Static task
static1
Behavioral task
behavioral1
Sample
c0e8eca4cf24a2c8c20296a926a9ce40.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
c0e8eca4cf24a2c8c20296a926a9ce40.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
c0e8eca4cf24a2c8c20296a926a9ce40
-
Size
217KB
-
MD5
c0e8eca4cf24a2c8c20296a926a9ce40
-
SHA1
d1c64f2048430efb2583515c9a0960c03d48abf7
-
SHA256
295ff23739dfee8562eb1828534be8b0c37917264ed169dfd7768adcc9b166a1
-
SHA512
e7bbe4a8eff65f4f8dda104b58fa808189c341a7f3ddc323975cd33053e9f5c3886ad89d5ed4f455bcb7b79795a4c54630ba483abaff7eeaeb30a748355fe759
-
SSDEEP
3072:9qhS4fasKvq4NPHE5AcmxeuMe8yzsdM1FBws/mSPpr3SLSKdnAoaEwaErA9U9A2T:9qh6HvQJeqO5wukmKdnAoWQU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c0e8eca4cf24a2c8c20296a926a9ce40
Files
-
c0e8eca4cf24a2c8c20296a926a9ce40.exe windows:5 windows x86 arch:x86
010a0d5e13cdd34d1c3bdaf232457100
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetBinaryType
GetComputerNameExA
GetConsoleAliasExesLengthA
GetConsoleCP
GetConsoleFontSize
GetDriveTypeA
GetExitCodeProcess
GetExitCodeThread
GetFullPathNameW
GetProcessVersion
GetProfileSectionA
GetProfileSectionW
GetStringTypeExA
GetSystemTime
GetTempPathA
GetThreadTimes
GetUserDefaultLCID
GetVolumeInformationA
GetWriteWatch
GlobalAddAtomA
GlobalFlags
GlobalReAlloc
HeapFree
HeapReAlloc
InterlockedCompareExchange
IsValidLocale
LoadLibraryExA
MapUserPhysicalPages
FreeEnvironmentStringsW
Process32First
QueryPerformanceFrequency
ReadConsoleInputW
ReadConsoleOutputW
ReadConsoleW
ReadFile
ResumeThread
RtlMoveMemory
RtlZeroMemory
ScrollConsoleScreenBufferW
SetCalendarInfoW
SetComputerNameW
SetConsoleActiveScreenBuffer
SetLocaleInfoW
SetSystemPowerState
SetTapeParameters
SetTapePosition
SetUnhandledExceptionFilter
SwitchToFiber
SwitchToThread
UnhandledExceptionFilter
UnlockFile
UpdateResourceW
VirtualQuery
WriteConsoleOutputAttribute
WriteProcessMemory
WriteProfileStringA
lstrcpyn
FindNextVolumeA
FillConsoleOutputAttribute
FatalAppExitW
EnumCalendarInfoExW
EndUpdateResourceA
DisconnectNamedPipe
DeleteFiber
CreateWaitableTimerA
CreateToolhelp32Snapshot
CreateIoCompletionPort
CreateFileMappingW
CopyFileExW
CloseHandle
GetLocalTime
LoadLibraryW
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
lstrcatA
CreateFileA
PostQueuedCompletionStatus
VirtualAlloc
user32
ShowOwnedPopups
ShowWindow
SubtractRect
SwapMouseButton
SwitchToThisWindow
SystemParametersInfoW
TabbedTextOutA
ToUnicode
TrackPopupMenuEx
TranslateMDISysAccel
UnhookWinEvent
UpdateWindow
ValidateRect
ValidateRgn
VkKeyScanExA
VkKeyScanExW
VkKeyScanW
WINNLSGetIMEHotkey
WinHelpA
WinHelpW
WindowFromDC
WindowFromPoint
keybd_event
mouse_event
wsprintfW
wvsprintfA
SetWindowsHookExW
SetWindowsHookExA
SetWindowWord
SetWindowTextA
SetWindowLongA
SetWindowContextHelpId
SetWinEventHook
SetScrollPos
SetScrollInfo
SetPropA
SetProcessWindowStation
SetMessageExtraInfo
SetMenuItemInfoW
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenuContextHelpId
SetDlgItemTextW
SetDeskWallpaper
SetDebugErrorLevel
SetClipboardData
SendNotifyMessageW
ActivateKeyboardLayout
SendMessageW
SendMessageCallbackA
SendIMEMessageExW
ScrollWindowEx
ScreenToClient
RemovePropW
RemovePropA
RemoveMenu
ReleaseDC
RegisterHotKey
RegisterDeviceNotificationW
RegisterClassExA
RealGetWindowClassW
RealGetWindowClassA
RealChildWindowFromPoint
PtInRect
PostQuitMessage
AllowSetForegroundWindow
PackDDElParam
OpenWindowStationW
OpenDesktopW
MsgWaitForMultipleObjectsEx
MoveWindow
ModifyMenuW
MessageBoxExW
MessageBoxExA
MessageBoxA
MapVirtualKeyW
MapVirtualKeyExA
MapDialogRect
LookupIconIdFromDirectoryEx
LoadStringW
LoadMenuW
LoadMenuIndirectW
LoadMenuIndirectA
LoadMenuA
LoadKeyboardLayoutW
LoadImageA
LoadCursorFromFileW
LoadAcceleratorsA
IsZoomed
IsWindowUnicode
IsWindowEnabled
IsRectEmpty
IsHungAppWindow
IsCharUpperA
IsCharAlphaA
InvertRect
InvalidateRgn
InvalidateRect
IntersectRect
InSendMessageEx
IMPSetIMEW
IMPSetIMEA
IMPQueryIMEW
IMPQueryIMEA
IMPGetIMEW
HideCaret
GrayStringA
GetWindowTextW
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowModuleFileName
GetWindowContextHelpId
GetWindow
GetUpdateRect
GetSysColorBrush
GetSysColor
GetQueueStatus
GetPropA
GetProcessWindowStation
GetProcessDefaultLayout
GetParent
GetOpenClipboardWindow
GetMouseMovePointsEx
GetMessageTime
GetMessagePos
GetMenuItemInfoW
GetMenuInfo
GetMenu
GetListBoxInfo
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetKeyboardLayout
GetKeyState
GetKBCodePage
GetInputDesktop
GetGUIThreadInfo
GetFocus
GetDlgItemTextA
GetDlgItem
GetClipboardSequenceNumber
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardData
GetClassInfoW
GetClassInfoExW
GetCapture
GetAltTabInfoA
GetAltTabInfo
FreeDDElParam
FrameRect
FindWindowW
FindWindowExW
FindWindowA
EqualRect
EnumWindows
EnumWindowStationsW
EnumDisplaySettingsA
EnumDisplayDevicesW
EndTask
EndDialog
EnableWindow
DrawTextExA
DrawStateW
DrawFocusRect
DrawAnimatedRects
DlgDirSelectExW
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListW
DlgDirListComboBoxA
DlgDirListA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DialogBoxIndirectParamW
DestroyMenu
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DdeQueryNextServer
DdeInitializeW
DdeInitializeA
DdeImpersonateClient
DdeEnableCallback
DdeDisconnectList
DdeCreateStringHandleA
DdeCmpStringHandles
DdeClientTransaction
DdeAbandonTransaction
CreateWindowStationA
CreateMenu
CreateMDIWindowA
CreateIconIndirect
CreateIcon
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateCursor
CreateCaret
CopyImage
CopyIcon
CloseWindowStation
CloseWindow
CloseDesktop
CloseClipboard
ChildWindowFromPointEx
CheckMenuRadioItem
CheckDlgButton
CharUpperW
CharUpperBuffW
CharUpperBuffA
CharToOemBuffW
CharPrevW
CharPrevExA
CharPrevA
CharNextW
CharNextExA
CharNextA
ChangeDisplaySettingsExA
CascadeChildWindows
BringWindowToTop
BlockInput
BeginDeferWindowPos
AttachThreadInput
ArrangeIconicWindows
AppendMenuA
AnyPopup
AnimateWindow
SendDlgItemMessageA
comdlg32
ChooseColorA
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ole32
WriteOleStg
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserFree
UtGetDvtd32Info
StringFromCLSID
StgSetTimes
StgPropertyLengthAsVariant
StgOpenStorageOnILockBytes
StgOpenStorage
StgOpenAsyncDocfileOnIFillLockBytes
StgIsStorageILockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
StgCreatePropStg
StgCreatePropSetStg
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserMarshal
STGMEDIUM_UserFree
SNB_UserUnmarshal
SNB_UserMarshal
SNB_UserFree
ReleaseStgMedium
RegisterDragDrop
ReadFmtUserTypeStg
ReadClassStg
PropVariantCopy
PropVariantClear
PropStgNameToFmtId
ProgIDFromCLSID
OpenOrCreateStream
OleTranslateAccelerator
OleSetMenuDescriptor
OleSetClipboard
OleSetAutoConvert
OleSaveToStream
OleSave
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumFormatEtc
OleQueryCreateFromData
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLoadFromStream
OleLoad
OleIsCurrentClipboard
OleInitializeWOW
OleInitialize
OleGetIconOfClass
OleGetClipboard
OleGetAutoConvert
OleFlushClipboard
OleDraw
OleDoAutoConvert
OleCreateStaticFromData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkToFile
OleCreateLinkFromData
OleCreateFromFileEx
OleCreateFromFile
OleCreateFromData
OleCreateEx
OleCreateEmbeddingHelper
OleCreate
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleBuildVersion
MonikerCommonPrefixWith
IsEqualGUID
IsAccelerator
IIDFromString
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserFree
HPALETTE_UserUnmarshal
HPALETTE_UserSize
HPALETTE_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HMENU_UserSize
HMENU_UserMarshal
HMENU_UserFree
HICON_UserUnmarshal
HICON_UserSize
HICON_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserSize
HDC_UserFree
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserMarshal
GetRunningObjectTable
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetClassFile
FreePropVariantArray
FmtIdToPropStgName
EnableHookObject
DoDragDrop
DllGetClassObjectWOW
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateStdProgressIndicator
CreateObjrefMoniker
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateClassMoniker
CreateBindCtx
CoWaitForMultipleHandles
CoUnloadingWOW
CoUninitialize
CoTreatAsClass
CoTestCancel
CoTaskMemRealloc
CoTaskMemAlloc
CoSwitchCallContext
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoResumeClassObjects
CoReleaseServerProcess
CoRegisterSurrogateEx
CoRegisterPSClsid
CoRegisterMallocSpy
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalInterface
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoInstall
CoInitializeSecurity
CoInitialize
CoImpersonateClient
CoGetTreatAsClass
CoGetPSClsid
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCancelObject
CoGetCallerTID
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoFileTimeNow
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateGuid
CoAllowSetForegroundWindow
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
CoGetCurrentLogicalThreadId
oleaut32
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLi
RegisterActiveObject
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetElement
SafeArrayGetIID
SafeArrayGetRecordInfo
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArraySetIID
SafeArrayUnaccessData
SafeArrayUnlock
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
UnRegisterTypeLi
VARIANT_UserFree
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAdd
VarAnd
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromUI1
VarBoolFromUI2
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
OleLoadPictureEx
VarBstrFromDisp
VarBstrFromI1
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmpR8
VarCyFix
VarCyFromDate
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyInt
VarCyRound
VarCySu
VarDateFromBool
VarDateFromCy
VarDateFromI1
VarDateFromI4
VarDateFromR4
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecCmp
VarDecCmpR8
VarDecFix
VarDecFromDate
VarDecFromDisp
VarDecFromI2
VarDecFromR4
VarDecFromStr
VarDecFromUI2
VarDecInt
VarDecMul
VarDecNeg
VarDecSu
VarDiv
VarFormat
VarFormatPercent
VarI1FromCy
VarI1FromDate
VarI1FromDisp
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI2FromDate
VarI2FromDec
VarI2FromI1
VarI2FromI4
VarI2FromR8
VarI2FromUI1
VarI2FromUI4
VarI4FromBool
VarI4FromDate
VarI4FromR8
VarI4FromUI1
VarIdiv
VarInt
VarMod
VarMonthName
VarNumFromParseNum
VarParseNumFromStr
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDisp
VarR4FromI1
VarR4FromStr
VarR4FromUI1
VarR4FromUI4
VarR8FromDate
VarR8FromDec
VarR8FromI1
VarR8FromI2
VarR8FromStr
VarR8FromUI1
VarR8FromUI4
VarR8Pow
VarR8Round
VarSu
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromR4
VarUI1FromR8
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI4
VarUI2FromR4
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR8
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarXor
VariantChangeType
VariantClear
GetRecordInfoFromGuids
VariantCopyInd
VectorFromBstr
OleLoadPicture
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
OleCreatePictureIndirect
OleCreateFontIndirect
OaBuildVersion
LoadTypeLibEx
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_Unmarshal
LHashValOfNameSysA
GetRecordInfoFromTypeInfo
BSTR_UserUnmarshal
ClearCustData
CreateErrorInfo
CreateTypeLib2
DispGetIDsOfNames
DispGetParam
DispInvoke
VarBstrFromDec
msvcrt
memcpy
Sections
.text Size: 183KB - Virtual size: 182KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data5 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data4 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data3 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data2 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ