c:\reason\view\174_climb\Surface_Between\follow.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ae97252af977c7e64b2eeca6140e129e.dll
Resource
win7-20240221-en
General
-
Target
ae97252af977c7e64b2eeca6140e129e
-
Size
543KB
-
MD5
ae97252af977c7e64b2eeca6140e129e
-
SHA1
269f90889d519741b79e52ea427fbc37e6a01868
-
SHA256
9314c01984c89151f6d4624acad638fe054b3036fcc5115271cb598954c20070
-
SHA512
07fb03be2fbb630d17b832550b774d1f416db84b7dfe05c552ee79a752892b567f49989a1f2dd4b3e6f12cffd55ab312ae76511e841fb22c9e31eba109e8a1c5
-
SSDEEP
12288:KaME5j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Kafz3E4INX03ycxc4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ae97252af977c7e64b2eeca6140e129e
Files
-
ae97252af977c7e64b2eeca6140e129e.dll windows:6 windows x86 arch:x86
49c4814f9659cba3f787457752949e56
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetDateFormatW
LoadResource
CreateProcessW
QueryPerformanceCounter
GetModuleHandleW
OpenProcess
GetSystemDirectoryW
SizeofResource
GetVersionExW
CreateFileW
GetCurrentDirectoryW
VirtualProtect
GetWindowsDirectoryW
GetSystemTime
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
GetModuleFileNameW
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
user32
DefWindowProcA
GetSysColorBrush
CreatePopupMenu
EndDialog
ReleaseDC
GetWindowLongW
CreateDialogIndirectParamW
OffsetRect
LoadIconW
GetForegroundWindow
CloseClipboard
GetMessageW
DialogBoxIndirectParamW
CallNextHookEx
WindowFromPoint
GetClientRect
EnumWindows
GetClassInfoExA
GetWindowRect
ole32
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoRegisterSurrogate
CoUninitialize
dbghelp
UnmapDebugInformation
SymRegisterFunctionEntryCallback
SymUnDName64
SymLoadModule
SymMatchFileName
SymRegisterCallback64
SymRegisterCallback
SymRegisterFunctionEntryCallback64
SymSetOptions
EnumerateLoadedModules64
SymInitialize
SymLoadModule64
SymMatchString
SymUnDName
UnDecorateSymbolName
SymSetContext
SymSetSearchPath
SymUnloadModule
SymUnloadModule64
imagehlp
TouchFileTimes
BindImageEx
CheckSumMappedFile
UnMapAndLoad
BindImage
UpdateDebugInfoFile
UpdateDebugInfoFileEx
loadperf
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
Exports
Exports
Broughtcaught
Racehot
Strange
Sections
.text Size: 231KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 295KB - Virtual size: 294KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 620KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ