Overview
overview
8Static
static
7Fire.exe
windows7-x64
8Fire.exe
windows10-2004-x64
7Fire.exe
windows11-21h2-x64
7Pr.exe
windows7-x64
1Pr.exe
windows10-2004-x64
1Pr.exe
windows11-21h2-x64
1info.exe
windows7-x64
1info.exe
windows10-2004-x64
1info.exe
windows11-21h2-x64
1p.exe
windows7-x64
1p.exe
windows10-2004-x64
1p.exe
windows11-21h2-x64
1p86.exe
windows7-x64
1p86.exe
windows10-2004-x64
1p86.exe
windows11-21h2-x64
1Behavioral task
behavioral1
Sample
Fire.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
Fire.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Fire.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Pr.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral5
Sample
Pr.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Pr.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
info.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
info.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
info.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
p.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral11
Sample
p.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
p.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
p86.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
p86.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
p86.exe
Resource
win11-20240611-en
windows11-21h2-x64
Target
1.7z
Size
438KB
MD5
9299ca277057bd8e3132faa0bc9fd9f0
SHA1
e6fa71022e60106c24dd6d74dc5bc45c476fd169
SHA256
14f0878aca39fe4b65fbfad1579d8034f9c438aa270cd5cb61fb94dcf1f466d6
SHA512
3e9528152861525bf7b69da030db0fee30b3dbe534965c5f8c3c556619963f69c30fe3722741a0b48d2bff429753fe96a73b8292c2ed1b91964569798ea6366c
SSDEEP
12288:+haC0KScHw1+NaUTgRQcAL7cyc0D43QKGfrFfg:C0+Hy+NpyEBBKerFfg
| resource | yara_rule |
|---|---|
| static1/unpack001/Fire.exe | upx |
Checks for missing Authenticode signature.
| resource |
|---|
| unpack002/out.upx |
| unpack001/info.exe |
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
ProxyLite.Windows.Console.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc
GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
GetStockObject
InitCommonControlsEx
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
timeBeginPeriod
CoInitialize
CoTaskMemFree
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
b:\universaltermsrvpatch\universaltermsrvpatch\x64\objfre_wnet_AMD64\amd64\UniversalTermsrvPatch-x64.pdb
ord3783
ord2903
ord2393
ord1441
ord1126
ord6660
ord5687
ord4721
ord5245
ord5406
ord6437
ord1777
ord5663
ord5702
ord4771
ord3761
ord337
ord4557
ord984
ord525
ord3177
ord6328
ord1499
ord4548
ord1287
ord1284
ord2846
ord626
ord6614
ord4214
ord5077
ord1647
ord1812
ord1771
ord6243
ord4014
ord4826
ord620
ord6886
ord1122
ord6147
ord6050
ord4436
ord6021
ord2900
ord665
ord624
ord1930
ord4599
ord4131
ord2517
ord852
ord1063
ord659
ord3916
ord4983
ord6053
ord5711
ord5730
ord1584
ord5065
ord4368
ord2752
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord4598
ord1035
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord4752
ord1778
ord4365
ord6440
ord1040
ord2427
ord3790
ord1463
ord6887
ord3830
ord4473
ord5039
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_c_exit
exit
??1type_info@@UEAA@XZ
__dllonexit
_XcptFilter
__C_specific_handler
_wcsicmp
_cexit
__set_app_type
_exit
memset
__CxxFrameHandler
malloc
__argc
__wargv
wcsrchr
_wcslwr
wcsstr
_fmode
_onexit
?terminate@@YAXXZ
memcpy
free
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetPrivateProfileStringW
GetLocaleInfoW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
lstrcatW
GetExitCodeProcess
GetLastError
GlobalAlloc
GetCurrentProcess
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
DeleteFileW
MoveFileExW
GetTempFileNameW
WaitForSingleObject
CloseHandle
CreateMutexW
GetFileSize
CreateFileMappingW
GetObjectW
GetStockObject
CreateFontIndirectW
CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
SendMessageW
AppendMenuW
EnableWindow
MessageBoxW
DrawIcon
wsprintfW
DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish
PathFileExistsW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
CheckSumMappedFile
MapFileAndCheckSumW
CreateStatusWindowW
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
NetUserGetInfo
NetApiBufferFree
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
b:\universaltermsrvpatch\universaltermsrvpatch\x86\objfre_wnet_x86\i386\UniversalTermsrvPatch-x86.pdb
ord815
ord641
ord2506
ord3948
ord2858
ord2371
ord1143
ord861
ord6237
ord5261
ord4370
ord4847
ord4992
ord6048
ord1767
ord5237
ord5276
ord4419
ord3592
ord324
ord4229
ord755
ord470
ord3087
ord5949
ord1197
ord4219
ord942
ord940
ord2810
ord540
ord561
ord4155
ord4704
ord1634
ord1808
ord1761
ord5871
ord3792
ord4470
ord535
ord823
ord858
ord5798
ord5706
ord4124
ord5679
ord2855
ord3397
ord3716
ord567
ord538
ord1921
ord4270
ord3871
ord1569
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord825
ord795
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord4401
ord1768
ord4073
ord6051
ord800
ord3614
ord2406
ord3621
ord1165
ord3658
ord6195
ord4667
__p__commode
__p__fmode
__set_app_type
_except_handler3
__wgetmainargs
_adjust_fdiv
_onexit
_wcmdln
exit
_cexit
__setusermatherr
__dllonexit
_initterm
wcslen
_XcptFilter
_exit
_wcsicmp
malloc
free
__argc
__wargv
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
wcsrchr
_wcslwr
wcsstr
__CxxFrameHandler
_c_exit
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileStringW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CreateMutexW
GetLastError
MoveFileExW
FreeLibrary
LoadLibraryW
UnmapViewOfFile
IsBadReadPtr
GetFileSize
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTempFileNameW
CloseHandle
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
lstrcatW
CreateFileMappingW
MapViewOfFile
GetObjectW
GetStockObject
CreateFontIndirectW
CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
wsprintfW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
EnableWindow
MessageBoxW
DrawIcon
AppendMenuW
SendMessageW
DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish
PathFileExistsW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
CheckSumMappedFile
MapFileAndCheckSumW
CreateStatusWindowW
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
NetUserGetInfo
NetApiBufferFree
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ