Static task
static1
Behavioral task
behavioral1
Sample
ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a
-
Size
636KB
-
MD5
951b60fb92f90cc51f78d14ff90d90dc
-
SHA1
b9c2afbb9fa3b84573055a036f58fff676c926a4
-
SHA256
ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a
-
SHA512
2d86b31d9d03225639f52e5a21d2ab4e0cadbdcf82c2b2574448431b2df0119bb9e602e383a3272303c3412d5e06906ee86d19054ff6ab970b9bfe5f36e92f73
-
SSDEEP
12288:rfeFC7odSbtIcluQX96b7p80PAL1uNcmfdT49ZTBw/V3jcouc:rfeFC7od6tIclu4IPpFPAhuGmf+ZlOdt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a
Files
-
ee8a24e0258fdea5b8356601ebb72aedc86785ee4c5ba2095b39857797f0ed4a.exe windows:4 windows x86 arch:x86
5b07630e79060d9f0e905199437327f3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
TerminateThread
Sleep
GetWindowsDirectoryA
GetVolumeInformationA
CreateMutexA
GetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
WinExec
GetExitCodeThread
GetDriveTypeA
CreateThread
GetCurrentThreadId
WaitForSingleObject
GetTickCount
GetModuleHandleA
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoA
user32
GetDC
CreateWindowExA
GetSystemMetrics
RegisterClassA
RegisterClassExA
LoadImageA
LoadCursorA
LoadIconA
DefWindowProcA
DispatchMessageA
TranslateMessage
ReleaseDC
GetCursorPos
ScreenToClient
SetTimer
SetWindowTextA
MessageBoxA
EndDialog
PostMessageA
SendMessageA
GetParent
SendDlgItemMessageA
CallWindowProcA
SetWindowLongA
GetClientRect
SetDlgItemTextA
CreateDialogParamA
GetWindowRect
ClientToScreen
MoveWindow
KillTimer
GetDlgItem
SetFocus
PeekMessageA
UpdateWindow
GetDlgItemTextA
ShowWindow
DestroyWindow
wsprintfA
SetWindowPos
EnableWindow
gdi32
GetPixel
TextOutA
PatBlt
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
DeleteDC
SetDIBitsToDevice
SetTextColor
advapi32
GetUserNameA
RegOpenKeyExA
comctl32
ord17
winmm
mciSendCommandA
wsock32
inet_addr
WSACleanup
gethostbyname
WSAStartup
closesocket
listen
gethostname
WSAAsyncSelect
bind
htons
htonl
socket
WSAGetLastError
connect
ioctlsocket
setsockopt
recv
sendto
recvfrom
send
accept
__WSAFDIsSet
select
ntohs
dsound
ord1
ddraw
DirectDrawCreate
ace
??1ACE_RW_Mutex@@QAE@XZ
??1ACE_Errno_Guard@@QAE@XZ
?sprintf@ACE_OS@@SAHPADPBDZZ
?strdup@ACE_OS_String@@SAPADPBD@Z
?strsncpy@ACE_OS_String@@SAPADPADPBDI@Z
?get_remote_addr@ACE_SOCK@@QBEHAAVACE_Addr@@@Z
?disable@ACE_IPC_SAP@@QBEHH@Z
?connect@ACE_SOCK_Connector@@QAEHAAVACE_SOCK_Stream@@ABVACE_Addr@@PBVACE_Time_Value@@1HHHHH@Z
??AACE_Synch_Options@@QBEHK@Z
??1ACE_Message_Block@@UAE@XZ
?max_time@ACE_Time_Value@@2V1@B
??0ACE_Message_Block@@QAE@IHPAV0@PBDPAVACE_Allocator@@PAVACE_Lock@@KABVACE_Time_Value@@422@Z
?copy@ACE_Message_Block@@QAEHPBDI@Z
?clone@ACE_Message_Block@@UBEPAV1@K@Z
?set@ACE_INET_Addr@@QAEHGQBDH@Z
??0ACE_Service_Object@@QAE@PAVACE_Reactor@@@Z
??0ACE_RW_Thread_Mutex@@QAE@PBDPAX@Z
?sap_any@ACE_Addr@@2V1@B
?defaults@ACE_Synch_Options@@2V1@A
??1ACE_Service_Object@@UAE@XZ
??1ACE_RW_Thread_Mutex@@QAE@XZ
??1ACE_SOCK_Connector@@QAE@XZ
??1ACE_Event@@QAE@XZ
??1ACE_Reactor_Notification_Strategy@@UAE@XZ
??0ACE_Reactor_Notification_Strategy@@QAE@PAVACE_Reactor@@PAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHPAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHXZ
??_7ACE_INET_Addr@@6B@
??1ACE_Addr@@UAE@XZ
?close@ACE_SOCK_Stream@@QAEHXZ
?instance@ACE_Reactor@@SAPAV1@XZ
??0ACE_SOCK@@IAE@XZ
??0ACE_INET_Addr@@QAE@XZ
??1ACE_SOCK_Stream@@QAE@XZ
??1ACE_INET_Addr@@UAE@XZ
??1ACE_Manual_Event@@QAE@XZ
??0ACE_Manual_Event@@QAE@HHPBDPAX@Z
?signal@ACE_Condition_Thread_Mutex@@QAEHXZ
?wait@ACE_Condition_Thread_Mutex@@QAEHPBVACE_Time_Value@@@Z
?broadcast@ACE_Condition_Thread_Mutex@@QAEHXZ
?dump@ACE_Condition_Thread_Mutex@@QBEXXZ
?total_size@ACE_Message_Block@@QBEIXZ
?total_length@ACE_Message_Block@@QBEIXZ
?release@ACE_Message_Block@@QAEPAV1@XZ
??0ACE_Task_Base@@QAE@PAVACE_Thread_Manager@@@Z
??_7ACE_Message_Queue_Base@@6B@
??0ACE_Condition_Thread_Mutex@@QAE@ABVACE_Thread_Mutex@@PBDPAX@Z
??1ACE_Message_Queue_Base@@UAE@XZ
?time_value@ACE_Synch_Options@@QBEPBVACE_Time_Value@@XZ
?arg@ACE_Synch_Options@@QBEPBXXZ
??0ACE_Time_Value@@QAE@ABU_FILETIME@@@Z
?normalize@ACE_Time_Value@@AAEXXZ
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@@Z
?cond_timedwait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@PAVACE_Time_Value@@@Z
?acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ
?release@ACE_Recursive_Thread_Mutex@@QAEHXZ
?cond_destroy@ACE_OS@@SAHPAVACE_cond_t@@@Z
?cond_broadcast@ACE_OS@@SAHPAVACE_cond_t@@@Z
??1ACE_Task_Base@@UAE@XZ
?open@ACE_Task_Base@@UAEHPAX@Z
?close@ACE_Task_Base@@UAEHK@Z
?svc@ACE_Task_Base@@UAEHXZ
??0ACE_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??0ACE_Recursive_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
?cond_init@ACE_OS@@SAHPAVACE_cond_t@@FPBDPAX@Z
?instance@ACE_Log_Msg@@SAPAV1@XZ
?conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z
?log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ
??1ACE_Recursive_Thread_Mutex@@QAE@XZ
??1ACE_Thread_Mutex@@QAE@XZ
?get_handle@ACE_Event_Handler@@UBEPAXXZ
?set_handle@ACE_Event_Handler@@UAEXPAX@Z
?priority@ACE_Event_Handler@@UAEXH@Z
?priority@ACE_Event_Handler@@UBEHXZ
?handle_input@ACE_Event_Handler@@UAEHPAX@Z
?handle_output@ACE_Event_Handler@@UAEHPAX@Z
?handle_exception@ACE_Event_Handler@@UAEHPAX@Z
?handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time_Value@@PBX@Z
?handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process@@@Z
?handle_close@ACE_Event_Handler@@UAEHPAXK@Z
?handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_t@@PAH@Z
?resume_handler@ACE_Event_Handler@@UAEHXZ
?handle_qos@ACE_Event_Handler@@UAEHPAX@Z
?handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z
?reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ
?reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z
?suspend@ACE_Task_Base@@UAEHXZ
?resume@ACE_Task_Base@@UAEHXZ
?module_closed@ACE_Task_Base@@UAEHXZ
?put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVACE_Time_Value@@@Z
?activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQAK@Z
?wait@ACE_Task_Base@@UAEHXZ
?init@ACE_Shared_Object@@UAEHHQAPAD@Z
?fini@ACE_Shared_Object@@UAEHXZ
?info@ACE_Shared_Object@@UBEHPAPADI@Z
?fini@ACE_Init_ACE@@SAHXZ
?init@ACE_Init_ACE@@SAHXZ
?instance@ACE_Dynamic@@SAPAV1@XZ
?rw_unlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?rw_wrlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?mutex_unlock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAUACE_mutex_t@@@Z
?mutex_lock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
??0ACE_Handler@@QAE@XZ
??1ACE_Handler@@UAE@XZ
?handle_read_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Stream@@@Z
?handle_write_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Dgram@@@Z
?handle_read_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Dgram@@@Z
?handle_write_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Stream@@@Z
?handle_read_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_File@@@Z
?handle_write_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_File@@@Z
?handle_accept@ACE_Handler@@UAEXABVResult@ACE_Asynch_Accept@@@Z
?handle_transmit_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Transmit_File@@@Z
?handle_time_out@ACE_Handler@@UAEXABVACE_Time_Value@@PBX@Z
?handle_wakeup@ACE_Handler@@UAEXXZ
?handle@ACE_Handler@@UAEXPAX@Z
?handle@ACE_Handler@@UBEPAXXZ
??0ACE_Event_Handler@@IAE@PAVACE_Reactor@@H@Z
??1ACE_Event_Handler@@UAE@XZ
??1ACE_Sig_Set@@QAE@XZ
?check_reconfiguration@ACE_Reactor@@SAHPAX@Z
?signal@ACE_Event@@QAEHXZ
?wait@ACE_Event@@QAEHXZ
?instance@ACE_Allocator@@SAPAV1@XZ
??1ACE_Condition_Thread_Mutex@@QAE@XZ
?cond_signal@ACE_OS@@SAHPAVACE_cond_t@@@Z
?enable@ACE_IPC_SAP@@QBEHH@Z
?recv@ACE@@SAHPAX0IHPBVACE_Time_Value@@@Z
?send_n_i@ACE@@CAHPAXPBXIPAI@Z
?zero@ACE_Time_Value@@2V1@B
msvcrt
_strcmpi
fclose
__p__commode
__p__fmode
fseek
fopen
_adjust_fdiv
localtime
fread
rand
vsprintf
time
_tzset
fwrite
malloc
fgetc
free
__CxxFrameHandler
atoi
??3@YAXPAX@Z
??2@YAPAXI@Z
strtok
_itoa
strncmp
strncpy
srand
fprintf
strpbrk
strncat
ftell
strftime
_ftol
exit
memmove
_purecall
_errno
isdigit
memchr
__dllonexit
_onexit
_exit
_XcptFilter
_controlfp
_except_handler3
__set_app_type
_acmdln
_initterm
__setusermatherr
__getmainargs
msvcp60
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstream@std@@UAE@XZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1ostrstream@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1istrstream@std@@UAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Xlen@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1strstreambuf@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
ws2_32
WSAEventSelect
Sections
.text Size: 528KB - Virtual size: 527KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE