C:\Users\divynslin\Desktop\MY_PCNB\Forte_SVN\HookTest_code\HookTest_1_0_0_15\x64\Release\fmapp.pdb
Static task
static1
Behavioral task
behavioral1
Sample
1ef4acfaf4f424ada5e481ce17371fce2d34691966c9068fa43f66f0be358876.exe
Resource
win7-20240419-en
General
-
Target
1ef4acfaf4f424ada5e481ce17371fce2d34691966c9068fa43f66f0be358876
-
Size
1.4MB
-
MD5
f6f68f92d2e12ff99edb7d14de9d64f8
-
SHA1
ad787acaadcd4b7685b95c3c81f51992335c1d6d
-
SHA256
1ef4acfaf4f424ada5e481ce17371fce2d34691966c9068fa43f66f0be358876
-
SHA512
889ca80a9e83594374a79ba31cb8b5eff8d686cbc8b97ca5affa67340201c65cc2e7245205a6d16bd3319f13e6a241be6d1442b43fa3d67ff8e90b95c0d0b091
-
SSDEEP
24576:gVT/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:gVTLNiXicJFFRGNzj3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1ef4acfaf4f424ada5e481ce17371fce2d34691966c9068fa43f66f0be358876
Files
-
1ef4acfaf4f424ada5e481ce17371fce2d34691966c9068fa43f66f0be358876.exe windows:6 windows x64 arch:x64
2879fbd82165ab01e030f61bac9b5434
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
HeapReAlloc
RaiseException
HeapAlloc
DeleteCriticalSection
GetProcessHeap
OutputDebugStringW
ReadFile
FindFirstFileW
EnterCriticalSection
FindNextFileW
lstrlenW
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
FindClose
LocalAlloc
CreateFileW
OpenFileMappingW
GetSystemDirectoryW
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
GlobalAlloc
DeleteFileW
GetLastError
GlobalFree
CloseHandle
CreateThread
GetWindowsDirectoryW
GetFileSize
GetModuleHandleW
MapViewOfFile
lstrcmpW
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
HeapSize
InitializeCriticalSectionEx
Process32FirstW
HeapFree
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
user32
SetTimer
UnregisterClassW
PostQuitMessage
KillTimer
GetMessageW
DefWindowProcW
DestroyWindow
SetWindowsHookExW
CallNextHookEx
GetSystemMetrics
RegisterClassExW
DispatchMessageW
CreateWindowExW
wvsprintfW
UnhookWindowsHookEx
TranslateMessage
FindWindowW
LoadCursorW
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ole32
PropVariantClear
CoCreateInstance
CoInitialize
CoUninitialize
setupapi
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
shlwapi
StrStrIW
Sections
.text Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.2MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE