Static task
static1
General
-
Target
Syn.exe
-
Size
5.1MB
-
MD5
2df3c5a64d1e0d6641471e0ffb2af4e4
-
SHA1
978fca311a4de545478492764a54427cd6c07e1f
-
SHA256
2b33f4dadc278cde278f631ac7f7b8c9e02669a83158bb3557709e75e3cd65d2
-
SHA512
ca8071554bce8316e5f4e8283fe3fb586b962acba326465c67f7eaefbb07097fcdfd2d3577513594391650cf5666094311506a455015288fb14cdcbae57c9a8f
-
SSDEEP
98304:Wn2NW2AQaaogedGdRe9cquLBo1T5dO/Z87spT311LpH:a0AxLBAzqao1T4y7spT311LpH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Syn.exe
Files
-
Syn.exe.exe windows:6 windows x64 arch:x64
8b6379043b028d7a8729361c4d5a7c4e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
AddAccessAllowedAce
ConvertSidToStringSidA
CopySid
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
OpenProcessToken
RegCreateKeyW
SetSecurityInfo
kernel32
AcquireSRWLockExclusive
AreFileApisANSI
Beep
CloseHandle
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateThread
DecodePointer
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MoveFileExA
MultiByteToWideChar
OutputDebugStringW
PeekNamedPipe
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
user32
GetAsyncKeyState
GetCursorInfo
MessageBoxA
UnregisterClassA
msvcp140
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1ios_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fail@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exception@std@@YA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Thrd_yield
_Xtime_get_ticks
shell32
ShellExecuteA
shlwapi
PathFindFileNameW
userenv
UnloadUserProfile
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
psapi
GetModuleInformation
ws2_32
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
crypt32
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore
wldap32
ord301
ord45
ord22
ord32
ord26
ord30
ord35
ord143
ord200
ord41
ord33
ord27
ord50
ord211
ord60
ord217
ord46
ord79
normaliz
IdnToAscii
IdnToUnicode
bcrypt
BCryptGenRandom
vcruntime140
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
localeconv
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_fileno
_fseeki64
_get_stream_buffer_pointers
_lseeki64
_open
_pclose
_popen
_read
_set_fmode
_write
fclose
feof
fflush
fgetc
fgetpos
fgets
fopen
fputc
fputs
fread
fseek
fsetpos
ftell
fwrite
setvbuf
ungetc
api-ms-win-crt-runtime-l1-1-0
__p___argc
__p___argv
__sys_errlist
__sys_nerr
_beginthreadex
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_resetstkoflw
_seh_filter_exe
_set_app_type
_wassert
exit
system
terminate
api-ms-win-crt-filesystem-l1-1-0
_access
_fstat64
_lock_file
_stat64
_unlink
_unlock_file
api-ms-win-crt-math-l1-1-0
__setusermatherr
_dsign
_dtest
_fdopen
asinf
atan2f
sqrtf
api-ms-win-crt-time-l1-1-0
_gmtime64
_localtime64
_localtime64_s
_time64
strftime
api-ms-win-crt-heap-l1-1-0
_callnewh
_recalloc
_set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-string-l1-1-0
_strdup
strcmp
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
wcscpy_s
wcslen
api-ms-win-crt-convert-l1-1-0
atoi
strtod
strtol
strtoll
strtoul
strtoull
wcstombs
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
rand
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 197KB - Virtual size: 197KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 54KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.voltbl Size: 512B - Virtual size: 28B
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ