E:\FlowCloud\trunk\Dev\src\fcClient\Release\install.pdb
Static task
static1
Behavioral task
behavioral1
Sample
04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89.exe
Resource
win10v2004-20240226-en
General
-
Target
04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89
-
Size
4.2MB
-
MD5
40a41c2cccbaa3101a5391156112489a
-
SHA1
c96558312fbf5847351b0b6f724d7b3a31ccaf03
-
SHA256
04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89
-
SHA512
0761b788abb3bb42ff1e94c7d6adc98f124d6be6a8482b2b2041001c5ec5730e06f139cf638c404974fdfa8adc3508e0878cb102f11a5696bc7d3a3c0e292d48
-
SSDEEP
98304:I1RuhaW3D9RoUHc8eEdobPgGj/122xrDjm+ZMrEDNN:cOJD/odN6oTb7122pDi+ZMAv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89
Files
-
04f120488b87d307437033845175138abb44795624819911195f71cf5132ed89.exe windows:5 windows x86 arch:x86
c4e45199e0fb064c9ae9d40735f21f23
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
WriteFile
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
Sleep
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
SetThreadPriority
GetLastError
SetLastError
GetProcAddress
Process32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
GetShortPathNameW
WinExec
CloseHandle
GetWindowsDirectoryW
lstrcpyW
SetFileAttributesW
ExpandEnvironmentStringsW
lstrcmpiA
LoadLibraryA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
VirtualFree
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
GetDriveTypeW
GetModuleHandleA
CreateProcessA
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
FlushInstructionCache
GetCurrentThreadId
SuspendThread
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
SetFileTime
GetCurrentThread
GetModuleHandleW
GetLogicalDrives
SetEvent
CreateDirectoryW
GetCurrentProcess
SetErrorMode
SetPriorityClass
CreateMutexW
GetFileSize
GetEnvironmentVariableW
ExitProcess
DeleteFileW
GetVersionExA
OutputDebugStringA
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
DeleteFileA
FormatMessageW
LoadLibraryW
FormatMessageA
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
SystemTimeToFileTime
GetFullPathNameA
GetFullPathNameW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetFileAttributesA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetExitCodeProcess
WaitForSingleObject
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
CompareStringA
user32
MessageBoxA
MessageBoxW
wsprintfW
advapi32
RegCreateKeyExA
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CreateServiceA
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegOpenKeyExA
shell32
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHChangeNotify
ole32
CoInitialize
CoUninitialize
CoCreateInstance
shlwapi
PathAppendW
SHDeleteKeyW
PathFileExistsW
SHDeleteValueW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
dbghelp
MakeSureDirectoryPathExists
wsock32
ntohl
htonl
Sections
.text Size: 794KB - Virtual size: 793KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ