Static task
static1
Behavioral task
behavioral1
Sample
07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9
-
Size
288KB
-
MD5
8e167de56d47f5baae2d0953de844f6a
-
SHA1
36cc62497f8bfb83db1d3dd40d69f38a0a650f0c
-
SHA256
07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9
-
SHA512
bf273399c91e655ccb1712a5230bd81194a347a619e00c91b5e93d375e31c7884151b1f5a19f65d61da3c5675316fcf9dbf43495871ee197796fae0238c31c57
-
SSDEEP
6144:wCrJ05Oj7ecbu3euRZn+ggY8xERqo+LyWT+H4q4smVMlh7iadVm+GJrkGT1nnaBD:JOojicu5h7iadVm7JQGT5aBx0Np/2/5T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9
Files
-
07f6b84f874cc7a1c1369a54a4b75731059a095519a6ad99e8c33e8925a41bd9.exe windows:4 windows x86 arch:x86
303369d38e0548447fcff37a550ccfd4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
nrkdllu
?SetTextColor@NewColorEdit@@QAEXK@Z
??0NewColorEdit@@QAE@XZ
??1NewColorEdit@@UAE@XZ
??0ModelessDialogHelper@@QAE@AAVModelessDialogTracker@@AAVCDialog@@@Z
??1ModelessDialogHelper@@UAE@XZ
?DeleteAll@ObArrayHelper@@SAXAAVCObArray@@@Z
?SetLanguageTestMode@NRKLanguageSupport@@QAEX_N@Z
?ChangeLanguage@NRKLanguageSupport@@QAE_NXZ
?GetResult@SABrowseTree@@QAEHPAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@PAI0@Z
?NRKLang@@3VNRKLanguageSupport@@A
?Translate@NRKLanguageSupport@@QAEXPAVCDialog@@H@Z
??0NRKProgress@@QAE@PBGH@Z
?Update@NRKProgress@@QAEHH@Z
?SetPickInfo@SABrowseTree@@QAEXABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@0@Z
?InitializeNoRefresh@SABrowseTree@@QAEXXZ
?SetBroadcastFilters@SABrowseTree@@QAEXGG@Z
?Refresh@SABrowseTree@@QAEXXZ
??1NRKProgress@@UAE@XZ
??0SABrowseTree@@QAE@XZ
??1SABrowseTree@@UAE@XZ
?ClearReturnFilterSet@SABrowseTree@@QAEXXZ
?AddItemToReturnFilterSet@SABrowseTree@@QAEXGG@Z
?SetBkColor@NewColorEdit@@QAEXK@Z
?SaveSettings@SAInstBase@@UAEXXZ
?LoadSettings@SAInstBase@@UAEXXZ
?RefreshAll@SABrowseTree@@QAEXXZ
?ActivateInstQuickSock@SAInstBase@@UAEHXZ
?DoInitInstanceStuff@SAInstBase@@UAEHXZ
?CheckSpeechSettings@SAInstBase@@UAEXXZ
?StatusMsg@SAInstBase@@UAEXPBGH@Z
?OnHeartbeatStopped@SAInstBase@@UAEXXZ
?OnSAIPOpCheck@SAInstBase@@UAEXAAVSAIPOpCheck@@@Z
?OnMPResult@SAInstBase@@UAEXAAVMPResult@@@Z
?OnSAIPSetMeasMode@SAInstBase@@UAEXAAVSAIPSetMeasMode@@@Z
?OnSAIPContainerList@SAInstBase@@UAEXAAVSAIPContainerList@@@Z
?OnSAIPInstBaseAndWorking@SAInstBase@@UAEXAAVSAIPInstBaseAndWorking@@@Z
?OnNonStandardPacket@SAInstBase@@UAEXAAVCObject@@@Z
?OnSAIPWeatherWrap@SAInstBase@@UAEXAAVSAIPWeatherWrap@@@Z
?OnSAIPTemperature@SAInstBase@@UAEXAAVSAIPTemperature@@@Z
?OnSAIPMeasureSinglePointThere@SAInstBase@@UAEXAAVSAIPMeasureSinglePointThere@@@Z
?OnSAIPMeasureSinglePointHere@SAInstBase@@UAEXAAVSAIPMeasureSinglePointHere@@@Z
?OnSAIPHitMeasureButton@SAInstBase@@UAEXAAVSAIPHitMeasureButton@@@Z
?OnSAIPBeamRecovery@SAInstBase@@UAEXAAVSAIPBeamRecovery@@@Z
?OnSAIPMeasureCompositeCore@SAInstBase@@UAEXAAVSAIPMeasureCompositeCore@@@Z
?OnSAIPAlignmentProjector@SAInstBase@@UAEXAAVSAIPAlignmentProjector@@@Z
?OnSAPPMachineCommand@SAInstBase@@UAEXAAVSAPPMachineCommand@@@Z
?OnSAIPCloudViewControl@SAInstBase@@UAEXAAVSAIPCloudViewControl@@@Z
?OnSAIPMeasGroup@SAInstBase@@UAEXAAVSAIPMeasGroup@@@Z
?OnSAIPRequestPoint@SAInstBase@@UAEXAAVSAIPRequestPoint@@@Z
?OnSAIPScanPerimeter@SAInstBase@@UAEXAAVSAIPScanPerimeter@@@Z
??1CBrowseableDevice@@UAE@XZ
??0CBrowseableDevice@@QAE@XZ
?OnSAIPGeom@SAInstBase@@UAEXAAVSAIPGeom@@@Z
?OnSAIPMeasRequest@SAInstBase@@UAEXAAVSAIPMeasRequest@@@Z
?OnSAIPWindowState@SAInstBase@@UAEXAAVSAIPWindowState@@@Z
?OnSAIPWindowPos@SAInstBase@@UAEXAAVSAIPWindowPos@@@Z
?OnSAIPDMSMeasure@SAInstBase@@UAEXAAVSAIPDMSMeasure@@@Z
?OnSAIPInstConfigurationControl@SAInstBase@@UAEXAAVSAIPInstConfigurationControl@@@Z
?OpCheck@SAInstBase@@UAEHAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?SetMeasurementMode@SAInstBase@@UAEHAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@PAV23@@Z
?OnInstToWorkingChanged@SAInstBase@@UAEXXZ
?DisconnectFromHardware@SAInstBase@@UAEHXZ
?ConnectToHardware@SAInstBase@@UAEHXZ
?PopLogonDialog@SAInstBase@@UAEHXZ
?Serialize@SAInstBase@@UAEXAAVCArchive@@@Z
?GetDlg@ModelessDialogTracker@@QBEPAVCDialog@@XZ
?IsPopped@ModelessDialogTracker@@QBEHXZ
??1ModelessDialogTracker@@UAE@XZ
??0ModelessDialogTracker@@QAE@XZ
?PreModelessWithFont@DlgFontCode@@SAXAAVCDialog@@IHPBGPAUHINSTANCE__@@@Z
?IsAlreadyPopped@ModelessDialogTracker@@QBEHXZ
?GetSAIB@SAIBWinApp@@UAEPAVSAInstBase@@XZ
??0SAIBWinApp@@QAE@XZ
??1SAIBWinApp@@UAE@XZ
?SaveMissingIfNeeded@NRKLanguageSupport@@QAEHXZ
?PreModalWithFont@DlgFontCode@@SAXAAVCDialog@@IHPBGPAUHINSTANCE__@@@Z
?LoadLanguage@NRKLanguageSupport@@QAE_NXZ
?SetIcon@PictureButton@@QAEXI@Z
?Delay@@YAXNH@Z
?IncrementName@StringHelper@@SAHAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@H@Z
??1PictureButton@@UAE@XZ
??0PictureButton@@QAE@XZ
??1TimerWrapper@@UAE@XZ
??1SAInstBase@@UAE@XZ
?SetTimer@TimerWrapper@@QAEHII@Z
?SignalInterfaceReady@SAInstBase@@QAEXXZ
?ConnectToSA@SAInstBase@@QAEHXZ
?DisconnectFromSA@SAInstBase@@QAEHXZ
??0TimerWrapper@@QAE@XZ
?KillTimer@TimerWrapper@@QAEXI@Z
??0SAInstBase@@QAE@XZ
?GetThisClass@SAInstBase@@SGPAUCRuntimeClass@@XZ
?GetStringBetween@StringHelper@@SAHABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@00AAV23@H@Z
??0Vector@@QAE@XZ
??1Vector@@UAE@XZ
?GetLastErrorString@StringHelper@@SAHAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?ProcessWaitingMessages@@YAXPAUHWND__@@@Z
?Serialize@SAIPMeasDataTheo@@UAEXAAVCArchive@@@Z
?GetRuntimeClass@SAIPMeasDataTheo@@UBEPAUCRuntimeClass@@XZ
?Serialize@SAIPMeasDataEDMTheo@@UAEXAAVCArchive@@@Z
?GetRuntimeClass@SAIPMeasDataEDMTheo@@UBEPAUCRuntimeClass@@XZ
??0SAIPMeasDataTheo@@QAE@XZ
??0SAIPMeasDataEDMTheo@@QAE@XZ
??1SAIPMeasDataEDMTheo@@UAE@XZ
??1SAIPMeasDataTheo@@UAE@XZ
??1SAIPMeasurement@@UAE@XZ
??0SAIPMeasurement@@QAE@XZ
?Logon@SAInstBase@@UAEHXZ
?ProcessReceivedPacket@CBrowseableDevice@@MAEXAAVCBTPacket@@V?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@I@Z
winmm
PlaySoundW
mfc71u
ord3842
ord897
ord5091
ord5342
ord5711
ord281
ord5705
ord899
ord896
ord909
ord860
ord4100
ord6111
ord282
ord1479
ord385
ord3082
ord5083
ord4026
ord3869
ord3873
ord1058
ord1172
ord2895
ord5524
ord900
ord5096
ord1007
ord2009
ord4320
ord5712
ord280
ord3990
ord4101
ord2261
ord5558
ord2926
ord290
ord1536
ord3927
ord283
ord1582
ord5803
ord774
ord6063
ord1118
ord287
ord2311
ord1782
ord1883
ord293
ord776
ord577
ord1542
ord1590
ord1646
ord1647
ord2397
ord2409
ord2386
ord2390
ord2392
ord6166
ord1198
ord764
ord3635
ord6232
ord1922
ord1474
ord4092
ord2080
ord1538
ord5911
ord1611
ord1608
ord3940
ord1393
ord4228
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord2985
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3165
ord572
ord591
ord5178
ord4206
ord4884
ord2011
ord1662
ord1661
ord5908
ord1392
ord4238
ord5199
ord4256
ord3176
ord605
ord356
ord1785
ord4574
ord4729
ord3289
ord530
ord722
ord1176
ord5710
ord6086
ord6061
ord762
ord4347
ord2155
ord1894
ord2086
ord4234
ord3311
ord741
ord1545
ord3189
ord620
ord1784
ord1864
ord1876
ord1772
ord1871
ord3435
ord5672
ord3248
ord443
ord676
ord5709
ord745
ord557
ord6115
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord657
ord5965
ord1637
ord1579
ord3306
ord736
ord1866
ord2077
ord4226
ord3158
ord587
ord1771
ord1875
ord1781
ord1638
ord1580
ord3309
ord739
ord354
ord1079
ord6002
ord4535
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord1117
ord1182
ord1178
ord3946
ord6282
ord1202
ord6004
ord5714
ord6000
ord2297
ord2250
ord2365
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord658
ord4743
ord709
ord501
ord2364
ord5440
ord2151
ord1555
ord584
ord1430
ord1425
ord317
ord629
ord384
ord761
ord1523
ord573
ord651
ord416
ord5438
ord630
ord2012
ord3050
ord5316
ord1154
ord760
ord3678
ord5998
ord5707
ord3249
ord1443
ord744
ord556
ord5442
ord588
ord328
ord777
ord1472
ord870
ord5231
ord5229
ord2384
ord2394
msvcr71
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
__security_error_handler
_controlfp
__CxxFrameHandler
sprintf
swscanf
_wtof
_wtoi
malloc
free
acos
memset
_exit
_except_handler3
_c_exit
_itoa
kernel32
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
SetupComm
SetCommTimeouts
CreateThread
WaitCommEvent
WriteFile
ClearCommError
ReadFile
OutputDebugStringW
GetOverlappedResult
GetTickCount
SetCommMask
EscapeCommFunction
PurgeComm
GetCommState
BuildCommDCBW
SetCommState
CreateEventW
CloseHandle
lstrlenA
MultiByteToWideChar
lstrcpyW
GetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
user32
MessageBoxW
DispatchMessageW
PeekMessageW
TranslateMessage
wsprintfW
ShowScrollBar
PostQuitMessage
PostMessageW
IsWindow
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
LoadBitmapW
MessageBeep
IsWindowVisible
GetWindowLongW
SetWindowLongW
DefWindowProcW
SetWindowPos
GetWindowRect
SendMessageW
EnableWindow
comctl32
ImageList_ReplaceIcon
ws2_32
WSAStartup
og902asu
ord3597
ord3599
ord3598
ord8350
ord8349
ord8348
ord2508
ord8346
ord3776
ord2509
ord8343
ord3827
ord8341
ord8363
ord2507
ord8493
ord8490
ord8489
ord8492
ord8488
ord8487
ord3823
ord3822
ord8484
ord8494
ord8485
ord8461
ord3775
ord8335
ord8334
ord8483
ord8482
ord2504
ord3818
ord2503
ord3816
ord2501
ord3772
ord3593
ord2522
ord8476
ord8475
ord2363
ord2500
ord2359
ord2358
ord8469
ord8467
ord3774
ord8465
ord8464
ord8356
ord8462
ord8468
ord2360
ord2355
ord3770
ord3769
ord8322
ord3592
ord2498
ord3587
ord2362
ord2512
ord2515
ord2516
ord2361
ord2536
ord2514
ord2513
ord3798
ord3766
ord3779
ord3802
ord3606
ord3803
ord2357
ord2331
ord2476
ord2497
ord3788
ord8331
?ctrlCGXEditControl@CGXEditControl@@2UCGXControlClass@@A
ord8326
ord8366
ord8359
ord8339
ord3792
ord8347
ord3596
ord8340
ord8337
ord8481
ord3594
ord3820
ord3773
ord8067
ord8058
ord8066
ord3817
ord8527
ord3771
ord3768
ord3589
ord3585
ord3750
?ctrlCGXHotSpotEdit@CGXHotSpotEdit@@2UCGXControlClass@@A
ord3765
ord4227
?ctrlCGXPushbutton@CGXPushbutton@@2UCGXControlClass@@A
ord8460
ord8357
?ctrlCGXStatic@CGXStatic@@2UCGXControlClass@@A
ord2496
ord11421
ord11521
ord11423
ord1294
ord11290
ord8352
ord7521
ord8355
ord8354
ord8353
ord8351
ord8499
ord8502
ord8496
ord8345
ord8344
ord8342
ord8491
ord8486
ord8319
ord8528
ord8479
ord8478
ord8336
ord8480
ord7523
ord7509
ord8333
ord7524
ord8332
ord8473
ord8466
ord8325
ord7520
ord8324
ord8323
ord8321
ord8320
ord8318
ord8314
ord7499
ord8059
ord8060
ord8526
ord8049
ord3994
ord4261
ord4260
ord4259
ord4258
ord4257
ord4256
ord4255
ord4254
ord4253
ord3993
ord3992
ord4250
ord4249
ord4245
ord4244
ord4243
ord4247
ord4242
ord4241
ord4246
ord4011
ord4010
ord3991
ord4271
ord4007
ord4238
ord4237
ord4236
ord4270
ord4235
ord4234
ord4212
ord3576
ord3556
ord3555
ord3554
ord3575
ord3553
ord3529
ord21487
ord6714
ord6282
ord6281
ord6280
ord6279
ord6277
ord6278
ord6276
ord6275
ord6332
ord6823
ord6898
ord6897
ord6895
ord6896
ord6817
ord6821
ord6893
ord6892
ord6891
ord6894
ord6890
ord6873
ord6889
ord6883
ord6882
ord6886
ord6881
ord6880
ord6885
ord6879
ord6878
ord6884
ord6820
ord6876
ord6888
ord6875
ord6874
ord6818
ord7195
ord7196
ord7117
ord7200
ord6185
ord6189
ord6552
ord6557
ord6588
ord6424
ord6559
ord6417
ord6584
ord6333
ord6026
ord6027
ord6025
ord6561
ord6560
ord6551
ord6550
ord6577
ord6576
ord6366
ord6368
ord6365
ord6367
ord6362
ord6364
ord6361
ord6363
ord6074
ord6068
ord6065
ord6060
ord6075
ord6066
ord6061
ord6570
ord6569
ord6568
ord6566
ord6567
ord6565
ord6564
ord5998
ord5989
ord5992
ord5994
ord5993
ord5991
ord5990
ord5995
ord5996
ord5997
ord5987
ord5988
ord6073
ord6038
ord6036
ord6039
ord6037
ord6069
ord6072
ord6071
ord6055
ord7292
ord6056
ord6054
ord6059
ord6076
ord6067
ord6052
ord6058
ord6057
ord6051
ord6089
ord6062
ord6079
ord6078
ord6077
ord7271
ord6316
ord6320
ord6319
ord6318
ord6284
ord6819
ord6274
ord6273
ord6271
ord6270
ord6269
ord6283
ord6312
ord6268
ord6267
ord6266
ord6265
ord6264
ord6263
ord6262
ord6261
ord6260
ord6259
ord6257
ord6329
ord6258
ord6326
ord6327
ord6328
ord6330
ord6317
ord6324
ord6323
ord7007
ord7006
ord7005
ord7004
ord7012
ord7011
ord7010
ord7009
ord7013
ord7002
ord7052
ord7053
ord7048
ord5964
ord5963
ord5962
ord5961
ord5960
ord5972
ord5966
ord5965
ord5974
ord5973
ord5971
ord5970
ord5969
ord5968
ord5967
ord6759
ord6754
ord6761
ord6758
ord6757
ord6755
ord6435
ord6085
ord6015
ord6014
ord6005
ord6022
ord6024
ord6023
ord6021
ord6020
ord7072
ord7071
ord7070
ord7069
ord7062
ord7061
ord7093
ord7063
ord7060
ord7059
ord7057
ord7056
ord7064
ord7055
ord7054
ord7088
ord7058
ord7091
ord7092
ord6816
ord6869
ord6868
ord6870
ord6815
ord6707
ord7213
ord6616
ord7198
ord6615
ord7197
ord6614
ord7118
ord7116
ord7115
ord7114
ord7113
ord7112
ord7111
ord7110
ord7109
ord7107
ord7108
ord7106
ord7105
ord7194
ord7193
ord7120
ord7119
ord7204
ord7205
ord7183
ord7184
ord7178
ord7177
ord6035
ord6032
ord6029
ord6028
ord6034
ord6031
ord6033
ord6030
ord7180
ord7179
ord7182
ord7181
ord7096
ord7095
ord7176
ord7175
ord6359
ord6358
ord6356
ord6355
ord6353
ord6352
ord6360
ord6357
ord6354
ord6351
ord6408
ord6407
ord6610
ord6609
ord5985
ord5986
ord5984
ord5983
ord5982
ord5981
ord5980
ord5979
ord5978
ord5977
ord5976
ord5975
ord6405
ord6406
ord6389
ord6388
ord6341
ord6340
Sections
.text Size: 104KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 112KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ