Static task
static1
Behavioral task
behavioral1
Sample
d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e
-
Size
3.0MB
-
MD5
b54fa362ed4164fe5f8fac9fc1c6777b
-
SHA1
56c053116120eef8e9a9ed091ab861dfcb61f402
-
SHA256
d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e
-
SHA512
7ec1f105cf5fca9fdf57677d4fa1c8506ba697702c68276eed7b2b36e721f8b039c1ef5d463c8582c10bceb15dbeae5987713d553b57d1687b85e5b962a1cd3b
-
SSDEEP
49152:zPZpWDnhgz3hhkvjoHM8jj89jA5Djz3NjjuLR602j5TjDxfBRk1gEoDK51l:CDnezxhkvjoHM8jj89jA5Djz3NjjuLRP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e
Files
-
d104cd25fa079d41771ad7fcafeed2107688ee9b8a1a20591823840f03433d7e.exe windows:4 windows x86 arch:x86
b3e300e7cb793347cc0430b8cf79e8c2
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
pjsecure
ord1
ord2
wsock32
inet_addr
gethostbyname
WSAGetLastError
gethostname
WSAStartup
WSACleanup
shlwapi
PathFileExistsA
libcurl
curl_easy_init
curl_easy_strerror
curl_easy_getinfo
curl_easy_cleanup
curl_slist_free_all
curl_easy_perform
curl_slist_append
curl_easy_setopt
libexpat
ord18
ord52
ord31
ord25
ord2
ord10
ord21
ord16
ord12
ord11
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
mfc42
ord1929
ord1802
ord3619
ord2243
ord283
ord3721
ord795
ord3610
ord656
ord535
ord4123
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4480
ord3874
ord4284
ord2938
ord4278
ord1105
ord5710
ord939
ord5951
ord2367
ord6334
ord6197
ord6380
ord6880
ord4299
ord941
ord4129
ord541
ord801
ord1175
ord6877
ord5683
ord5572
ord2919
ord6930
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord5934
ord5933
ord6883
ord6143
ord928
ord2859
ord2099
ord2078
ord6379
ord3803
ord4083
ord2714
ord2860
ord1847
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord692
ord5440
ord6383
ord5450
ord6394
ord807
ord384
ord554
ord5655
ord6146
ord5885
ord2862
ord2096
ord4163
ord6625
ord2012
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6874
ord6453
ord6927
ord2645
ord3005
ord922
ord2614
ord713
ord414
ord6141
ord4202
ord4538
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4427
ord796
ord674
ord529
ord366
ord613
ord6069
ord6067
ord289
ord2011
ord6000
ord2117
ord4457
ord5252
ord4413
ord4436
ord1200
ord4274
ord6375
ord4486
ord2554
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord1829
ord815
ord561
ord1134
ord2725
ord617
ord5301
ord5214
ord296
ord986
ord520
ord6117
ord2621
ord2455
ord2512
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord813
ord560
ord5260
ord610
ord287
ord6139
ord3499
ord355
ord703
ord404
ord603
ord273
ord275
ord816
ord3908
ord562
ord4160
ord6662
ord4277
ord6283
ord4204
ord5856
ord6663
ord940
ord6282
ord1270
ord2380
ord3920
ord3755
ord1920
ord3289
ord1949
ord1233
ord2233
ord2754
ord2364
ord2301
ord2971
ord5787
ord5789
ord6605
ord3903
ord2044
ord2107
ord2841
ord2448
ord5834
ord3567
ord602
ord6242
ord3693
ord4287
ord2713
ord4133
ord4297
ord5788
ord4022
ord3752
ord6128
ord2634
ord5859
ord1622
ord4023
ord6119
ord6170
ord3573
ord2089
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord4694
ord5148
ord5821
ord3662
ord5604
ord1871
ord1779
ord6920
ord2688
ord4224
ord3184
ord4055
ord663
ord348
ord6403
ord3522
ord3706
ord3138
ord3870
ord6195
ord3711
ord783
ord6377
ord2112
ord2405
ord2452
ord3584
ord543
ord803
ord1795
ord6648
ord4376
ord3089
ord2379
ord858
ord6199
ord2642
ord3097
ord5953
ord3092
ord5981
ord4234
ord324
ord4853
ord540
ord2818
ord3998
ord6907
ord3301
ord926
ord924
ord2915
ord3996
ord4710
ord2864
ord1768
ord641
ord2302
ord693
ord609
ord3574
ord3402
ord4396
ord2575
ord3640
ord3370
ord4402
ord2582
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord5265
ord823
ord6215
ord2446
ord1168
ord1232
ord5261
ord470
ord323
ord1640
ord5785
ord5875
ord6172
ord640
ord755
ord1146
ord1641
ord2152
ord860
ord3797
ord4275
ord2414
ord3663
ord3626
ord825
ord567
ord537
ord818
ord800
ord3571
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3738
ord1576
msvcrt
_local_unwind2
_mbstok
_mbsrchr
_CIfmod
_mbsnbcpy
fputc
fprintf
fseek
ftell
fread
fopen
fwrite
fclose
_mbsstr
_mbsicmp
_winmajor
srand
exit
strtoul
printf
_i64toa
strtod
atof
_except_handler3
div
rand
_atoi64
_beginthreadex
_purecall
remove
sprintf
atoi
_itoa
memmove
_ftol
strstr
_mbscmp
__CxxFrameHandler
time
free
malloc
_errno
strncpy
fgetc
isspace
strncmp
fputs
sscanf
fgets
rename
realloc
toupper
tolower
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strrchr
wcslen
_CxxThrowException
_setmbcp
_controlfp
kernel32
WaitForSingleObject
ResetEvent
SetEvent
LoadLibraryExA
WinExec
lstrlenA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
lstrcmpiA
GetVersionExA
GetModuleHandleA
SetLocalTime
DeleteFileA
GetExitCodeThread
CreateThread
LocalUnlock
LocalFree
LocalLock
LocalAlloc
MultiByteToWideChar
GetLocalTime
GetCurrentThreadId
OpenFileMappingA
DeleteTimerQueueTimer
CreateTimerQueueTimer
WideCharToMultiByte
SetThreadPriority
WaitForMultipleObjects
lstrcmpA
GetStartupInfoA
GlobalAlloc
CloseHandle
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
Sleep
InterlockedDecrement
CreateDirectoryA
GetModuleFileNameA
CopyFileA
GetTickCount
GetThreadTimes
GetCurrentThread
TerminateThread
InterlockedIncrement
lstrlenW
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
CreateMutexA
HeapDestroy
SetCurrentDirectoryA
LoadResource
SizeofResource
FindResourceA
CreateEventA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
LockResource
ResumeThread
user32
GetCursorPos
SetRectEmpty
SetCursor
LoadStringA
DestroyCursor
CopyIcon
DestroyIcon
CreateIconIndirect
GetIconInfo
CopyRect
FillRect
SetRect
ModifyMenuA
GetMenu
DeleteMenu
RemoveMenu
DrawMenuBar
MessageBoxA
FindWindowA
SetForegroundWindow
GetActiveWindow
IsIconic
DrawIcon
LoadMenuA
GetSubMenu
LoadImageA
GetWindow
GetKeyState
GetDC
ReleaseDC
IsWindowVisible
GetCapture
DrawEdge
IsWindow
GetWindowRect
EqualRect
PostMessageA
DrawFrameControl
GetSystemMetrics
DrawTextA
IntersectRect
KillTimer
GetMessagePos
ScreenToClient
PtInRect
SetWindowRgn
WindowFromPoint
SetTimer
GetSysColor
GetFocus
GetParent
RedrawWindow
LoadIconA
SendMessageA
GetDesktopWindow
GetDlgItem
EnableWindow
ReleaseCapture
CheckMenuItem
AppendMenuA
CreatePopupMenu
IsWindowEnabled
ChildWindowFromPoint
GetLastActivePopup
MessageBeep
GrayStringA
TabbedTextOutA
UnionRect
DrawFocusRect
DrawTextExA
EndDialog
GetSystemMenu
EnableMenuItem
DialogBoxParamA
GetDoubleClickTime
ClientToScreen
EndPaint
GetClassNameA
GetWindowLongA
GetWindowTextA
IsRectEmpty
SetWindowLongA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
RegisterWindowMessageA
IsMenu
AdjustWindowRectEx
GetScrollInfo
WindowFromDC
GetWindowRgn
MapWindowPoints
PostThreadMessageA
FindWindowExA
CreateDialogIndirectParamA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
WaitMessage
PostQuitMessage
DestroyWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CheckDlgButton
SetFocus
MoveWindow
SetWindowTextA
WinHelpA
GetDialogBaseUnits
BeginPaint
GetDlgCtrlID
UpdateWindow
InvalidateRect
SetWindowPos
OffsetRect
SystemParametersInfoA
LoadBitmapA
InflateRect
GetClientRect
LoadCursorA
DefWindowProcA
GetClassInfoA
SetCapture
gdi32
MoveToEx
CreatePen
GetTextMetricsA
TextOutA
SetTextJustification
FrameRgn
SelectClipRgn
FillRgn
OffsetRgn
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
LineTo
GetCurrentObject
PolyPolyline
CreatePatternBrush
SetBitmapBits
PtVisible
RectVisible
ExtTextOutA
Escape
CreateDCA
SetRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
GetClipRgn
GetPixel
CreateSolidBrush
CreateCompatibleBitmap
GetDeviceCaps
CreateFontA
GetTextExtentPoint32A
CreateBitmap
PatBlt
SetPixel
StretchBlt
GetDIBits
SetBkMode
SetTextColor
SetBkColor
CreateFontIndirectA
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
BitBlt
GetBkColor
GetObjectA
advapi32
InitializeSecurityDescriptor
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
shell32
ShellExecuteA
comctl32
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ord17
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageInfo
ole32
OleRun
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
olepro32
ord251
oleaut32
VariantInit
GetErrorInfo
SysFreeString
VariantCopy
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantChangeType
SysAllocString
VariantClear
ukeydll
?UKey_ReadXtcs@@YAHAAV?$CMap@VCString@@PBDV1@PBD@@@Z
?UKey_WriteXtcs@@YAHAAV?$CMap@VCString@@PBDV1@PBD@@@Z
?UKey_WriteFatVer@@YAHXZ
?UKey_WriteFat@@YAHXZ
?UKey_FAT_INIT_FLAG@@YAHAAVCString@@@Z
?UKey_ReadJqbh@@YAHAAVCString@@@Z
?UKey_ReadQyxx@@YAHAAVCString@@AAH@Z
?UKey_ReadZcsq@@YAHAAVCString@@AAH@Z
?UKey_Login@@YAHVCString@@00000@Z
?UKey_ModifyPasswd@@YAHVCString@@00@Z
?UKey_Logout@@YAHXZ
?UKey_WriteFJFpMB@@YAHVCString@@H@Z
?UKey_ReadFJFpMBSY@@YAHAAVCString@@AAH@Z
?UKey_WriteFpMBSY@@YAHVCString@@H@Z
?UKey_ReadFpPY@@YAHAAVCString@@AAH@Z
?UKey_ReadBackupDb@@YAHVCString@@@Z
?UKey_ReadFirstRecoverPyrzAddr@@YAHAAVCString@@@Z
?UKey_ReadCurrPyrzAddr@@YAHAAVCString@@@Z
?UKey_FJ_ReadXtcs@@YAHAAV?$CMap@VCString@@PBDV1@PBD@@@Z
?UKey_ReadFirstRecoverFpAddr@@YAHAAVCString@@@Z
?UKey_ReadCurrFpAddr@@YAHAAVCString@@@Z
?UKey_ReadFpxxByAddr@@YAHAAVCUKeyFpxx@@AAVCString@@@Z
?UKey_BackupDb@@YAHVCString@@@Z
?UKey_SetDbBakFlag@@YAHXZ
?UKey_Fpth@@YAHAAVCString@@AAH@Z
?UKey_WriteFpth@@YAHVCString@@H@Z
?UKey_WriteFpjx@@YAHVCString@@H@Z
?UKey_ReadFply@@YAHAAVCString@@AAH@Z
?UKey_Fpfp@@YAHAAVCString@@AAH@Z
?UKey_WriteNssb@@YAHVCString@@H@Z
?UKey_WritePyrz@@YAHVCString@@H@Z
?UKey_WriteFjWsxx@@YAHVCString@@H@Z
?UKey_ReadFjCbxx@@YAHAAVCString@@AAH@Z
?UKey_ReadWsxx@@YAHAAVCString@@AAH@Z
?UKey_WriteCbxx@@YAHVCString@@H@Z
?UKey_ModInit@@YAHXZ
?UKey_ModFinish@@YAHXZ
?UKey_QueryRollWarnningFlag@@YAHAAH0@Z
?UKey_ReadLastFpxx@@YAHAAVCUKeyFpxx@@@Z
?UKey_GetLastErr@@YAHAAVCString@@@Z
?UKey_FJ_ReadJqbh@@YAHAAVCString@@@Z
?UKey_FJ_WriteXtcs@@YAHAAV?$CMap@VCString@@PBDV1@PBD@@@Z
?UKey_ReadPyrzByAddr@@YAHAAVCString@@AAH0@Z
?UKey_WriteFpxx@@YAHVCUKeyFpxx@@@Z
msvcp60
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
sqlite3
sqlite3_exec
sqlite3_column_count
sqlite3_column_name
sqlite3_finalize
sqlite3_step
sqlite3_column_text
sqlite3_open
sqlite3_rekey
sqlite3_key
sqlite3_close
sqlite3_prepare
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 240KB - Virtual size: 237KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 72KB - Virtual size: 279KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 800KB - Virtual size: 799KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ