D:\a\weasel\weasel\output\weaselx64.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba.dll
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba
-
Size
1.0MB
-
MD5
ccac256d546347cce532cbdac6406350
-
SHA1
9f029d2dec77f56e5319343f1070c0b7c5eb298a
-
SHA256
8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba
-
SHA512
f814c6d68edbe271d1133273aa498ce3d9ee746855e00173aa5ca3c7912e2a53aff44cc23cbd3fb60694bcaddbfc0297192b59939d438565ed14b056319f6e95
-
SSDEEP
24576:ijBpk/7fFsXnNczdUwMCOekT/GoBfaZoQ/q:nS6MCeT+Po0
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba
Files
-
8d344f061fe05d58a3bb13a0b0ba9bc1b389153e3210b1f11d9ea7e7e5a1dcba.dll regsvr32 windows:6 windows x64 arch:x64
1a74ab764576bb3848b8a4956e57d341
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
CreateEventW
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetModuleFileNameA
GetEnvironmentVariableW
GetModuleFileNameW
GetCurrentThreadId
lstrcpyW
ExitProcess
GetLastError
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineW
InitializeCriticalSectionEx
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenEventA
GetCommandLineA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
FormatMessageA
LocalFree
CreateEventA
CloseHandle
SetEvent
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
CreateFileW
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ReadFile
RaiseException
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
GetProcessHeap
WaitForSingleObjectEx
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
GetStringTypeW
QueryPerformanceCounter
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
GetStartupInfoW
ResetEvent
user32
ToUnicodeEx
GetKeyboardState
GetMenuItemCount
GetMenuItemInfoW
LoadMenuW
SetRect
CallWindowProcW
GetWindowLongPtrW
EndPaint
BeginPaint
DefWindowProcW
DestroyIcon
DrawIconEx
MessageBoxW
GetMonitorInfoW
CopyRect
GetWindowRect
UpdateLayeredWindow
GetClientRect
GetWindowLongW
SetWindowLongW
InvalidateRect
TrackMouseEvent
PtInRect
InflateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
IsRectEmpty
MonitorFromRect
RedrawWindow
GetForegroundWindow
SendInput
GetFocus
ReleaseDC
SetWindowPos
GetCaretPos
GetCursorPos
GetDC
GetWindowThreadProcessId
GetSystemMetrics
LoadImageW
DestroyMenu
TrackPopupMenuEx
GetSubMenu
IsWindow
KillTimer
ShowWindow
SetTimer
UnregisterClassW
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
advapi32
RegEnumKeyExA
RegGetValueW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameW
RegOpenKeyA
RegCloseKey
RegQueryValueExW
shell32
ShellExecuteW
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
gdiplus
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCreatePath
GdipAlloc
GdipAddPathRectangleI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawPath
GdipFillPath
GdipDrawImageI
GdipDeletePath
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipAddPathLineI
GdipAddPathArcI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateRegionPath
GdipDeleteRegion
GdipCloneRegion
GdipCombineRegionRegion
GdipIsEmptyRegion
GdipFree
GdipCloneImage
d2d1
ord1
dwrite
DWriteCreateFactory
api-ms-win-shcore-scaling-l1-1-1
GetDpiForMonitor
gdi32
DeleteObject
CreateCompatibleBitmap
SelectObject
StretchBlt
BitBlt
SetViewportOrgEx
CreateCompatibleDC
DeleteDC
Exports
Exports
??0?$codecvt_null@_W@archive@boost@@QEAA@_K@Z
??0?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??1?$codecvt_null@_W@archive@boost@@UEAA@XZ
??_F?$codecvt_null@_W@archive@boost@@QEAAXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EEBA_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UCandidateInfo@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UText@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UTextAttribute@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UTextRange@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UUIStyle@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QEAA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QEAAXXZ
?unlock@singleton_module@serialization@boost@@QEAAXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 632KB - Virtual size: 631KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 174KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 170KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ