D:\build\xra_common\RunMechanism_run32\Release_cdais\phtrun.pdb
Static task
static1
Behavioral task
behavioral1
Sample
824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91.exe
Resource
win10v2004-20240709-en
General
-
Target
824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91
-
Size
630KB
-
MD5
5d24c0a786d5109b217a84ed0fd743f6
-
SHA1
bdf6f94f75647bd5bd30d90a27859f3048be9fc2
-
SHA256
824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91
-
SHA512
e002d405e379895259752c4a810134849fa690c2618b4c07d29bbdb373d1f1b3589191416231b72f534a66deb311c8ebd23b41becba63dcf9968311da93e61a9
-
SSDEEP
12288:vcG5MPUqSIdh+TDBTyt84ybgjmlgNhzvLdKamTVve/69RSA27t1u:UG5M5Z84ybgSlgNhzvLdKamTh/TAHu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91
Files
-
824287079d32465716ff090852e224be1e2c7c9fa6470fd6d87baa3324511f91.exe windows:5 windows x86 arch:x86
91b18bfe244c1290f2f14c62cb99e262
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetCurrentThreadId
GetLastError
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
MultiByteToWideChar
LoadLibraryW
HeapSetInformation
GetTickCount
SwitchToThread
FormatMessageW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
GetCommandLineW
GetStartupInfoW
CreateProcessW
GetModuleFileNameW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LocalFree
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
CreateThread
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
LockResource
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
IsDebuggerPresent
OutputDebugStringW
GetCurrentProcess
GetLocalTime
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
CreateFileW
SetLastError
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
GetCurrentThread
GetStringTypeW
SetConsoleCtrlHandler
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
GetTimeZoneInformation
user32
UnregisterClassW
CharNextW
DestroyWindow
DefWindowProcW
advapi32
AllocateAndInitializeSid
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptDecrypt
CheckTokenMembership
FreeSid
CryptContextAddRef
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptEncrypt
shell32
ord165
CommandLineToArgvW
SHGetSpecialFolderPathW
ole32
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
oleaut32
VarUI4FromStr
SysFreeString
SysAllocStringLen
shlwapi
PathFileExistsW
PathIsRelativeW
PathRemoveFileSpecW
StrStrIW
PathCombineW
PathAppendW
comctl32
InitCommonControlsEx
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
Sections
.text Size: 480KB - Virtual size: 480KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 113KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ