D:\a\_work\1\s\Intermediate\vctools\llvm-symbolizer.nativeproj__1535137144\objr\x86\bin\llvm-symbolizer.pdb
Static task
static1
Behavioral task
behavioral1
Sample
6277bed02dd1ffb1d51d97d8f08237f0N.exe
Resource
win7-20240708-en
General
-
Target
6277bed02dd1ffb1d51d97d8f08237f0N.exe
-
Size
6.8MB
-
MD5
6277bed02dd1ffb1d51d97d8f08237f0
-
SHA1
45873a8a259c88dfc9da7e2d0ecc01208add45b1
-
SHA256
3fe06910a0bb16b872c1cc55980f089492ba2e249b8d381599782c97b653331a
-
SHA512
e6ca02418707faccceb1100c4604bb395d3d99cfb5cda3fcac4e7d273337d7026a3fb0db8bd6c0d3ba480fbab7870234e9da147d04d4658f9b65e4f897d259cb
-
SSDEEP
49152:Q/vpiZoXXxWEjTdtriSS9gh0A6UzQYOUlYDG7aYUTukkAG624a8EUKucqyrwULsr:iMIc6EUkYvUTuf0247Ku0LAnlS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6277bed02dd1ffb1d51d97d8f08237f0N.exe
Files
-
6277bed02dd1ffb1d51d97d8f08237f0N.exe.exe windows:6 windows x86 arch:x86
25f65dd7f147e81ad6efea3297053746
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegOpenKeyExA
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
kernel32
GetStdHandle
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
ReadFile
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
CloseHandle
DuplicateHandle
GetLastError
SetLastError
Sleep
GetCurrentProcess
GetSystemInfo
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
MoveFileExW
CreateHardLinkW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
FindFirstFileW
GetLongPathNameW
SetErrorMode
GetProcessTimes
GetCurrentProcessId
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetModuleHandleW
GetFileType
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetCurrentThreadId
LoadLibraryW
SetConsoleCtrlHandler
SearchPathW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
FormatMessageA
K32GetProcessMemoryInfo
RaiseException
SetThreadPriority
GetLogicalProcessorInformationEx
GetThreadGroupAffinity
SetThreadGroupAffinity
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualProtect
FreeLibrary
LoadLibraryExA
InitOnceComplete
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
InitOnceBeginInitialize
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
DecodePointer
InitializeCriticalSectionEx
WriteConsoleW
GetProcAddress
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
OutputDebugStringW
LoadLibraryExW
msvcp140
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Query_perf_frequency
_Query_perf_counter
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
_Mtx_unlock
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
vcruntime140
memset
memchr
longjmp
memmove
_except_handler4_common
memcpy
strchr
__std_exception_destroy
__std_type_info_destroy_list
__std_type_info_compare
__current_exception_context
_CxxThrowException
__current_exception
__CxxFrameHandler3
_purecall
__std_exception_copy
api-ms-win-crt-runtime-l1-1-0
_controlfp_s
signal
_set_error_mode
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_set_abort_behavior
abort
_initterm_e
_initterm
_get_initial_narrow_environment
_invoke_watson
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
exit
_invalid_parameter_noinfo
_beginthreadex
terminate
_exit
_errno
api-ms-win-crt-heap-l1-1-0
_set_new_mode
calloc
realloc
_recalloc
free
_heapwalk
malloc
_callnewh
api-ms-win-crt-stdio-l1-1-0
fgets
_setmode
__acrt_iob_func
_set_fmode
_fileno
_write
_lseek
_close
_read
__p__commode
__stdio_common_vsprintf
fflush
__stdio_common_vfprintf
_get_osfhandle
_lseeki64
_open_osfhandle
_chsize_s
api-ms-win-crt-string-l1-1-0
isalnum
isxdigit
toupper
strncmp
isalpha
tolower
islower
strspn
strcspn
isdigit
isupper
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-convert-l1-1-0
strtod
strtoll
atoi
strtof
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-math-l1-1-0
ceil
_fpclass
_dclass
_libm_sse2_sqrt_precise
__setusermatherr
modf
round
_libm_sse2_log10_precise
_except1
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
user32
UnregisterClassW
oleaut32
SysAllocStringLen
SysFreeString
SysStringByteLen
SysAllocString
VarBstrCmp
api-ms-win-crt-time-l1-1-0
strftime
_localtime64_s
Sections
.text Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 931KB - Virtual size: 930KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 43KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 995B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 795B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 265B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 732KB - Virtual size: 736KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE