AGM.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b97b421446e1cd5556788fd18acd73ccc30026a1bcfebc391d7108b86494556e.dll
Resource
win7-20231129-en
windows7-x64
7 signatures
150 seconds
General
-
Target
b97b421446e1cd5556788fd18acd73ccc30026a1bcfebc391d7108b86494556e
-
Size
5.2MB
-
MD5
a4ceb2edd51bc893a6a3eda82abd4979
-
SHA1
8ad648d36ec2ed51548496cb26106344bd217f13
-
SHA256
b97b421446e1cd5556788fd18acd73ccc30026a1bcfebc391d7108b86494556e
-
SHA512
e17a02b6544466c4aa1b1983418657f3d189539dd8956498af0f59cfa2dc92661b59ca3f207bd877225b7208b40cb3c437763d4e9896dcae756d197c478d09f2
-
SSDEEP
98304:ETJW/PQCIHX1sxoB515izW0bWSC6jEIcBGv/gvhiWaOuBuYgvRQFGVUlG5BcQ:kJW/IZixe15i6mWSC6jEPt0eUQvcQ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b97b421446e1cd5556788fd18acd73ccc30026a1bcfebc391d7108b86494556e
Files
-
b97b421446e1cd5556788fd18acd73ccc30026a1bcfebc391d7108b86494556e.dll windows:5 windows x86 arch:x86
ed9417f828509ceeb598b073b33566f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
IsProcessorFeaturePresent
ResumeThread
QueryPerformanceCounter
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
LocalAlloc
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetCurrentThreadId
GetWindowsDirectoryA
GetCurrentDirectoryA
GetFileSize
ReadFile
SetCurrentDirectoryA
GlobalSize
GetProfileStringW
GetSystemDefaultLCID
GetLocaleInfoA
GetACP
CreateFileA
GetFileTime
FreeLibrary
LoadLibraryA
FindFirstFileA
FindNextFileA
FindClose
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
GetUserDefaultLangID
GetDateFormatW
GetTimeFormatW
GetThreadLocale
GetDateFormatA
GetTimeFormatA
WaitForSingleObject
GetSystemTimeAsFileTime
SetEvent
ReleaseSemaphore
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetCurrentProcess
DuplicateHandle
CreateSemaphoreA
CreateEventA
Sleep
GetSystemInfo
GetVersionExA
GetThreadPriority
SetThreadPriority
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetEnvironmentVariableW
lstrcmpW
GlobalHandle
GetTempFileNameW
GetTempPathW
DeleteFileW
WideCharToMultiByte
GlobalAlloc
lstrlenW
GlobalFree
MultiByteToWideChar
LoadLibraryW
GetLocalTime
GetLastError
GlobalUnlock
GlobalLock
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
SwitchToThread
LeaveCriticalSection
IsDebuggerPresent
EnterCriticalSection
user32
GetClientRect
CharNextW
SetActiveWindow
GetActiveWindow
UnregisterClassA
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
SetWindowPos
CreateWindowExA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
ScrollWindowEx
WindowFromDC
GetWindowRect
GetDC
ReleaseDC
gdi32
SetMiterLimit
ExtCreatePen
GetCurrentObject
Escape
PolyDraw
SelectClipPath
IntersectClipRect
GetClipBox
Rectangle
FillPath
CreatePatternBrush
SetBrushOrgEx
SetROP2
BeginPath
EndPath
MoveToEx
PolyBezierTo
PolylineTo
CloseFigure
LineTo
GetStockObject
SetGraphicsMode
GetGraphicsMode
GetWorldTransform
ModifyWorldTransform
StrokePath
SetWorldTransform
SetPolyFillMode
StretchBlt
CreatePalette
CreateBrushIndirect
PatBlt
SelectPalette
SetDIBits
CreateDIBSection
BitBlt
GetDIBColorTable
SelectClipRgn
OffsetRgn
CombineRgn
GetRgnBox
CreateRectRgn
SaveDC
ExtSelectClipRgn
SetStretchBltMode
StretchDIBits
RestoreDC
GetDeviceCaps
CreateCompatibleBitmap
GetObjectA
DeleteObject
CreatePolyPolygonRgn
GetViewportOrgEx
CreateCompatibleDC
SelectObject
DeleteDC
AbortDoc
ExtEscape
CreateDCW
ResetDCW
CreateICW
CreateBitmap
EndDoc
EndPage
StartDocW
StartPage
RealizePalette
advapi32
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
ole32
CreateStreamOnHGlobal
msvcr100
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_beginthreadex
_CIatan
calloc
__iob_func
fprintf
tolower
memchr
wcsstr
strtol
getc
freopen
isdigit
feof
fputs
setbuf
remove
rename
fopen
strncmp
strchr
atoi
sscanf
modf
_hypot
_CIfmod
vsprintf
wcsncpy
strncpy
ldexp
_CIatan2
_CIlog
_CIpow
_CIcos
_CIsin
qsort
_gmtime64
??0exception@std@@QAE@ABQBDH@Z
sprintf_s
strcpy_s
_vsnwprintf
wcschr
ferror
clearerr
_wcsnicmp
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z
fgets
wcscpy_s
strstr
_wfopen_s
fseek
ftell
rewind
fread
fsetpos
_fseeki64
fgetpos
fwrite
fgetc
memcpy_s
ungetc
setvbuf
fflush
_unlock_file
_lock_file
ungetwc
fputwc
fgetwc
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
realloc
_time64
_localtime64
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
free
malloc
memset
fclose
_control87
memcpy
_CIsqrt
memmove
floor
ceil
_CIlog10
exit
_purecall
__RTDynamicCast
_CxxThrowException
__CxxFrameHandler3
_ltoa_s
strtok_s
_stricmp
??1exception@std@@UAE@XZ
_wcsicmp
msvcp100
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?width@ios_base@std@@QAE_J_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?max@?$numeric_limits@M@std@@SAMXZ
??0id@locale@std@@QAE@I@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?min@?$numeric_limits@_J@std@@SA_JXZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@K@std@@SAKXZ
?max@?$numeric_limits@K@std@@SAKXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_BADOFF@std@@3_JB
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Xout_of_range@std@@YAXPBD@Z
?max@?$numeric_limits@N@std@@SANXZ
?_Xlength_error@std@@YAXPBD@Z
?epsilon@?$numeric_limits@M@std@@SAMXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
Exports
Exports
AGMGetVersion
AGMInitialize
AGMTerminate
Sections
.text Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 126KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 852KB - Virtual size: 856KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ