C:\bld_area\InstallToolBox_r11.8_120\VS11XP\Bin\Win32\Release\MiniStub.pdb
Static task
static1
Behavioral task
behavioral1
Sample
55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3.exe
Resource
win10v2004-20240419-en
General
-
Target
55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3.exe
-
Size
2.1MB
-
MD5
70aa54d297aa60bb3644b8473670eba0
-
SHA1
6637145780c85d2de23f71390d1d73b49d4d371d
-
SHA256
55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3
-
SHA512
ca7c85cf31bfdce01ad035f3665d22f329f42018e88cea2546d69e3c478c981a9f0d8be03f2627454c822b3c9fd58cd84bcbd14e654ac4d3eba6f59527ca450d
-
SSDEEP
49152:5R2G/IOhGZuRPR2RGiT5qz7nlkbXS2ethAUNOovvyt:iuGZuvPiEVkVQhpOht
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3.exe
Files
-
55dcf4931e22917f49fba2dd0f3f923a3135b1d94a1cd026ca875be2a9263cc3.exe.exe windows:5 windows x86 arch:x86
6b356d2950e39e695a0e59f99af7cd7e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Imports
secur32
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
kernel32
IsProcessorFeaturePresent
CreateDirectoryW
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLangID
GetCommandLineW
MoveFileW
GlobalFree
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
FreeLibrary
InterlockedExchange
LoadLibraryExW
FindNextFileW
FindFirstFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CreateProcessW
FindClose
GetLocalTime
Sleep
DeleteFileW
GetCurrentProcess
DuplicateHandle
SetPriorityClass
GetPriorityClass
GetProcAddress
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LocalFree
GetTempPathW
GetFileAttributesW
WideCharToMultiByte
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ProcessIdToSessionId
FormatMessageW
lstrlenW
LocalAlloc
ExpandEnvironmentStringsW
OpenProcess
GetExitCodeProcess
WaitForSingleObject
WTSGetActiveConsoleSessionId
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CloseHandle
GetTickCount
MultiByteToWideChar
GetLastError
SetStdHandle
ReadConsoleW
GetFileType
GetOEMCP
WriteConsoleW
FormatMessageA
QueryDosDeviceW
SetFilePointer
ReadFile
GetFileSize
SetLastError
GetCurrentThreadId
SetErrorMode
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
RaiseException
LeaveCriticalSection
lstrcmpiW
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
LoadLibraryExA
GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetVersionExW
GetSystemInfo
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
EncodePointer
DecodePointer
GetStringTypeW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentThread
VerSetConditionMask
VerifyVersionInfoW
GetProcessTimes
CreateFileW
FlushFileBuffers
SetEndOfFile
WriteFile
lstrcpyW
LoadLibraryW
GetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
CreateThread
SetThreadPriority
GetThreadPriority
ExitThread
TerminateThread
SuspendThread
ResumeThread
OpenEventW
PulseEvent
WaitForMultipleObjectsEx
OutputDebugStringW
OpenSemaphoreW
ReadProcessMemory
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
lstrlenA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
EnumUILanguagesW
TerminateProcess
GetThreadContext
SetUnhandledExceptionFilter
VirtualQuery
lstrcmpA
lstrcmpW
GetSystemTimeAsFileTime
VirtualProtect
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
advapi32
QueryServiceStatusEx
OpenThreadToken
RegEnumValueW
RegQueryValueExW
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorDacl
LookupPrivilegeNameW
MapGenericMask
DuplicateToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
LsaNtStatusToWinError
StartServiceW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
TraceMessage
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
GetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
EqualSid
ole32
CoInitializeEx
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CLSIDFromString
GetHGlobalFromStream
CoUninitialize
PropVariantClear
IIDFromString
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
StringFromIID
oleaut32
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayCreate
SafeArrayRedim
SafeArrayLock
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
VarUI4FromStr
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
VariantCopyInd
VariantInit
VariantClear
SysAllocStringLen
SafeArrayPtrOfIndex
shlwapi
SHDeleteEmptyKeyW
PathIsDirectoryW
PathFileExistsW
PathAddBackslashW
UrlCanonicalizeW
PathRemoveFileSpecW
PathQuoteSpacesW
PathIsUNCServerW
SHDeleteKeyW
PathIsUNCW
PathSkipRootW
PathFindFileNameW
PathAppendW
comctl32
InitCommonControlsEx
psapi
GetModuleFileNameExW
crypt32
CertGetEnhancedKeyUsage
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CertNameToStrW
CryptMsgClose
CertFreeCertificateContext
CryptMsgGetParam
CertGetNameStringW
wintrust
CryptCATAdminReleaseContext
WintrustGetRegPolicyFlags
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
Sections
.text Size: 758KB - Virtual size: 760KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 291KB - Virtual size: 292KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ