Static task
static1
General
-
Target
yy.exe
-
Size
1.5MB
-
MD5
c351aed4b7029b69f6ff41efa7a483cc
-
SHA1
9fa951c16c3d325435a19d39b8bf355b29905f5f
-
SHA256
1d149bf5501cd7f03b435b3e20b93750a4757699adb803027ea0f6cd5f3aa6d6
-
SHA512
22a80fe2623809e5aad56afb826fbc6d0d9f1e2caffff3fcb83664083310807feac61b73169f118b1e51d11e69cc854810d81c6f98b80f5431bec4f98555f4f2
-
SSDEEP
24576:fo1bWlxx4KEwttfP2IlWGDRVKZ1itwjwMIj7YmNMnZ5LsR390eQP7ZYnSU4A8cF:w4Jy8t9MIj7Ym+TegenSsF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource yy.exe
Files
-
yy.exe.exe windows:6 windows x64 arch:x64
Password: a
8073b9ae708aa341e2dad3a7092c1393
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
xxhash
XXH32
zstd
ZSTD_isError
ZSTD_compressBound
ZSTD_compress
ZSTD_maxCLevel
ZSTD_decompress
libcurl
curl_easy_cleanup
curl_easy_init
curl_free
curl_easy_escape
curl_easy_getinfo
curl_easy_perform
curl_easy_setopt
curl_version_info
curl_slist_free_all
curl_slist_append
curl_mime_free
wsock32
getsockname
getpeername
inet_ntoa
getsockopt
htonl
bind
WSAGetLastError
ord1141
htons
listen
ord1142
closesocket
WSACleanup
ntohl
WSAStartup
shutdown
setsockopt
select
ntohs
WSASetLastError
ws2_32
WSAStringToAddressW
WSAAddressToStringW
WSARecv
WSASocketW
WSASend
kernel32
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
Sleep
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CloseHandle
GetCurrentProcess
WriteProcessMemory
FreeLibrary
IsProcessorFeaturePresent
GetProcAddress
IsDebuggerPresent
SetConsoleTitleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexW
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcessId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
FormatMessageA
CreateWaitableTimerA
MultiByteToWideChar
WideCharToMultiByte
OpenThread
GetThreadContext
OpenProcess
VirtualAllocEx
VirtualQueryEx
ReadProcessMemory
GetModuleHandleA
lstrcmpiA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
TerminateProcess
LoadLibraryW
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeSListHead
user32
SetProcessDPIAware
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
GetKeyboardLayout
EmptyClipboard
SetClipboardData
GetMonitorInfoA
MonitorFromWindow
LoadIconA
LoadCursorA
FindWindowA
SetWindowLongA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
GetAsyncKeyState
GetClipboardData
CloseClipboard
OpenClipboard
SetWindowDisplayAffinity
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
EnumWindows
PeekMessageA
DispatchMessageA
TranslateMessage
DefWindowProcA
GetWindowThreadProcessId
gdi32
CreateSolidBrush
msvcp140
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Thrd_detach
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
_Query_perf_counter
_Query_perf_frequency
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_join
_Thrd_yield
_Thrd_hardware_concurrency
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?toupper@?$ctype@D@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
d3dcompiler_47
D3DCompile
vcruntime140
memmove
memchr
__C_specific_handler
__std_type_info_compare
_purecall
__current_exception_context
__current_exception
strstr
memset
memcpy
_CxxThrowException
__std_terminate
__std_exception_copy
__std_exception_destroy
memcmp
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
signal
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
terminate
_c_exit
__p___argv
__p___argc
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
abort
_errno
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_beginthreadex
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
free
_callnewh
_aligned_free
_aligned_malloc
api-ms-win-crt-utility-l1-1-0
qsort
srand
rand
api-ms-win-crt-stdio-l1-1-0
_fseeki64
ftell
fwrite
setvbuf
ungetc
fread
fflush
__stdio_common_vsprintf
__stdio_common_vswprintf_s
fseek
fclose
_set_fmode
__stdio_common_vsscanf
_wfopen
_get_stream_buffer_pointers
fgetc
fputc
fopen
__p__commode
__acrt_iob_func
fgetpos
__stdio_common_vfprintf
fsetpos
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64_s
strftime
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
_stat64i32
api-ms-win-crt-math-l1-1-0
acosf
fmodf
__setusermatherr
sinf
_dsign
tanh
_dclass
ceilf
tan
cosf
sqrt
sqrtf
floor
pow
ldexp
round
acos
asin
atan
atan2
ceil
cos
cosh
exp
fmod
log
log10
log2
sin
sinh
api-ms-win-crt-convert-l1-1-0
strtoul
atoi
strtod
strtoull
strtoll
api-ms-win-crt-string-l1-1-0
strspn
strnlen
strncpy
strcmp
toupper
strncmp
strcspn
strcpy_s
tolower
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
___lc_codepage_func
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 202KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ