my_program.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Authenticator.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Authenticator.exe
Resource
win10v2004-20240426-en
General
-
Target
Authenticator.exe
-
Size
3.5MB
-
MD5
7c0c6044c5a9a14feb436705b0eb29d2
-
SHA1
029d9abe075599e013aa1e76d33b78470aab9c5b
-
SHA256
597ca08dea2c7aa2551cd932c2d79cc6f12fb24f4ac9ecaf1ba45a0c3576c3e2
-
SHA512
64bdeec8be75a99687c1ccf3284e6453f48978b9fcebcf6ef8a31e7e36ba7fd38f2e0a31ae79693cae1fa44930a1752341dd173989f4fe42caaef541767ce074
-
SSDEEP
49152:yNAryfH4y9JnO/BXCRr2mLxZHQy1RhCvBl6j/IvOnb08InAT23HAGdmb:322/vjAbYb3gGd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Authenticator.exe
Files
-
Authenticator.exe.exe windows:6 windows x64 arch:x64
ebed136ab99d4bfa2e9b54b978f26fad
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WakeByAddressSingle
WaitOnAddress
WakeByAddressAll
bcrypt
BCryptCreateHash
BCryptDeriveKey
BCryptSecretAgreement
BCryptVerifySignature
BCryptSignHash
BCryptDestroySecret
BCryptHashData
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateKeyPair
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptDestroyKey
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
crypt32
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
user32
FindWindowA
SendMessageA
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtCreateFile
NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
kernel32
FreeConsole
HeapSize
GetStringTypeW
SetStdHandle
SetEndOfFile
GetFullPathNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WaitForSingleObjectEx
LoadLibraryA
CloseHandle
FindFirstFileExW
GetFileSizeEx
CreateMutexA
CreateThread
GetConsoleOutputCP
OutputDebugStringW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentThread
Sleep
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetSystemTimeAsFileTime
LCMapStringW
CompareStringW
CreateFileA
ReadFile
WriteFile
SetHandleInformation
GetLastError
GetOverlappedResult
CancelIo
SleepEx
CreateEventA
WaitNamedPipeA
GetCurrentProcess
DuplicateHandle
GetSystemInfo
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadConsoleW
EncodePointer
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetTimeZoneInformationForYear
RaiseException
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
WaitForSingleObject
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetStartupInfoW
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
IsDebuggerPresent
GetStdHandle
GetCurrentProcessId
WriteFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
InitializeSListHead
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
ws2_32
WSASend
shutdown
connect
bind
WSASocketW
getsockname
WSAGetLastError
send
recv
select
getsockopt
ioctlsocket
setsockopt
WSAIoctl
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getpeername
closesocket
secur32
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
AcceptSecurityContext
QueryContextAttributesW
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ