C:\Users\user\Desktop\build_25_05\build\bin\WoodyHeavyNode.pdb
Behavioral task
behavioral1
Sample
3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3.exe
Resource
win10v2004-20240226-en
General
-
Target
3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3
-
Size
368KB
-
MD5
286e1f6ea7cdab61c07c834d108b2c0f
-
SHA1
733236582ec9dcb77f4c5cc9e8c7e1ba343e4a6a
-
SHA256
3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3
-
SHA512
255ea9360be3782cf5b2e9aa03e35b4ea047f24132c22ed07c24391be333f73073228d5f374f350615d5b733a011c15c6415142f27d630d817fa8dcaa9282136
-
SSDEEP
6144:6IgYdlZkoZCMXhkjTMuVAtGxxsBw1djcAaYDxvL5yAhhplpWZrZAOKbaP:5flZkoZCRTOtkxskjcAaoh7wEaP
Malware Config
Signatures
-
Detects WoodyRat payload 1 IoCs
resource yara_rule sample family_woodyrat -
Woodyrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3
Files
-
3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3.exe windows:6 windows x86 arch:x86
20ba63c98f1b3437c8189d70ff69d0fc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
bcrypt
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptEncrypt
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
ws2_32
inet_ntop
iphlpapi
ConvertLengthToIpv4Mask
GetAdaptersAddresses
winhttp
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpOpen
netapi32
NetApiBufferFree
NetUserEnum
gdiplus
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
kernel32
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
IsValidLocale
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetErrorMode
WaitForMultipleObjects
CreateThread
GetEnvironmentVariableA
LocalAlloc
Sleep
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
CloseHandle
ResetEvent
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
ReadFile
CreatePipe
ExitThread
CreateProcessW
GetUserDefaultLCID
GetFileSizeEx
FindNextFileW
CreateFileW
GetFileAttributesW
GetLastError
FileTimeToSystemTime
GlobalAlloc
GlobalFree
GetFileTime
VirtualFree
WriteFile
VirtualAlloc
SetFilePointer
DeleteFileW
GetFileSize
MoveFileW
GetCurrentThreadId
GlobalSize
GlobalLock
GlobalUnlock
VerSetConditionMask
VerifyVersionInfoW
FlushFileBuffers
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
EnumSystemLocalesW
FindClose
WriteConsoleW
FindFirstFileW
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
HeapSize
GetConsoleOutputCP
GetConsoleMode
GetCurrentDirectoryA
RaiseException
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
user32
GetDesktopWindow
OpenInputDesktop
ReleaseDC
OpenWindowStationA
CloseDesktop
GetThreadDesktop
SetThreadDesktop
GetSystemMetrics
CloseWindowStation
GetProcessWindowStation
SetProcessWindowStation
GetDC
gdi32
SelectObject
CreateCompatibleDC
StretchBlt
DeleteObject
CreateCompatibleBitmap
advapi32
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityInfo
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
LookupAccountSidW
GetUserNameW
RegQueryValueExW
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
ConvertStringSidToSidW
shell32
ord680
ole32
CreateStreamOnHGlobal
GetHGlobalFromStream
Sections
.text Size: 273KB - Virtual size: 272KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ