D:\jenkins_win\workspace\cpp-sgtools\SG-Tools\src\SGTools\bin\Release\MyBuff.pdb
Static task
static1
Behavioral task
behavioral1
Sample
4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4.exe
Resource
win10v2004-20240709-en
General
-
Target
4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4
-
Size
6.6MB
-
MD5
8413005ce896639ad567be60a432782e
-
SHA1
2cbfa8e40b84b16eb357d17157b9f00935c06b87
-
SHA256
4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4
-
SHA512
d26ab37a124724f3079b22e82466bca4bb399208af99832aeffe9e901e4d1ff1e0ea7ec06d188f90937a0841dea1ef8c4b9f78c4cb2953de8fb9361cdd352cf1
-
SSDEEP
196608:hD1GYu+7VDA1JSmkqLVPsQS83/qf5Qlq2F:h8R+7VDA1ZvqQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4
Files
-
4357f85349321f0da36fa8b0bf34d81f9a982badf98327d0b2b33b0f55ce49c4.exe windows:6 windows x86 arch:x86
265f6df021f22aa102f403ec7315ea27
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
gethostname
shutdown
socket
send
getsockopt
getpeername
ioctlsocket
__WSAFDIsSet
getsockname
WSAIoctl
getnameinfo
closesocket
bind
select
WSASocketW
WSAGetLastError
WSACleanup
WSAStartup
sendto
recvfrom
inet_addr
connect
accept
freeaddrinfo
getaddrinfo
WSAAddressToStringW
WSASend
WSARecv
WSASetLastError
setsockopt
ntohs
ntohl
htonl
htons
listen
recv
iphlpapi
GetAdaptersInfo
shlwapi
PathRemoveFileSpecA
PathFindFileNameW
PathAddBackslashW
SHStrDupW
PathRemoveFileSpecW
PathAddBackslashA
StrCatW
StrCpyW
wldap32
ord30
ord79
ord35
ord301
ord33
ord32
ord200
ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
crypt32
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
imm32
ImmAssociateContextEx
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
opengl32
glPushAttrib
glOrtho
glTexSubImage2D
glPixelStorei
glPushMatrix
glDisable
glColor4f
glRotatef
glVertex2f
wglCreateContext
wglDeleteContext
wglMakeCurrent
glPopMatrix
glViewport
glInterleavedArrays
glClear
glTexImage2D
glDrawArrays
glVertex2i
glClearColor
glBegin
glHint
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glColor3f
glLineWidth
glMatrixMode
glEnd
glEnable
glGenTextures
glBindTexture
glTexEnvf
glPopAttrib
d3d11
D3D11CreateDevice
ntdll
NtResumeProcess
NtSuspendProcess
VerSetConditionMask
RtlUnwind
kernel32
GetExitCodeThread
DuplicateHandle
GetStringTypeW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
ReleaseSemaphore
OpenEventA
CloseHandle
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentThreadId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetSystemTimes
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetLocalTime
GetTickCount
FreeLibrary
GetProcAddress
WinExec
LoadLibraryA
SystemTimeToFileTime
CreateFileA
DeleteFileA
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetCommandLineW
CreateDirectoryW
CreateFileW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetModuleFileNameW
LoadLibraryW
WritePrivateProfileStringW
GetFileSize
SetLastError
IsWow64Process
GetModuleHandleW
GetSystemInfo
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLangID
GetLogicalProcessorInformation
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
RemoveDirectoryA
SetFileAttributesA
SetFileAttributesW
CreateEventA
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GlobalLock
GlobalUnlock
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcatA
lstrcatW
lstrlenW
GetPrivateProfileStringW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
K32GetModuleFileNameExA
K32GetProcessMemoryInfo
K32GetProcessImageFileNameW
GlobalMemoryStatusEx
HeapDestroy
HeapReAlloc
HeapSize
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetFileTime
LocalFileTimeToFileTime
EncodePointer
DosDateTimeToFileTime
TlsAlloc
TlsFree
GetFinalPathNameByHandleA
ConnectNamedPipe
CreateNamedPipeW
ResetEvent
LocalAlloc
LocalFree
CopyFileW
LoadLibraryExA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetEnvironmentVariableW
SetEnvironmentVariableW
MoveFileW
FlushFileBuffers
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
FreeResource
InitializeCriticalSectionAndSpinCount
ReleaseMutex
SleepEx
CreateMutexW
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CreateWaitableTimerW
VerifyVersionInfoW
SetFilePointer
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
RaiseException
K32GetModuleFileNameExW
GetEnvironmentVariableA
SetEnvironmentVariableA
SetDllDirectoryW
DecodePointer
InitializeCriticalSectionEx
lstrcpynW
MulDiv
GetCurrentDirectoryW
GlobalAlloc
FileTimeToSystemTime
GetSystemTime
GetStdHandle
OutputDebugStringA
OutputDebugStringW
FormatMessageA
GetUserDefaultLangID
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetPrivateProfileIntW
TryEnterCriticalSection
GetModuleHandleExW
GetTickCount64
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
WaitForSingleObjectEx
ExpandEnvironmentStringsA
PeekNamedPipe
GetSystemDirectoryA
VerifyVersionInfoA
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
QueryPerformanceFrequency
GetThreadTimes
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetLocaleInfoW
GetProcessAffinityMask
LCMapStringW
SetThreadAffinityMask
CompareStringW
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
LoadLibraryExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetFileAttributesExW
ExitThread
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetTimeZoneInformation
ExitProcess
GetFullPathNameA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsProcessorFeaturePresent
QueueUserWorkItem
SetStdHandle
SetFileTime
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
VirtualQuery
CreateDirectoryA
GetDriveTypeW
user32
GetCapture
SetClassLongW
WindowFromPoint
GetTouchInputInfo
CloseTouchInputHandle
VkKeyScanExW
DestroyCaret
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
IsZoomed
DispatchMessageW
TranslateMessage
GetMessageW
MonitorFromPoint
ReleaseDC
LoadCursorW
GetWindowRgn
UpdateLayeredWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
OffsetRect
UnionRect
InflateRect
LoadIconW
EnumDisplayMonitors
RegisterTouchWindow
GetCursorPos
GetClientRect
GetKeyState
GetWindowPlacement
MoveWindow
IsWindow
PostQuitMessage
RegisterWindowMessageW
ShowWindow
IsWindowVisible
EnumWindows
GetWindowLongW
GetAsyncKeyState
MessageBoxExA
MessageBoxA
GetClipboardData
CloseClipboard
OpenClipboard
FindWindowW
MessageBoxExW
EnumDisplaySettingsW
GetIconInfo
GetDesktopWindow
GetDC
CharNextW
ExitWindowsEx
MessageBoxW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetWindowThreadProcessId
GetParent
GetWindowRect
RedrawWindow
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
BringWindowToTop
IsIconic
SetWindowPos
AttachThreadInput
PostMessageW
SendMessageW
GetDoubleClickTime
TrackMouseEvent
GetMessageTime
LoadAcceleratorsW
IsDialogMessageW
TranslateAcceleratorW
SetParent
MonitorFromRect
SetWindowPlacement
DeferWindowPos
EnumChildWindows
EndDialog
RemovePropW
BeginDeferWindowPos
SetMenu
EndDeferWindowPos
DialogBoxParamW
UpdateWindow
GetAncestor
GetUserObjectInformationW
GetProcessWindowStation
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
EqualRect
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SystemParametersInfoW
wsprintfW
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetCursor
SetRect
FillRect
DrawTextW
CharPrevW
SetWindowRgn
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassW
CallWindowProcW
SetWindowLongW
PtInRect
gdi32
CreateFontW
SetBitmapBits
GetBitmapBits
FillRgn
SetWindowOrgEx
CreateRoundRectRgn
SetRectRgn
SetPixelFormat
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
SwapBuffers
CreatePatternBrush
ChoosePixelFormat
CreateFontIndirectW
CreateDIBSection
CreateDIBitmap
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SelectObject
PtInRegion
CreatePen
GetStockObject
AddFontMemResourceEx
DeleteDC
SetBkMode
CreateRectRgn
RemoveFontMemResourceEx
Rectangle
RestoreDC
GetTextExtentPointA
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
SetBkColor
CreateCompatibleDC
GetObjectW
DeleteObject
comdlg32
FindTextW
GetOpenFileNameA
advapi32
RegEnumKeyExA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExA
RegCreateKeyA
RegGetValueA
RegCreateKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
shell32
SHGetSpecialFolderPathW
ExtractIconExW
ShellExecuteW
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetFolderPathW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderA
SHBrowseForFolderW
SHAppBarMessage
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
ShellExecuteA
ole32
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoTaskMemFree
PropVariantClear
CoCreateGuid
OleRun
CoUninitialize
CoSetProxyBlanket
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
oleaut32
VarBstrCat
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
GetErrorInfo
SysAllocString
comctl32
ord17
_TrackMouseEvent
gdiplus
GdipAlloc
GdipFree
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdiplusStartup
GdiplusShutdown
GdipSetStringFormatAlign
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipTranslateWorldTransform
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipRotateWorldTransform
GdipCreateFontFromDC
GdipCloneBrush
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
pdh
PdhOpenQueryW
PdhAddCounterW
PdhRemoveCounter
PdhCollectQueryData
PdhCloseQuery
wlanapi
WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanOpenHandle
mswsock
GetAcceptExSockaddrs
AcceptEx
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
bcrypt
BCryptGenRandom
winhttp
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpCrackUrl
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 115KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 602KB - Virtual size: 602KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ