Static task
static1
Behavioral task
behavioral1
Sample
PCXSense.exe
Resource
win11-20240426-en
General
-
Target
PCXSense.exe
-
Size
700KB
-
MD5
15c59919499d24e70a1e317f0e8a0f29
-
SHA1
7ba59a06c78ab9482fdd13eb1acb633f8b6a2c71
-
SHA256
b14222d74d40ea4eeeb2c2556783c74bdc32745a9c5262c0de9138ebff41abb3
-
SHA512
b0e3c3b466b66119b0977ea3a1f7addf9f4ffc4a2678f7664a97ab3131aefe6cec7316fd95f3afd5459a9a6c12c853d8f236928311fa7cb171358c48e76b7326
-
SSDEEP
12288:lkFfmsEep4ItwGXADXPPRdRu6aTQl0yjbOa9ph0lhSMXliwEnhq:Pep4ItwGQrvc1yXOch0lhSMXlfEnh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource PCXSense.exe
Files
-
PCXSense.exe.exe windows:6 windows x64 arch:x64
a70735a7eb61e9a58b4213470772dfa5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
xinput1_4
ord2
vigemclient
vigem_target_x360_register_notification
vigem_target_x360_update
vigem_disconnect
vigem_free
vigem_alloc
vigem_target_add
vigem_target_free
vigem_target_x360_alloc
vigem_connect
vigem_target_remove
hidapi
hid_close
hid_write
hid_open
hid_error
hid_read
hid_get_device_info
glfw3
glfwSetWindowFocusCallback
glfwGetCursorPos
glfwGetKeyName
glfwSetCursorPosCallback
glfwGetGamepadState
glfwGetWin32Window
glfwSetCursorPos
glfwGetError
glfwCreateStandardCursor
glfwSetInputMode
glfwSetScrollCallback
glfwSetKeyCallback
glfwSetCharCallback
glfwSetCursor
glfwSetMouseButtonCallback
glfwGetWindowSize
glfwSetCursorEnterCallback
glfwSetClipboardString
glfwGetFramebufferSize
glfwSetMonitorCallback
glfwGetKey
glfwGetTime
glfwGetWindowAttrib
glfwGetInputMode
glfwGetClipboardString
glfwSetErrorCallback
glfwDestroyCursor
glfwWindowShouldClose
glfwIconifyWindow
glfwMakeContextCurrent
glfwWaitEventsTimeout
glfwCreateWindow
glfwSwapBuffers
glfwSwapInterval
glfwTerminate
glfwInit
glfwSetWindowIcon
opengl32
glClearColor
glClear
glBindTexture
glGenTextures
glTexParameteri
glTexImage2D
kernel32
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
DeleteFileW
SetProcessShutdownParameters
TerminateProcess
GetCurrentProcess
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
WriteFile
SetConsoleCtrlHandler
CloseHandle
CreateFileW
Sleep
FreeLibrary
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
ReleaseSRWLockExclusive
user32
GetWindowLongPtrW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxW
SetWindowLongPtrW
CallWindowProcW
GetMessageExtraInfo
GetWindowTextW
GetForegroundWindow
SendInput
advapi32
RegSetValueExA
RegCloseKey
RegOpenKeyExW
shell32
ShellExecuteW
imm32
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
msvcp140
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?uncaught_exceptions@std@@YAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcmp
memcpy
memmove
memchr
_CxxThrowException
memset
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
wcsstr
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
__stdio_common_vsprintf
ferror
_get_stream_buffer_pointers
_fseeki64
fsetpos
_wfopen
fwrite
fgetc
fopen_s
setvbuf
__stdio_common_vfprintf
fseek
fclose
fflush
__acrt_iob_func
ftell
fgetpos
fread
__stdio_common_vsscanf
fputc
feof
ungetc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcmp
strncmp
strncpy
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
realloc
calloc
free
_callnewh
api-ms-win-crt-runtime-l1-1-0
system
_exit
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
abort
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_beginthreadex
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
_fdclass
_ldclass
acosf
atan2f
_dsign
_fdsign
_dclass
_ldsign
powf
cosf
fmodf
__setusermatherr
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
Sections
.text Size: 441KB - Virtual size: 440KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ