C:\User\Release\max.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a3e56bd926b686267d164d3ded675759.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3e56bd926b686267d164d3ded675759.exe
Resource
win10v2004-20240221-en
General
-
Target
a3e56bd926b686267d164d3ded675759
-
Size
604KB
-
MD5
a3e56bd926b686267d164d3ded675759
-
SHA1
392a8deedfe6f6a7ac3e874b99ea531dabe473c6
-
SHA256
c5d36d877e2a3cbc480e8840176cff740f0f07ed7a01230e9dc5f6612a9d121f
-
SHA512
7b7f79601782123cadf9a0d22a122e022a25f40e317b6fa96446e5cedab400fa1ac1eabdad58019214ecbaf62d88938e23fcbdd1d677e5a5ac21f4f8b211452f
-
SSDEEP
12288:Y1qHWUYzw0jASg7Ddki7tWZoLoSMMkmm3fngcnuy97HGeGtETjk:YAHWUY9zsV7Q+LHQTgGjGLMk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a3e56bd926b686267d164d3ded675759
Files
-
a3e56bd926b686267d164d3ded675759.exe windows:4 windows x86 arch:x86
a7d782c571616d3c9a8deb5984c8e97e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleTitleA
GetConsoleCP
InitializeCriticalSection
GetConsoleMode
FlushFileBuffers
GetCurrentProcessId
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetTickCount
WaitForSingleObject
OpenFileMappingA
lstrcpyA
CreateEventA
MultiByteToWideChar
SetConsoleTitleA
VirtualAlloc
MapViewOfFile
ExitThread
GetModuleHandleA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
QueryPerformanceCounter
LoadLibraryW
WideCharToMultiByte
OutputDebugStringW
GetFileType
GetLastError
RtlUnwind
WriteConsoleW
OutputDebugStringA
WriteFile
InterlockedDecrement
GlobalMemoryStatusEx
Sleep
LoadLibraryA
CreateThread
GetStdHandle
DebugBreak
RaiseException
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
HeapValidate
IsBadReadPtr
GetSystemTimeAsFileTime
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
InterlockedIncrement
GetProcAddress
ExitProcess
GetACP
GetOEMCP
GetCPInfo
user32
SetFocus
GetCursorPos
CreateWindowExA
LoadBitmapA
SetWindowLongA
DefWindowProcA
BeginPaint
GetWindowTextLengthA
DrawFocusRect
OffsetRect
GetWindowTextA
SetCursor
LoadMenuA
SendMessageA
LoadCursorA
GetFocus
FindWindowA
GetDlgItem
IsWindowEnabled
EndPaint
GetDC
FillRect
PtInRect
DestroyWindow
ReleaseDC
SetWindowTextA
DrawIcon
wsprintfA
gdi32
CreateBitmap
DeleteObject
SetStretchBltMode
SetBrushOrgEx
EnumFontsA
TextOutA
CreateSolidBrush
CreatePatternBrush
GetObjectA
SetBkMode
PatBlt
CombineRgn
SelectObject
StartPage
advapi32
AddAce
RegQueryValueExA
AddAccessDeniedObjectAce
shell32
ShellExecuteA
ole32
ReadFmtUserTypeStg
CoInitialize
CoCreateInstance
opengl32
glLoadIdentity
glMatrixMode
glViewport
glOrtho
glu32
gluLookAt
psapi
GetWsChanges
InitializeProcessForWsWatch
avicap32
capCreateCaptureWindowA
avifil32
AVIFileRelease
AVIStreamGetFrameClose
msacm32
acmDriverClose
shlwapi
StrToIntExA
PathUnquoteSpacesA
gdiplus
GdiplusStartup
uxtheme
IsThemeActive
ntdsapi
DsWriteAccountSpnA
Sections
.text Size: 184KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 352KB - Virtual size: 349KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ