E:\vsrbuilds\VSR\VSR_23_0_2_63015\ws\RecoveryService\Dev\DCTrustTokenReboot\win32_release\DCTrustTokenReboot.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451.exe
Resource
win7-20240704-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451
-
Size
5.1MB
-
MD5
027ce06b9dce9b3204d4d2e5079a0829
-
SHA1
e1753066a00f918dd0ef6a466db1954fb95ca8aa
-
SHA256
917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451
-
SHA512
436bafa730112fdc27a8726a43454276bb6ad2b8f0ffb9b6f141914d6b84343b26412f5483954eaaa154f20eb86373c8ed669dd67e398dbbec86b6d7593cd7ba
-
SSDEEP
98304:bNAeElv1VsaDeuqN0Yfqcuuk4Xz6xzuIPgNFVKrqvA1D+2AUeXWoH1Xmz4iUl5Hu:bNAeElv1VdqN0Yjuu/j6xMD/Aekz4iU6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451
Files
-
917637035ff0dc86c81b9195a0086ff7059cd84e7e33ff1e51d2a9091fd29451.exe windows:6 windows x86 arch:x86
bb9f18d21361310e39349657dad2c555
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
netapi32
NetServerGetInfo
NetApiBufferFree
NetGetJoinInformation
NetUseGetInfo
NetWkstaGetInfo
mpr
WNetCancelConnection2W
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetLastErrorW
WNetCloseEnum
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
kernel32
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
CompareStringW
DeleteFileW
LockFile
UnlockFile
lstrcmpiW
MoveFileW
GetThreadLocale
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetAtomNameW
SetErrorMode
GlobalFlags
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
FindResourceExW
GetTempPathW
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
LocalLock
LocalUnlock
GetVersionExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
lstrcmpW
ResumeThread
ReleaseSemaphore
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
WriteConsoleW
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
SetCurrentDirectoryW
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
ExitProcess
SetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FindFirstFileExW
GetFileType
RemoveDirectoryW
CreateDirectoryW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
SwitchToThread
TryEnterCriticalSection
GetStringTypeW
OutputDebugStringW
CompareStringA
lstrcmpA
GlobalDeleteAtom
GetStartupInfoW
SuspendThread
CreateEventW
FreeResource
OutputDebugStringA
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
LocalFileTimeToFileTime
GetFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
PeekNamedPipe
CreatePipe
PulseEvent
CreateEventA
ResetEvent
LoadLibraryExW
SetEvent
GetExitCodeProcess
TerminateProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
GetStdHandle
GetFileAttributesW
FindNextFileW
SleepEx
WriteFileEx
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
FlushFileBuffers
GetUserDefaultLCID
GetStringTypeExW
LCMapStringW
GlobalMemoryStatusEx
SetThreadAffinityMask
GetExitCodeThread
TerminateThread
GetThreadPriority
GetCurrentThreadId
WaitForSingleObjectEx
DuplicateHandle
SetProcessAffinityMask
GetProcessAffinityMask
IsBadCodePtr
IsBadReadPtr
ReadProcessMemory
GetOEMCP
GetACP
LoadLibraryW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
SetVolumeLabelW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
SetFileTime
SetFilePointer
SetFileAttributesW
SetEndOfFile
GetVolumePathNameW
GetVolumeInformationW
GetFullPathNameW
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
GetDriveTypeW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
FindFirstFileW
FindClose
CreateFileW
GetCurrentProcessId
GetCommandLineA
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQueryEx
CreateFileA
GetFirmwareEnvironmentVariableA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetComputerNameExW
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FormatMessageW
LocalFree
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
GetModuleFileNameA
GetUserDefaultLocaleName
lstrcatW
lstrcpyW
GetModuleFileNameW
GetWindowsDirectoryW
SetProcessPriorityBoost
SetPriorityClass
CreateProcessW
SetThreadPriority
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetShortPathNameW
GetEnvironmentVariableW
Sleep
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
InitializeSListHead
RtlCaptureStackBackTrace
user32
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DestroyIcon
InvalidateRect
DeleteMenu
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
CharUpperW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
LoadImageW
SetClipboardData
GetMessageTime
GetMessagePos
RegisterWindowMessageW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
UnregisterClassW
SendMessageW
IsIconic
SetTimer
KillTimer
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
CopyRect
ReleaseDC
GetDC
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
GetAsyncKeyState
CreatePopupMenu
GetMenuDefaultItem
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
CallNextHookEx
SetWindowsHookExW
EnableWindow
GetSystemMetrics
DrawIcon
GetClientRect
LoadIconW
ExitWindowsEx
LoadStringW
wsprintfA
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetUpdateRect
InsertMenuW
AppendMenuW
RemoveMenu
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
LoadMenuW
GetWindowRect
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
TrackMouseEvent
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CallWindowProcW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
CloseClipboard
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
UnionRect
PostThreadMessageW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
GetTabbedTextExtentW
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetDCEx
ToUnicodeEx
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
DefWindowProcW
GetKeyboardState
gdi32
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
GetMapMode
LineTo
DPtoLP
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
EnumFontFamiliesExW
CreateFontW
GetCharWidthW
StretchDIBits
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
DeleteObject
DeleteDC
CreateSolidBrush
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
PatBlt
CreateRectRgnIndirect
ExcludeClipRect
CreateBitmap
GetDeviceCaps
CreateDCW
SetRectRgn
CopyMetaFileW
CreateRectRgn
Escape
msimg32
TransparentBlt
AlphaBlend
winspool.drv
GetJobW
ClosePrinter
OpenPrinterW
DocumentPropertiesW
advapi32
RegDeleteValueW
AdjustTokenPrivileges
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueA
LookupPrivilegeValueW
shell32
SHChangeNotify
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
DragFinish
DragQueryFileW
ShellExecuteW
ShellExecuteExW
comctl32
ord17
uxtheme
IsAppThemed
GetThemePartSize
GetWindowTheme
OpenThemeData
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
GetThemeSysColor
CloseThemeData
DrawThemeBackground
ole32
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
OleLockRunning
StringFromCLSID
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
WriteClassStm
GetHGlobalFromILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleSetMenuDescriptor
oleaut32
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
VariantClear
VariantChangeType
SafeArrayGetElemsize
LoadRegTypeLi
LoadTypeLi
oledlg
OleUIBusyW
dbghelp
SymGetModuleInfo64
SymGetOptions
SymSetOptions
SymLoadModule64
SymGetLineFromAddr64
SymInitialize
gdiplus
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
imm32
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
winmm
PlaySoundW
shlwapi
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindFileNameW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindExtensionW
Sections
.text Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 959KB - Virtual size: 959KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 55KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 287KB - Virtual size: 287KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ