D:\Bamboo\home\xml-data\build-dir\CST-DLIN-SOURCES\bin\Win32\ReleaseMT\bdreinit.pdb
Static task
static1
Behavioral task
behavioral1
Sample
filename.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
filename.exe
Resource
win10v2004-20231215-en
General
-
Target
filename.exe
-
Size
1.4MB
-
MD5
1db34920c3ae3eb8560695f89e92d930
-
SHA1
531fea122037a7b503e0fcb42aa24382a9631ac8
-
SHA256
569cf3de44279490ab8fe47d78ace6d5cbd6e6413be9d14316d31338eef12bdd
-
SHA512
b311b876c06e8d056a06991a8ebbcfd56c47a0b5d72e5f6ac94a20546f5c7bb857b143d22a09649e630d2474dfe8b7c9115b102443fe12910969f55178a74336
-
SSDEEP
24576:y0/wpWGxRsnyM3LF+0mlBnjs60nEisX1N9rm1Jo/13JQyjLc22dEaY7Unbya87CJ://wn0x3LFfmHnIZE9rm1Ji3hLc22dEa3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource filename.exe
Files
-
filename.exe.exe windows:6 windows x86 arch:x86
c360eb5cf26a327cc9c0bc75621b0558
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
dbghelp
MiniDumpWriteDump
kernel32
GetCurrentThreadId
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameA
DebugBreak
OutputDebugStringW
CloseHandle
ExpandEnvironmentStringsW
CreateFileW
GetFileInformationByHandle
LoadLibraryW
DeviceIoControl
GetTickCount64
DeleteFileW
GetCurrentProcessId
FileTimeToSystemTime
GetCurrentProcess
GetProcessTimes
SetFileAttributesW
CreateDirectoryW
GetLocalTime
WideCharToMultiByte
GetModuleHandleA
FindClose
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
WriteConsoleW
lstrcpynW
IsDebuggerPresent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenSemaphoreW
Sleep
SetFileInformationByHandle
FormatMessageW
GetVersionExW
GetFileSize
SetFilePointer
ReadFile
WriteFile
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFinalPathNameByHandleW
QueryDosDeviceW
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
CreateToolhelp32Snapshot
GetTickCount
ReadProcessMemory
Module32FirstW
Module32NextW
lstrlenW
LoadLibraryExW
CreateFileMappingW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDefaultUILanguage
K32GetProcessMemoryInfo
SetEvent
LocalFree
OpenFileById
GetFileInformationByHandleEx
SetEndOfFile
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetBinaryTypeW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
FreeLibrary
SetLastError
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleFileNameW
MultiByteToWideChar
GetTimeFormatW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
GetFileSizeEx
GetStringTypeW
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStdHandle
CreateFileA
FindFirstFileA
VirtualFree
VirtualAlloc
InitializeCriticalSection
CreateSemaphoreA
CreateEventA
WaitForMultipleObjects
GetTempPathA
DeleteFileA
SetFileAttributesA
GetTempFileNameA
RtlUnwind
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetStdHandle
GetFileType
CreateThread
ExitThread
FreeLibraryAndExitThread
FlushFileBuffers
ExitProcess
CompareStringW
user32
CharLowerW
wsprintfW
CharUpperA
CharLowerA
CharUpperW
advapi32
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
shell32
CommandLineToArgvW
oleaut32
VariantCopy
VariantClear
SysAllocString
SysFreeString
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
shlwapi
PathFindFileNameW
imagehlp
MapFileAndCheckSumW
wtsapi32
WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 191KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ