d:\build\ob\bora-20219665\bora-vmsoft\build\release\apps\upgrader\Upgrader.pdb
Static task
static1
Behavioral task
behavioral1
Sample
fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff.exe
Resource
win10v2004-20240412-en
General
-
Target
fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff
-
Size
1.3MB
-
MD5
7082ee1c75b9b5869d922c367dc40b6b
-
SHA1
b561d0cccfa33ae4220abcf7d3b2e9b605238cc8
-
SHA256
fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff
-
SHA512
9f8b9fc6cc121f69de7ba5a79d88daa01b8cd53de853fcf409425863ee41e8e1e847e49964c28d691a67e413d6a82cd96b2c6a317901fe969eb829c31ae6de24
-
SSDEEP
24576:QO9tudPECGWJtAoviAmJm9KZL6ywoEHTduSZpUR0GHrVQ1aW4mSOgv3isi:QukCCztAovaSKN6yfE5pAHrVQ1/fSNvi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff
Files
-
fa8187903f056c0dadeeb77e077a614aa751c1a32e09e362e594e7067432eaff.exe windows:6 windows x86 arch:x86
09da872af91ef862013272742083c93a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
AddAccessAllowedAce
AddAce
CopySid
DeleteAce
EqualSid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
InitiateSystemShutdownW
OpenThreadToken
AccessCheck
DuplicateToken
GetNamedSecurityInfoW
GetFileSecurityW
ImpersonateSelf
MapGenericMask
RevertToSelf
RegOpenKeyExA
RegCreateKeyExW
GetSecurityInfo
GetUserNameW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
AddAccessAllowedAceEx
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetSecurityDescriptorOwner
GetExplicitEntriesFromAclW
RegQueryValueExA
RegSetValueExA
user32
KillTimer
MessageBoxA
MessageBoxW
CloseDesktop
SetTimer
OpenDesktopW
PeekMessageA
LoadStringW
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
LoadStringA
PostQuitMessage
GetDesktopWindow
ExitWindowsEx
ole32
CoCreateInstance
CoUninitialize
CoInitialize
CoQueryProxyBlanket
CoTaskMemFree
CoSetProxyBlanket
oleaut32
SysAllocString
SysFreeString
VariantInit
VariantClear
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
shell32
SHGetFolderPathW
wtsapi32
WTSEnumerateSessionsA
WTSFreeMemory
kernel32
BackupWrite
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
ReadConsoleW
HeapReAlloc
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
ExitProcess
GetStdHandle
GetTimeZoneInformation
PeekNamedPipe
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
FreeLibraryAndExitThread
CreateThread
TlsFree
RtlUnwind
GetStartupInfoW
InitializeSListHead
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
GetSystemFirmwareTable
ExitThread
InitializeCriticalSection
IsDebuggerPresent
GetACP
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GetOverlappedResult
GetFileAttributesW
WriteConsoleW
WideCharToMultiByte
GetModuleHandleExW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProductInfo
GetNativeSystemInfo
VerSetConditionMask
SetEnvironmentVariableW
OutputDebugStringA
CloseHandle
GetLastError
SetEvent
WaitForMultipleObjectsEx
CreateEventA
Sleep
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
SetDllDirectoryW
VerifyVersionInfoW
SetConsoleCtrlHandler
GetCommandLineW
DuplicateHandle
SetLastError
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
LoadLibraryW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount64
CreateFileW
RaiseException
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
IsBadReadPtr
GetCurrentThread
FlushFileBuffers
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileType
GetVolumeInformationW
RemoveDirectoryW
LocalFree
MoveFileExW
GetFileInformationByHandle
GetDriveTypeW
GetProcessTimes
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FormatMessageW
GetCurrentDirectoryW
CreateFileA
GetVersionExA
LoadLibraryExW
GetFileSizeEx
CopyFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetTickCount
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetFullPathNameW
SetFileAttributesW
GetModuleFileNameW
GetFileAttributesA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetDiskFreeSpaceW
GetLogicalDriveStringsW
GetTempPathW
GetComputerNameExW
Sections
.text Size: 494KB - Virtual size: 494KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 177KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 51KB - Virtual size: 574KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 592KB - Virtual size: 596KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE