Static task
static1
Behavioral task
behavioral1
Sample
cf77d12ce5a7177ce9066fe7fe03b03c6a9510ff9e59ab4f93353ff5f6a51fbc.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
cf77d12ce5a7177ce9066fe7fe03b03c6a9510ff9e59ab4f93353ff5f6a51fbc.exe
Resource
win10v2004-20240508-en
General
-
Target
cf77d12ce5a7177ce9066fe7fe03b03c6a9510ff9e59ab4f93353ff5f6a51fbc
-
Size
53KB
-
MD5
91f370bc31d432a685c33f06ed3db03e
-
SHA1
8139bfc12e2ce75ae98559b27a747590d46555ab
-
SHA256
cf77d12ce5a7177ce9066fe7fe03b03c6a9510ff9e59ab4f93353ff5f6a51fbc
-
SHA512
7719586006b5a63334d38e72b218a704a16c72b12d6b45e4fd5908ff62885a7e8fc2bef4412b57d3a09995ae63cb564ce38af1ec25faa01a58a9a138b3d779e4
-
SSDEEP
768:YLdec+g8uMANPvNpVX1LKgNcVsyqoYO9hkDDteBNbusMypCZN:mdets1PjL9cVsyqjohkHtejqsMyp+
Malware Config
Signatures
Files
-
cf77d12ce5a7177ce9066fe7fe03b03c6a9510ff9e59ab4f93353ff5f6a51fbc.exe windows:4 windows x86 arch:x86
5d71c467918bc1418f1ea5be7939207e
Code Sign
4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12/05/1997, 00:00Not After07/01/2004, 23:59SubjectOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before12/12/2001, 00:00Not After06/01/2004, 23:59SubjectCN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Extended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before28/02/2001, 00:00Not After06/01/2004, 23:59SubjectCN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7f:4b:a5:0b:f9:97:0f:cc:a0:b2:42:17:9e:96:46:57Certificate
IssuerCN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Not Before19/11/2002, 00:00Not After19/11/2003, 23:59SubjectCN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bc:a0:ca:28:9b:15:ee:d7:69:4f:a3:d8:f2:78:64:bf:83:d6:f4:70Signer
Actual PE Digestbc:a0:ca:28:9b:15:ee:d7:69:4f:a3:d8:f2:78:64:bf:83:d6:f4:70Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\bld_area\trialware_r4.0\DJSNETCN\ReleaseMinSize\DJSNETCN.pdb
Imports
wsock32
WSAGetLastError
gethostbyname
WSAStartup
WSACleanup
atl70
ord64
ord61
ord23
kernel32
WaitForSingleObject
lstrcmpiA
GetCommandLineA
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
LocalFree
EnterCriticalSection
LeaveCriticalSection
SetEvent
CloseHandle
CreateEventA
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
SetThreadPriority
InterlockedIncrement
GetLastError
LoadLibraryA
FreeLibrary
CreateMutexA
OpenMutexA
TerminateThread
CompareStringA
lstrlenW
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
CreateFileA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
lstrlenA
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameA
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetProcAddress
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
user32
CharNextA
MessageBoxA
UnregisterClassA
DestroyWindow
LoadStringA
PostThreadMessageA
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassExA
DefWindowProcA
FindWindowA
PostQuitMessage
PostMessageA
TranslateMessage
TranslateAcceleratorA
CharLowerA
CharLowerW
CharUpperA
CharUpperW
advapi32
OpenSCManagerA
OpenServiceA
CreateServiceA
DeleteService
ControlService
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegQueryValueExA
RegEnumValueA
CloseServiceHandle
ole32
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
msvcp70
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ
msvcr70
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__getmainargs
__dllonexit
_except_handler3
__security_error_handler
_callnewh
realloc
_controlfp
__set_app_type
mbstowcs
strncmp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_onexit
??1exception@@UAE@XZ
puts
vsprintf
memset
__CxxFrameHandler
_mbsinc
_ismbcspace
_mbsstr
_mbsupr
??3@YAXPAX@Z
_CxxThrowException
strlen
memcpy
memmove
_purecall
??_V@YAXPAX@Z
??0exception@@QAE@XZ
_endthreadex
??0exception@@QAE@ABV0@@Z
_beginthreadex
time
strcat
strcpy
_itoa
_mbscmp
malloc
free
wcscpy
__p__fmode
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ