Static task
static1
Behavioral task
behavioral1
Sample
a0c5fab36cbf6a144cd815e3f9000a23.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
a0c5fab36cbf6a144cd815e3f9000a23.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
General
-
Target
a0c5fab36cbf6a144cd815e3f9000a23
-
Size
404KB
-
MD5
a0c5fab36cbf6a144cd815e3f9000a23
-
SHA1
35181942bd03947da1083e7793844dbad8e9d131
-
SHA256
ce17505892b42c435bf888a77988e1c839917822be89982bd860de2dca0558e9
-
SHA512
2c4036c604b2ce13582472116570281812fcf101ffbc505d988b2c1845865709de462860cf7cf0a0f2bdbd72f5bee1f77596f76e5f3f38dd7b23de7ece7284c1
-
SSDEEP
12288:i8uqxSUf/b5avZ4CQzQLLeQOwEh4JUwO:i9EwOzQ2QTEyE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a0c5fab36cbf6a144cd815e3f9000a23
Files
-
a0c5fab36cbf6a144cd815e3f9000a23.exe windows:4 windows x86 arch:x86
ed5deaf60cae37b92a16216d6816ad52
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
TerminateThread
HeapUnlock
EnumSystemCodePagesW
GetUserDefaultLCID
GetUserDefaultLangID
CreateFileMappingA
GetFileSize
GetProcAddress
ExpandEnvironmentStringsA
SetTimeZoneInformation
HeapSize
CreateConsoleScreenBuffer
LocalShrink
MoveFileW
GetSystemDefaultLangID
Heap32First
OutputDebugStringW
MultiByteToWideChar
GlobalFlags
CreateProcessW
VirtualAllocEx
OpenMutexW
FindNextFileW
GetFileInformationByHandle
FillConsoleOutputCharacterW
OpenFile
CreateNamedPipeW
Module32First
GetProfileSectionW
DefineDosDeviceW
LocalReAlloc
CreateMailslotA
GetConsoleScreenBufferInfo
UnlockFile
VirtualFreeEx
FoldStringA
UnlockFileEx
GetSystemTimeAdjustment
SetThreadIdealProcessor
WriteProfileSectionW
CreateMailslotW
GetStringTypeW
EnumSystemCodePagesA
GetExitCodeThread
GlobalAddAtomA
DefineDosDeviceA
SearchPathW
GetProcessVersion
LoadLibraryExW
GetProfileSectionA
ReadConsoleInputW
DisableThreadLibraryCalls
WriteConsoleOutputA
GlobalAlloc
SetLocaleInfoW
FindFirstChangeNotificationA
FindAtomW
DosDateTimeToFileTime
SetFilePointer
WaitForMultipleObjectsEx
GetFileAttributesW
GetStringTypeExW
GetLargestConsoleWindowSize
lstrcmpi
EnumDateFormatsA
GetCalendarInfoW
SetConsoleCursorPosition
CommConfigDialogW
WriteConsoleOutputW
WritePrivateProfileStringW
Heap32ListFirst
GetTempPathA
GetShortPathNameW
WriteFile
OutputDebugStringA
CreateDirectoryW
ReadProcessMemory
GetLocaleInfoW
LockFileEx
GetCurrentThread
IsDebuggerPresent
GetVersionExA
GetLogicalDriveStringsA
GlobalHandle
HeapCompact
SuspendThread
GetPriorityClass
FindResourceExW
GetPrivateProfileSectionNamesW
UpdateResourceW
SetCriticalSectionSpinCount
FindResourceW
LocalFlags
GetVersion
WritePrivateProfileStructW
DeleteCriticalSection
DuplicateHandle
SetEnvironmentVariableW
GetProfileStringW
GetLastError
GetDateFormatW
Heap32ListNext
FindAtomA
GetProcessPriorityBoost
OpenSemaphoreA
Heap32Next
SetWaitableTimer
GlobalReAlloc
ResetEvent
GlobalFindAtomA
GetLogicalDrives
Thread32First
lstrcpyW
GlobalAddAtomW
SetThreadPriority
LoadResource
GetConsoleTitleA
SetConsoleOutputCP
FindFirstFileA
MulDiv
GetConsoleOutputCP
WriteProcessMemory
GetEnvironmentStrings
FreeLibraryAndExitThread
GetPrivateProfileStringW
FormatMessageW
GetThreadPriorityBoost
ReleaseMutex
lstrcmpW
LocalSize
TlsSetValue
FindResourceExA
FindNextChangeNotification
LocalLock
GlobalGetAtomNameA
SetConsoleTitleA
GetConsoleCursorInfo
FindFirstFileExA
GetCurrentDirectoryW
CreateNamedPipeA
WideCharToMultiByte
SetLocaleInfoA
GetProfileIntA
HeapLock
FormatMessageA
InitializeCriticalSection
FreeConsole
LocalUnlock
ReadConsoleOutputW
GetLocalTime
OpenProcess
ReadFile
WritePrivateProfileSectionW
WriteConsoleOutputAttribute
GetProcessAffinityMask
RtlMoveMemory
ReleaseSemaphore
PulseEvent
FindFirstFileW
EnumSystemLocalesW
GetPrivateProfileStructW
FlushFileBuffers
VirtualFree
FindCloseChangeNotification
GlobalGetAtomNameW
SetConsoleMode
GetFileAttributesExA
FindClose
CreateToolhelp32Snapshot
LocalFree
RtlFillMemory
BeginUpdateResourceW
GetSystemDirectoryW
CreateFileA
Thread32Next
GetThreadSelectorEntry
GetNumberOfConsoleMouseButtons
GetStdHandle
lstrlenW
DeleteFiber
WriteProfileStringA
CreatePipe
Process32Next
GetProcessShutdownParameters
ReadFileEx
GetThreadContext
FileTimeToSystemTime
WriteConsoleInputA
SetCurrentDirectoryW
GetEnvironmentStringsA
CommConfigDialogA
SetLocalTime
GetLongPathNameA
SetConsoleCtrlHandler
GlobalWire
SearchPathA
CopyFileA
GetHandleInformation
CreateProcessA
WritePrivateProfileStringA
ContinueDebugEvent
GetPrivateProfileSectionW
GetNamedPipeInfo
FoldStringW
WriteFileEx
EnterCriticalSection
DeleteFileW
SetCurrentDirectoryA
GetACP
IsValidCodePage
CreateWaitableTimerW
ConvertDefaultLocale
lstrcatA
EnumDateFormatsExW
ResetWriteWatch
GetWindowsDirectoryW
ConnectNamedPipe
InitAtomTable
PeekConsoleInputA
SetEndOfFile
InterlockedExchangeAdd
UpdateResourceA
GetNumberOfConsoleInputEvents
ReadConsoleOutputAttribute
Module32Next
TryEnterCriticalSection
SetEvent
EnumTimeFormatsW
GetModuleFileNameW
GetTempPathW
TlsGetValue
FileTimeToLocalFileTime
lstrcatW
GetStringTypeExA
AddAtomA
lstrcat
SetFileAttributesW
CreateMutexA
RtlZeroMemory
EnumCalendarInfoExW
WaitNamedPipeW
SetThreadContext
GlobalCompact
GetWindowsDirectoryA
ReadConsoleOutputA
GlobalFix
GetTimeFormatW
TransmitCommChar
TlsAlloc
FreeEnvironmentStringsA
SetConsoleScreenBufferSize
EnumResourceNamesA
SetConsoleCP
VirtualProtect
GlobalUnfix
GetPrivateProfileSectionA
AllocConsole
GetProcessHeap
GetCalendarInfoA
DebugBreak
SetVolumeLabelW
TlsFree
DisconnectNamedPipe
LocalHandle
lstrcmpiW
FlushViewOfFile
IsValidLocale
BeginUpdateResourceA
GetFileType
InterlockedCompareExchange
FreeEnvironmentStringsW
GetVersionExW
GetPrivateProfileStringA
OpenFileMappingA
SetLastError
OpenMutexA
MoveFileExW
InterlockedIncrement
ExpandEnvironmentStringsW
EnumResourceLanguagesA
SetFileAttributesA
GetProfileStringA
CreateThread
GetFullPathNameW
ReadDirectoryChangesW
WriteConsoleA
GetProcessHeaps
GetStartupInfoW
LocalFileTimeToFileTime
CreateEventW
CreateDirectoryExW
wininet
FtpFindFirstFileA
InternetGetConnectedState
InternetSetDialStateW
GopherOpenFileA
FreeUrlCacheSpaceA
LoadUrlCacheContent
GopherFindFirstFileA
GopherGetAttributeW
InternetDialW
InternetSetOptionExA
InternetCombineUrlA
InternetSecurityProtocolToStringA
InternetGetConnectedStateEx
FtpSetCurrentDirectoryA
SetUrlCacheConfigInfoA
CommitUrlCacheEntryW
DeleteUrlCacheEntry
SetUrlCacheGroupAttributeW
IsHostInProxyBypassList
FtpRemoveDirectoryW
IncrementUrlCacheHeaderData
FtpRenameFileA
FindCloseUrlCache
FindFirstUrlCacheEntryExA
HttpSendRequestA
InternetSetCookieW
InternetFindNextFileW
InternetGoOnlineW
HttpSendRequestExA
HttpQueryInfoA
InternetOpenUrlW
FindFirstUrlCacheContainerW
GetUrlCacheGroupAttributeW
InternetConfirmZoneCrossing
GopherFindFirstFileW
InternetGetConnectedStateExA
InternetShowSecurityInfoByURLW
FtpGetCurrentDirectoryW
FindNextUrlCacheEntryA
InternetTimeFromSystemTimeA
InternetAlgIdToStringA
InternetGetCertByURL
FtpDeleteFileA
InternetTimeFromSystemTimeW
IsUrlCacheEntryExpiredW
FindNextUrlCacheContainerW
FtpGetFileSize
InternetConfirmZoneCrossingA
ShowX509EncodedCertificate
InternetGetCookieA
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryStreamA
GetUrlCacheEntryInfoExA
FindNextUrlCacheEntryW
InternetTimeFromSystemTime
InternetShowSecurityInfoByURL
InternetSetDialStateA
SetUrlCacheEntryInfoA
DetectAutoProxyUrl
InternetGoOnlineA
SetUrlCacheGroupAttributeA
InternetConfirmZoneCrossingW
InternetSetCookieA
InternetWriteFileExW
InternetGetLastResponseInfoW
GetUrlCacheEntryInfoExW
HttpAddRequestHeadersW
InternetCreateUrlW
UnlockUrlCacheEntryStream
IsUrlCacheEntryExpiredA
HttpEndRequestA
GetUrlCacheHeaderData
InternetTimeToSystemTimeW
DeleteUrlCacheEntryW
ShowCertificate
GetUrlCacheEntryInfoW
FindNextUrlCacheGroup
UnlockUrlCacheEntryFileW
InternetFortezzaCommand
GopherCreateLocatorA
InternetCanonicalizeUrlW
ResumeSuspendedDownload
DeleteUrlCacheContainerA
InternetSetDialState
HttpSendRequestW
advapi32
RegEnumValueA
CryptSetProviderExW
RegSetValueA
RegLoadKeyW
GetUserNameW
InitiateSystemShutdownA
StartServiceA
CryptHashData
CryptSetHashParam
RegOpenKeyW
RegConnectRegistryW
CryptDuplicateHash
CryptHashSessionKey
CryptSignHashA
CryptGetDefaultProviderA
RegQueryValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegQueryInfoKeyW
CryptVerifySignatureW
RegSetValueExW
CryptSetProvParam
CryptEnumProviderTypesW
RegEnumKeyExA
RegEnumKeyA
RegCreateKeyW
CryptGetUserKey
RegQueryMultipleValuesW
CryptDestroyHash
ReportEventW
CryptCreateHash
CryptSetProviderExA
LookupSecurityDescriptorPartsA
CryptDeriveKey
RegOpenKeyExA
LookupSecurityDescriptorPartsW
CryptContextAddRef
CryptGenRandom
CreateServiceA
RevertToSelf
CryptEnumProvidersW
LogonUserA
RegLoadKeyA
RegSaveKeyW
LookupAccountSidA
CreateServiceW
CryptSignHashW
CryptSetKeyParam
CryptEncrypt
AbortSystemShutdownW
RegSetValueW
CryptGetDefaultProviderW
RegOpenKeyExW
CryptDecrypt
RegDeleteKeyA
RegCreateKeyExW
LookupPrivilegeDisplayNameW
InitiateSystemShutdownW
CryptGetProvParam
RegOpenKeyA
CryptGetHashParam
CryptDuplicateKey
RegSaveKeyA
InitializeSecurityDescriptor
CryptSetProviderA
RegRestoreKeyA
RegRestoreKeyW
LookupAccountNameA
RegSetValueExA
RegQueryMultipleValuesA
LookupAccountNameW
CryptGetKeyParam
RegConnectRegistryA
GetUserNameA
DuplicateToken
LookupPrivilegeValueA
gdi32
GetObjectW
GetCurrentPositionEx
AddFontResourceW
DrawEscape
SetLayout
EnumFontFamiliesW
EndPage
SelectClipRgn
GetClipBox
SetRectRgn
SetPixelFormat
GetTextExtentPointA
SetDIBColorTable
Rectangle
DeviceCapabilitiesExA
GetCharABCWidthsA
CreateBitmap
GetBitmapBits
GetSystemPaletteEntries
CreatePatternBrush
ExtFloodFill
GetLogColorSpaceW
AbortPath
CreateMetaFileA
DescribePixelFormat
EnumFontFamiliesA
UpdateICMRegKeyA
GetEnhMetaFileHeader
SetMapperFlags
CreateDIBitmap
CreateDCA
BeginPath
GetPath
GetMetaFileW
GetOutlineTextMetricsW
GetCharWidth32A
FillRgn
CreateEllipticRgn
SetROP2
GetICMProfileA
SetGraphicsMode
CreatePolyPolygonRgn
ExtTextOutA
Polygon
CreateColorSpaceA
SetMagicColors
CloseFigure
GetDeviceGammaRamp
InvertRgn
GetBkMode
Chord
GetTextExtentExPointW
GetCharWidthW
ColorMatchToTarget
GetKerningPairsW
GetRandomRgn
IntersectClipRect
SetPixelV
MoveToEx
GetTextColor
EnumMetaFile
CreateColorSpaceW
RemoveFontResourceW
GetWindowExtEx
CopyMetaFileW
GetRegionData
CreateScalableFontResourceA
GetPixel
CreatePen
RoundRect
GetEnhMetaFileDescriptionW
PatBlt
SetTextAlign
SetColorSpace
CreateHatchBrush
TextOutA
GetFontLanguageInfo
SaveDC
GetClipRgn
GetKerningPairs
CombineTransform
CreateRoundRectRgn
CreateRectRgn
DeleteEnhMetaFile
GetCharWidthFloatA
EnumFontFamiliesExA
GetMetaFileA
EnableEUDC
GetRgnBox
LPtoDP
CreateEnhMetaFileW
GetLogColorSpaceA
GetGlyphOutline
GdiPlayJournal
GetCharacterPlacementA
RectVisible
GetCharacterPlacementW
SetViewportOrgEx
GetTextAlign
GetMetaFileBitsEx
SetViewportExtEx
GetRasterizerCaps
CreateBitmapIndirect
ArcTo
GdiPlayDCScript
PolyBezierTo
BitBlt
ExcludeClipRect
GetColorAdjustment
SetColorAdjustment
SetPolyFillMode
SetTextColor
ChoosePixelFormat
OffsetWindowOrgEx
StrokeAndFillPath
SetBoundsRect
AddFontResourceA
CreateScalableFontResourceW
AnimatePalette
TranslateCharsetInfo
gdiPlaySpoolStream
StretchBlt
PlayMetaFile
SetSystemPaletteUse
StartDocA
GetOutlineTextMetricsA
GetAspectRatioFilterEx
GetTextExtentPoint32A
GetDIBColorTable
SetMetaFileBitsEx
GetNearestPaletteIndex
EnumICMProfilesA
CreateDIBPatternBrushPt
SetBitmapBits
GetDCOrgEx
StartPage
MaskBlt
EndPath
UpdateICMRegKeyW
StartDocW
GetTextCharacterExtra
CloseEnhMetaFile
GetStretchBltMode
DeleteObject
GetGlyphOutlineW
SetArcDirection
ModifyWorldTransform
GetMetaRgn
EqualRgn
GetBrushOrgEx
RectInRegion
SetMiterLimit
GetArcDirection
FrameRgn
SwapBuffers
UpdateColors
SetDIBitsToDevice
GetBkColor
ColorCorrectPalette
LineDDA
CopyEnhMetaFileA
ExtSelectClipRgn
SetICMProfileW
GetTextExtentExPointA
SetBrushOrgEx
ExtCreatePen
SetStretchBltMode
GetTextExtentPoint32W
PaintRgn
SelectPalette
SetDIBits
UnrealizeObject
EnumFontsW
GetViewportOrgEx
SetMetaRgn
PolyPolyline
FixBrushOrgEx
CreateDIBPatternBrush
GetTextMetricsW
ExtEscape
ScaleWindowExtEx
GetKerningPairsA
GetWindowOrgEx
GetEnhMetaFileW
GetCharABCWidthsFloatA
SetAbortProc
CreateFontIndirectW
CreateEnhMetaFileA
OffsetViewportOrgEx
SelectObject
AngleArc
GetCharABCWidthsFloatW
GetSystemPaletteUse
Pie
GetTextCharset
EndDoc
DPtoLP
PolyTextOutA
GetCharWidth32W
GetMiterLimit
SetPixel
CreateCompatibleBitmap
GdiGetBatchLimit
GetMapMode
CreateFontW
GetEnhMetaFileDescriptionA
ScaleViewportExtEx
SetEnhMetaFileBits
Escape
GetWorldTransform
GdiPlayScript
CreateRectRgnIndirect
GetICMProfileW
GetViewportExtEx
CreateCompatibleDC
GetBoundsRect
GetEnhMetaFileA
TextOutW
GetStockObject
RealizePalette
CreateFontIndirectA
CreateHalftonePalette
SetICMMode
StrokePath
PlayEnhMetaFile
CreateDiscardableBitmap
SetBitmapDimensionEx
CreateICA
GetCharABCWidthsW
GetObjectType
GetNearestColor
GetEnhMetaFileBits
GetTextMetricsA
SelectClipPath
SetWinMetaFileBits
GetEnhMetaFilePaletteEntries
SetPaletteEntries
GetBitmapDimensionEx
FlattenPath
EnumFontFamiliesExW
GetGraphicsMode
EnumEnhMetaFile
CopyEnhMetaFileW
SetBkMode
GetWinMetaFileBits
StretchDIBits
GetCharWidthA
GetTextExtentPointW
PtInRegion
PolyTextOutW
AbortDoc
GetROP2
Polyline
CopyMetaFileA
PolyDraw
SetTextJustification
SetWindowExtEx
CreateICW
GetTextFaceW
OffsetRgn
CreatePolygonRgn
GetTextCharsetInfo
CreateMetaFileW
PolyBezier
CloseMetaFile
CreateFontA
CheckColorsInGamut
CreateDIBSection
GetColorSpace
DeleteColorSpace
GetCharWidthFloatW
CombineRgn
SetFontEnumeration
GetLayout
WidenPath
GetPolyFillMode
ResetDCW
GdiFlush
ResizePalette
CreateSolidBrush
SetBkColor
CreatePenIndirect
SetTextCharacterExtra
LineTo
SetICMProfileA
PolyPolygon
DeviceCapabilitiesExW
GetPixelFormat
EnumFontsA
ExtCreateRegion
DeleteDC
GetTextFaceA
EnumObjects
PolylineTo
PlayMetaFileRecord
SetDeviceGammaRamp
Ellipse
FillPath
GetCurrentObject
EnumICMProfilesW
PlayEnhMetaFileRecord
GetGlyphOutlineA
Arc
GetPaletteEntries
GdiSetBatchLimit
GetObjectA
SetMapMode
GetDeviceCaps
Sections
.text Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 294KB - Virtual size: 294KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE