WindowsActionDialog.pdb
Static task
static1
1 signatures
General
-
Target
WindowsActionDialog.exe
-
Size
60KB
-
MD5
592efcf6aa5db766461916061b2d4af9
-
SHA1
487370b414518fc7a3e6fd06e73a112795d13baf
-
SHA256
60948718aa23398c24badd7ce9a9fc6f36160dbb578adc593ff465ae878b9782
-
SHA512
98714ce857f72af035a9565fef2c038a75838f1c4246bf48785c2585cedd180432392f37b667d4d444b8f1103352fad2052dd8b94b19d0991adea61dbbb237aa
-
SSDEEP
1536:+BN+Ay4F5ePIrgJuhEhDZAHpwBXhE4chjKmr/eso4s+Ic88v5qsQSyIQ:a+m5ewrQuh8ypwBXh0K+Vnl28xqsQfIQ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource WindowsActionDialog.exe
Files
-
WindowsActionDialog.exe.exe windows:10 windows x64 arch:x64
Password: 5
f42f7a5425cb00e71d7c4716f98bca8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
ReleaseMutex
CreateEventW
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
SetThreadpoolTimer
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CloseHandle
GetModuleFileNameA
msvcp110_win
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
msvcrt
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
memcpy
_cexit
_exit
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
memmove
__setusermatherr
??3@YAXPEAX@Z
exit
memset
ole32
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
ntdll
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
api-ms-win-core-winrt-l1-1-0
RoUninitialize
RoInitialize
oleaut32
SysFreeString
SysStringLen
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetStartupInfoW
TerminateProcess
GetCurrentProcess
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
FreeLibrary
api-ms-win-core-com-l1-1-0
CoTaskMemAlloc
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
user32
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
TranslateMessage
dui70
InitThread
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
UnInitProcessPriv
UnInitThread
InitProcessPriv
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.imrsiv Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ