Static task
static1
Behavioral task
behavioral1
Sample
49927b91ee2f2c136cba4606e19e6ed0N.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
49927b91ee2f2c136cba4606e19e6ed0N.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Target
49927b91ee2f2c136cba4606e19e6ed0N.exe
Size
1.1MB
MD5
49927b91ee2f2c136cba4606e19e6ed0
SHA1
12bf50db3c928cb31e6c55c879b955ea91d262e4
SHA256
b1617b5fd35ac777fde2bd2ddae52adc1859d7b0e86ce1694235640bcb8a2ad7
SHA512
5f9ff6eafa3daad09c75052275044adc64d199138f8198eb8d171ef136ce6bb4ec1c0bd5dcccff06b143c7fa6537287d350dfc2e175ad6dc592d040865cabdaf
SSDEEP
12288:VFHgF/VlMpeK3XCOYU5eWnErl+T5hZzojZuYewu3/gK0uDBNpsmh2radOEKjK6qu:VFAtVlMpeodSmkradOEKjK6aiT8Yj
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
D:\TFSBuilds\01\1186\s\output\weaselx64.pdb
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
lstrcpyW
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
WriteConsoleW
CreateFileW
GetModuleHandleExW
GetLastError
SetLastError
RaiseException
DecodePointer
GetUserDefaultLCID
GetStringTypeExW
FreeLibrary
LoadLibraryA
LCMapStringW
MulDiv
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
EncodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetLocaleInfoEx
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
HeapReAlloc
SetFilePointerEx
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateWindowExW
LoadStringW
GetDC
SetWindowPos
ReleaseDC
RedrawWindow
InflateRect
GetClientRect
GetWindowRect
CopyRect
OffsetRect
SetWindowLongPtrW
GetMonitorInfoW
DrawIconEx
DestroyIcon
DefWindowProcW
KillTimer
EndPaint
GetWindowLongPtrW
CallWindowProcW
SetRect
DestroyWindow
LoadCursorW
GetClassInfoExW
ShowWindow
IsWindow
RegisterClassExW
UnregisterClassW
MonitorFromRect
GetWindowThreadProcessId
GetForegroundWindow
GetSystemMetrics
LoadImageW
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuW
GetMenuItemInfoW
GetMenuItemCount
GetKeyboardState
ToUnicodeEx
GetFocus
BeginPaint
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CoCreateInstance
SysAllocString
SysAllocStringLen
ScriptStringOut
ScriptStringAnalyse
ScriptStringFree
TextOutW
GetTextExtentPoint32W
CreateFontW
BitBlt
CreateCompatibleDC
CreateSolidBrush
SetViewportOrgEx
DeleteDC
GetCurrentObject
GetDeviceCaps
SelectObject
SetBkColor
DeleteObject
SetTextColor
FillRgn
Rectangle
RoundRect
CreatePen
CreateRectRgnIndirect
CreateCompatibleBitmap
SetBkMode
RpcStringFreeA
RpcBindingFromStringBindingA
RpcBindingFree
NdrClientCall3
RpcStringBindingComposeA
??0?$codecvt_null@_W@archive@boost@@QEAA@_K@Z
??0?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IEAA@XZ
??1?$codecvt_null@_W@archive@boost@@UEAA@XZ
??_F?$codecvt_null@_W@archive@boost@@QEAAXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EEBA_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EEBAHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UCandidateInfo@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UText@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UTextAttribute@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UTextRange@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@UUIStyle@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAAEBV?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAAEBV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEBV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEBV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAEAV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAEAV?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PEBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PEBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QEAA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@UEBAXAEAVbasic_iarchive@234@PEAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QEAAXXZ
?unlock@singleton_module@serialization@boost@@QEAAXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ