuerySystemInformation
atol
RtlGetAce
NtSetInformationThread
RtlAdjustPrivilege
sprintf
RtlCopySid
RtlNewSecurityObject
NtOpenEvent
NtQueryDirectoryObject
RtlSetOwnerSecurityDescriptor
RtlGetVersion
VerSetConditionMask
wcsncmp
RtlxOemStringToUnicodeSize
NtFreeVirtualMemory
wcsstr
RtlImageNtHeader
RtlSubAuthoritySid
NtSetInformationProcess
RtlTimeToSecondsSince1970
NtAllocateLocallyUniqueId
wcstol
RtlLengthSid
RtlCompareMemory
RtlxUnicodeStringToOemSize
NtQueryPerformanceCounter
RtlFreeSid
RtlCopyLuid
NtOpenProcess
RtlSubAuthorityCountSid
_wcslwr
NtSetInformationFile
RtlDeleteResource
_allmul
RtlxUnicodeStringToAnsiSize
NlsMbOemCodePageTag
RtlCreateUnicodeStringFromAsciiz
RtlAppendUnicodeStringToString
strncpy
RtlUnicodeToOemN
RtlEqualUnicodeString
RtlLookupElementGenericTable
wcsncat
RtlOemToUnicodeN
RtlRaiseStatus
RtlUnicodeStringToAnsiString
RtlQueueWorkItem
wcschr
RtlDeleteCriticalSection
RtlStringFromGUID
NtWaitForSingleObject
NtQueryInformationThread
NlsMbCodePageTag
RtlSetSaclSecurityDescriptor
NtTerminateProcess
RtlAddAccessAllowedAce
NtQueryInformationToken
RtlCreateSecurityDescriptor
RtlRunEncodeUnicodeString
RtlGetNtProductType
RtlCreateAcl
NtDeleteKey
NtAdjustPrivilegesToken
DbgPrint
RtlAllocateAndInitializeSid
RtlDeleteElementGenericTable
RtlFreeUnicodeString
_wcsicmp
RtlMultiByteToUnicodeN
RtlAllocateHeap
strchr
NtCreateFile
NtMapViewOfSection
NtQueryValueKey
_wcsupr
_chkstk
RtlFreeAnsiString
RtlUnicodeToMultiByteN
NtUnmapViewOfSection
comdlg32
GetOpenFileNameW
GetFileTitleA
PrintDlgA
CommDlgExtendedError
ChooseColorW
GetFileTitleW
ChooseFontA
ChooseColorA
GetOpenFileNameA
PageSetupDlgW
FindTextW
PageSetupDlgA
ChooseFontW
FindTextA
PrintDlgW
GetSaveFileNameA
PrintDlgExW
GetSaveFileNameW
oleaut32
SysFreeString
SafeArrayGetUBound
VariantInit
VariantChangeTypeEx
VariantClear
LoadTypeLib
SafeArrayPutElement
GetErrorInfo
SafeArrayAccessData
GetActiveObject
VariantCopy
VariantChangeType
SafeArrayGetElement
RegisterTypeLib
OleLoadPicture
SafeArrayCreate
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayGetLBound
CreateErrorInfo
SysStringLen
SysReAllocStringLen
SysAllocStringByteLen
VariantCopyInd
SafeArrayUnaccessData
SetErrorInfo
SysStringByteLen
kernel32
GetCurrentThreadId
VirtualQuery
FindFirstFileA
CreateFileA
CreateDirectoryW
WaitForSingleObject
FileTimeToSystemTime
SetLastError
GetThreadLocale
FindClose
FormatMessageW
GetVersionExW
FormatMessageA
GetFullPathNameW
WideCharToMultiByte
GetVersionExA
MultiByteToWideChar
OpenEventA
GetModuleHandleA
FreeEnvironmentStringsW
GetFileAttributesA
VirtualAlloc
VirtualProtect
GetCommandLineW
LCMapStringW
CreateFileMappingA
InterlockedIncrement
GetModuleFileNameA
GetLocaleInfoW
DeleteFileW
TerminateProcess
MapViewOfFile
RtlUnwind
GetProcessHeap
GetSystemDirectoryA
FileTimeToLocalFileTime
CreateProcessA
ExitProcess
FindNextFileA
CreateProcessW
HeapCreate
FindFirstFileW
IsDebuggerPresent
FindNextFileW
GetUserDefaultLCID
SystemTimeToFileTime
SetEvent
ResumeThread
HeapAlloc
GetCurrentThread
GetExitCodeThread
CreateEventW
lstrlenA
LCMapStringA
FreeLibrary
GetCommandLineA
GetModuleHandleW
TlsFree
ActivateActCtx
GetSystemInfo
DisableThreadLibraryCalls
SetErrorMode
MulDiv
GetConsoleMode
Sleep
QueryPerformanceCounter
SetStdHandle
GetFileSize
GetComputerNameW
GetLocalTime
GlobalLock
IsBadWritePtr
FindResourceA
lstrlenW
GetWindowsDirectoryW
TlsGetValue
OpenMutexA
DeleteCriticalSection
InterlockedDecrement
lstrcpyW
SetFileAttributesW
GetModuleFileNameW
GetExitCodeProcess
CreateFileW
GetCurrentProcess
user32
BeginPaint
GetSystemMenu
LoadIconW
UnregisterClassA
SetCursor
EnableWindow
SetDlgItemTextW
GetWindow
GetMessageA
MoveWindow
GetClassNameW
WinHelpW
SetWindowTextA
GetMenu
RegisterWindowMessageA
CallNextHookEx
PostMessageA
GetWindowThreadProcessId
ScreenToClient
GetSysColor
GetMessagePos
MsgWaitForMultipleObjects
CharLowerW
LoadStringA
GetMessageW
KillTimer
EqualRect
SystemParametersInfoA
RegisterClipboardFormatW
DestroyMenu
SendDlgItemMessageA
InflateRect
SetWindowRgn
SendDlgItemMessageW
DrawIcon
CheckMenuItem
IsIconic
CreateDialogParamW
GetSysColorBrush
GetWindowDC
LoadBitmapA
GetPropA
SetWindowLongW
UnhookWindowsHookEx
LoadIconA
CharPrevA
GetAncestor
GetWindowRect
LoadImageW
GetMenuItemCount
GetActiveWindow
SystemParametersInfoW
PtInRect
RegisterClassExA
GetAsyncKeyState
CharPrevW
GetWindowTextW
RegisterClassA
FindWindowW
GetSubMenu
LoadStringW
ShowWindow
OffsetRect
EnumChildWindows
CharUpperA
PostMessageW
IsWindow
GetSystemMetrics
DestroyIcon
RegisterWindowMessageW
FillRect
GetFocus
SetForegroundWindow
DispatchMessageA
CheckRadioButton
IsWindowEnabled
IntersectRect
DestroyWindow
MessageBeep
MapWindowPoints
CharNextW
IsChild
SetWindowLongA
IsRectEmpty
GetWindowTextLengthW
SetWindowPos
EnableMenuItem
CopyRect
DrawFocusRect
GetForegroundWindow
GetDlgItem
EndDialog
EndPaint
GetDC
DrawTextA
RedrawWindow
wsprintfW
GetDlgCtrlID
GetCapture
SendMessageA
GetDlgItemTextA
SetCapture
wsprintfA
SetFocus
MessageBoxW
GetKeyState
DialogBoxParamW
CreateWindowExW
GetCursorPos
IsZoomed
GetWindowLongA
GetClientRect
SetRect
gdi32
DeleteDC
CreateFontIndirectA
GetTextAlign
CreateDIBSection
ScaleWindowExtEx
EndDoc
PtVisible
PatBlt
Ellipse
GetObjectType
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
CreateCompatibleDC
CreatePatternBrush
CreatePen
CreateRectRgnIndirect
EndPage
GetWindowExtEx
GetNearestColor
GetTextExtentPoint32A
SetStretchBltMode
GetDIBits
GetSystemPaletteEntries
CreatePalette
DeleteObject
SetViewportExtEx
CreateDCW
SetTextColor
GetTextMetricsW
RestoreDC
StretchDIBits
CreateMetaFileW
TextOutW
GetTextExtentPoint32W
ExtTextOutW
GetPixel
EnumFontFamiliesExW
ExtSelectClipRgn
Rectangle
SetTextAlign
BitBlt
GetTextMetricsA
CreateFontIndirectW
GetClipBox
GetBitmapBits
GetTextExtentPointW
StretchBlt
ScaleViewportExtEx
CreateMetaFileA
SaveDC
OffsetViewportOrgEx
ExcludeClipRect
CreateDIBitmap
CreateBitmap
GetBkColor
GetStockObject
IntersectClipRect
DPtoLP
SetWindowOrgEx
GetClipRgn
GetBkMode
GetCurrentObject
GetGlyphOutlineA
LineTo
CloseMetaFile
GetPaletteEntries
SetBkColor
RectVisible
TranslateCharsetInfo
GetViewportExtEx
SetBkMode
CreateDCA
SetMapMode
FillRgn
TextOutA
CreateFontA
DeleteMetaFile
RealizePalette
version
GetFileVersionInfoA
VerFindFileW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
VerLanguageNameA
ole32
CoRegisterClassObject
CoRevertToSelf
CoGetInterfaceAndReleaseStream
ProgIDFromCLSID
OleRegEnumVerbs
MkParseDisplayName
CoInitializeEx
IIDFromString
CoCreateGuid
CoTaskMemRealloc
CoRevokeClassObject
CLSIDFromProgID
StgOpenStorage
CoGetMalloc
CoReleaseMarshalData
CoInitialize
CoCreateInstanceEx
CreateBindCtx
CoCreateInstance
OleRegGetUserType
StgCreateDocfile
OleRegGetMiscStatus
CreateOleAdviseHolder
CLSIDFromString
CreateDataAdviseHolder
CoInitializeSecurity
ReleaseStgMedium
CoGetClassObject
CreateStreamOnHGlobal
OleSaveToStream
CoSetProxyBlanket
CoDisconnectObject
OleRun
OleUninitialize
PropVariantClear
StgCreateDocfileOnILockBytes
OleInitialize
PropVariantCopy
GetRunningObjectTable
CreateILockBytesOnHGlobal
StgIsStorageFile
CreateItemMoniker
CoCreateFreeThreadedMarshaler
WriteClassStm
CoUninitialize
OleLoadFromStream
CoMarshalInterface
CoTaskMemFree
CoImpersonateClient
CoFreeUnusedLibraries
CoMarshalInterThreadInterfaceInStream
StringFromIID
CoUnmarshalInterface
CoTaskMemAlloc
StringFromGUID2
CoGetObjectContext
GetHGlobalFromStream
shell32
ShellExecuteA
CommandLineToArgvW
SHBindToParent
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW
DragQueryFileA
SHFileOperationW
SHBrowseForFolderA
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListA
DragQueryFileW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
SHChangeNotify
rpcrt4
RpcImpersonateClient
UuidFromStringW
UuidToStringA
CStdStubBuffer_QueryInterface
NdrClientCall2
CStdStubBuffer_Disconnect
NdrStubCall2
RpcStringBindingComposeW
RpcServerRegisterAuthInfoW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcRevertToSelf
CStdStubBuffer_AddRef
NdrDllCanUnloadNow
NdrOleFree
RpcBindingFromStringBindingW
CStdStubBuffer_IsIIDSupported
NdrDllRegisterProxy
RpcStringFreeW
NdrServerCall2
RpcBindingSetAuthInfoExW
RpcRaiseException
RpcEpResolveBinding
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
RpcBindingSetAuthInfoW
CStdStubBuffer_DebugServerRelease
RpcBindingToStringBindingW
UuidToStringW
RpcStringBindingParseW
RpcServerUseProtseqEpW
RpcBindingVectorFree
CStdStubBuffer_Connect
RpcStringFreeA
UuidCreate
NdrOleAllocate
NdrStubForwardingFunction
NdrDllGetClassObject
RpcBindingFree
IUnknown_QueryInterface_Proxy
shlwapi
PathRemoveBackslashW
SHDeleteKeyW
PathStripToRootA
PathIsDirectoryW
StrCmpNW
PathFileExistsW
SHDeleteValueA
StrCmpIW
SHRegGetBoolUSValueW
SHStrDupW
StrStrIW
StrCmpNIW
StrCmpW
PathAppendA
PathAddBackslashW
wnsprintfW
PathCombineW
PathStripToRootW
StrRChrW
SHGetValueW
SHSetValueW
StrChrIW
StrToIntW
PathIsRootW
PathFindFileNameA
PathRemoveFileSpecA
StrRetToBufW
StrDupW
StrStrW
PathFindExtensionW
wnsprintfA
PathRemoveBlanksW
PathSkipRootW
PathRemoveFileSpecW
StrCpyW
PathFindFileNameW
PathIsURLW
PathIsUNCW
UrlUnescapeW
StrCatBuffW
PathFindExtensionA
StrTrimW
PathIsRelativeW
PathGetDriveNumberW
StrStrIA
PathCreateFromUrlW
StrChrW
AssocQueryStringW
SHDeleteValueW
PathRemoveExtensionW
StrCmpNIA
StrToIntExW
StrCatW
msvcrt
_fileno
_strnicmp
wcsncmp
strncpy
iswdigit
_controlfp
_CxxThrowException
free
_ultoa
_write
strncmp
__CxxFrameHandler
strchr
fclose
fopen
_itow
_wtol
__initenv
wcsspn
_tell
_stricmp
_CIacos
_isatty
__setusermatherr
wcsstr
atol
_acmdln
strlen
bsearch
_rotr
realloc
memmove
__set_app_type
__pioinfo
floor
_wcsupr
fflush
malloc
_chsize
_access
strrchr
_commit
sscanf
_wcsnicmp
__p__osver
_wcsdup
__wgetmainargs
setlocale
_wcslwr
_lseeki64
_vsnwprintf
rand
swscanf
isalpha
swprintf
isleadbyte
wcspbrk
_CIsqrt
_wtoi
__dllonexit
srand
wcsncat
_wcsicmp
qsort
_except_handler3
time
iswalpha
__p__fmode
_ftol
wcscspn
??1type_info@@UAE@XZ
_snprintf
_vsnprintf
ctime
_onexit
_wsplitpath
towupper
toupper
??2@YAPAXI@Z
wcslen
?terminate@@YAXXZ
wcstok
_strdup
_snwprintf
tolower
__getmainargs
fread
_ltow
_itoa
_cexit
atoi
ceil
wcstoul
exit
fwrite
strstr
_XcptFilter
strtok
isxdigit
_ultow
wcscpy
__p__commode
_local_unwind2
Sections
.tls Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ