??0Ctestdll2@@QAE@XZ
??4Ctestdll2@@QAEAAV0@ABV0@@Z
?fntestdll2@@YAHXZ
?ntestdll2@@3HA
xmlFree
xmlFreeDoc
xmlNodeGetContent
xmlReadFile
xmlStrcmp
xmlXPathEvalExpression
xmlXPathFreeContext
xmlXPathFreeObject
xmlXPathNewContext
Overview
overview
10Static
static
3virus/300050311.bat
windows7-x64
10virus/300050311.bat
windows10-2004-x64
10virus/bat_...ce.msi
windows7-x64
6virus/bat_...ce.msi
windows10-2004-x64
6virus/bat_...e1.exe
windows7-x64
1virus/bat_...e1.exe
windows10-2004-x64
1virus/bat_...e5.exe
windows7-x64
1virus/bat_...e5.exe
windows10-2004-x64
1virus/bat_...e6.exe
windows7-x64
1virus/bat_...e6.exe
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
virus/300050311.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
virus/300050311.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
virus/bat_download/abce.msi
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
virus/bat_download/abce.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
virus/bat_download/abce1.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
virus/bat_download/abce1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
virus/bat_download/abce5.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
virus/bat_download/abce5.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
virus/bat_download/abce6.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
virus/bat_download/abce6.exe
Resource
win10v2004-20240226-en
Target
virus.rar
Size
4.9MB
MD5
f6f0afeda7c9d9ea6f18c6d9d9113dd5
SHA1
7649d194c77d83946eb90db140d96a7b2afd9628
SHA256
55d5e431f4b05b0c24bdf058c1497cae580cd5c8c238a2c84c8cd890afc09995
SHA512
8c516a2633ab85ed1e8daae6a3733fac073a969337b848f84bf7b417b36df15a3734dcefaabe0b683897452bf12f36dd4d4d45164639b3d0cf220281c95e094f
SSDEEP
98304:z0gkzHmR6l7D3TNmC8dVj1kaBwpCF/8+OOZ+4rdUSj1kaBwpCF/8+OOZ+4rdU8/D:zeHmR656j86LOGZrdUSj86LOGZrdUi5V
Checks for missing Authenticode signature.
resource |
---|
unpack001/virus/bat_download/abce1.exe |
unpack001/virus/bat_download/abce5.exe |
unpack001/virus/bat_download/abce6.exe |
unpack001/virus/exe_download/libxml2.dll |
unpack001/virus/exe_download/libxml2.dll2 |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
CompareFileTime
VirtualAlloc
GetTickCount
Sleep
SystemTimeToFileTime
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
GetProcAddress
GetModuleHandleA
HeapAlloc
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetEnvironmentVariableA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
FtpOpenFileA
InternetOpenA
FtpGetFileSize
InternetConnectA
InternetCloseHandle
InternetReadFile
PathFileExistsA
closesocket
ntohl
sendto
htonl
setsockopt
htons
gethostbyname
socket
WSACleanup
WSAStartup
recvfrom
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
CompareFileTime
VirtualAlloc
GetTickCount
Sleep
SystemTimeToFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
InternetConnectA
InternetOpenA
InternetCloseHandle
FtpOpenFileA
InternetReadFile
FtpGetFileSize
PathFileExistsA
htonl
ntohl
setsockopt
htons
gethostbyname
socket
WSACleanup
WSAStartup
recvfrom
closesocket
sendto
__p__fmode
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_localtime64
??2@YAPAXI@Z
memcpy
_amsg_exit
__getmainargs
_cexit
?terminate@@YAXXZ
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_exit
_encode_pointer
__set_app_type
_crt_debugger_hook
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
CompareFileTime
VirtualAlloc
GetTickCount
Sleep
SystemTimeToFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
InternetConnectA
InternetOpenA
InternetCloseHandle
FtpOpenFileA
InternetReadFile
FtpGetFileSize
PathFileExistsA
htonl
ntohl
setsockopt
htons
gethostbyname
socket
WSACleanup
WSAStartup
recvfrom
closesocket
sendto
__p__fmode
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_localtime64
??2@YAPAXI@Z
memcpy
_amsg_exit
__getmainargs
_cexit
?terminate@@YAXXZ
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_exit
_encode_pointer
__set_app_type
_crt_debugger_hook
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
TerminateProcess
GetCommandLineW
Sleep
GetShortPathNameW
MultiByteToWideChar
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
ExitProcess
GetCurrentProcessId
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
lstrlenW
GetCurrentProcess
GetLastError
GetModuleFileNameW
CloseHandle
GetProcAddress
FindResourceExW
GetModuleHandleW
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ShowWindow
GetWindow
FindWindowW
GetWindowThreadProcessId
wsprintfW
MessageBoxW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ord680
??0Ctestdll2@@QAE@XZ
??4Ctestdll2@@QAEAAV0@ABV0@@Z
?fntestdll2@@YAHXZ
?ntestdll2@@3HA
xmlFree
xmlFreeDoc
xmlNodeGetContent
xmlReadFile
xmlStrcmp
xmlXPathEvalExpression
xmlXPathFreeContext
xmlXPathFreeObject
xmlXPathNewContext
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CloseHandle
CreateProcessW
CreateFileW
LoadLibraryA
DisableThreadLibraryCalls
GetModuleFileNameW
GetLastError
GetCurrentProcess
lstrlenW
TerminateProcess
GetCommandLineW
Sleep
GetFileSize
MultiByteToWideChar
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
WriteProcessMemory
ReadProcessMemory
SetThreadContext
GetThreadContext
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
VirtualFree
GetModuleHandleW
VirtualAlloc
GetProcAddress
GetShortPathNameW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
IsDebuggerPresent
ShowWindow
GetWindow
FindWindowW
GetWindowThreadProcessId
wsprintfW
MessageBoxW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ord680
wcsnlen
memcpy_s
malloc
realloc
wcsstr
free
memset
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
??3@YAXPAX@Z
wcsrchr
memmove
??0Ctestdll2@@QAE@XZ
??4Ctestdll2@@QAEAAV0@ABV0@@Z
?fntestdll2@@YAHXZ
?ntestdll2@@3HA
xmlFree
xmlFreeDoc
xmlNodeGetContent
xmlReadFile
xmlStrcmp
xmlXPathEvalExpression
xmlXPathFreeContext
xmlXPathFreeObject
xmlXPathNewContext
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ