app.pdb
Static task
static1
1 signatures
General
-
Target
EzGlobal.exe
-
Size
6.6MB
-
MD5
70b36ca385b20b7d5fba218167221cf0
-
SHA1
11f54d9cf8d0e448f6e689b632ace33523573b95
-
SHA256
a900c255d9d3ab0505a59a6a52e23e287f8de9ffc4f70ac14a2b4b91619c53d9
-
SHA512
e54914815471f67a2650bb161f7d0e940df5198693dea35fadeefc2620b7a5f7de92a03976e803bfae5a753372a546c030e5ecfef15c1a0f21329ba42e7b0830
-
SSDEEP
98304:gPM3r2YB6mE+zl/xaOhbmn6LiIETY4DWmZpw1pMeZQsRX36xs:O89hb1Ljg3LpywsF
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource EzGlobal.exe
Files
-
EzGlobal.exe.exe windows:6 windows x64 arch:x64
daa0eabff43e5ee6a623c9c6820334de
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WaitOnAddress
WakeByAddressSingle
WakeByAddressAll
user32
GetKeyboardLayout
GetMessageA
SetWindowLongW
GetSystemMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
CreateWindowExW
IsWindow
GetSystemMetrics
GetKeyboardState
SetForegroundWindow
DispatchMessageA
DispatchMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
IsProcessDPIAware
GetDC
RegisterTouchWindow
SystemParametersInfoA
TranslateMessage
PeekMessageW
ValidateRect
PostThreadMessageW
GetUpdateRect
DestroyWindow
GetForegroundWindow
IsWindowVisible
ClipCursor
SetCursorPos
GetClipCursor
ToUnicodeEx
InvalidateRgn
ShowCursor
AdjustWindowRectEx
SetWindowPos
PostMessageW
GetWindowLongW
LoadCursorW
GetClientRect
ClientToScreen
ReleaseCapture
MonitorFromPoint
EnumDisplayMonitors
SendMessageW
DestroyIcon
CreateIcon
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
PostQuitMessage
SendInput
ShowWindow
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
RegisterClassExW
GetCursorPos
EnumChildWindows
IsIconic
GetActiveWindow
SetMenu
RedrawWindow
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
SetCursor
kernel32
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryA
LCIDToLocaleName
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
AcquireSRWLockExclusive
MultiByteToWideChar
UpdateProcThreadAttribute
ReleaseSRWLockExclusive
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetProcAddress
WaitForMultipleObjects
lstrlenW
CloseHandle
GetUserDefaultUILanguage
ReadFileEx
CreateNamedPipeW
ExitProcess
CancelIo
GetOverlappedResult
ReadFile
GetFinalPathNameByHandleW
FindFirstFileW
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW
FreeLibrary
GetEnvironmentVariableW
GetSystemInfo
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
GetProcessHeap
HeapFree
FindClose
HeapAlloc
ReleaseMutex
FormatMessageW
WaitForSingleObject
GetSystemDirectoryW
LoadLibraryW
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
HeapReAlloc
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
LoadLibraryExA
CreateEventW
TlsFree
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentProcessId
GetCommandLineW
SetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
GetStdHandle
ntdll
NtReadFile
NtQuerySystemInformation
RtlNtStatusToDosError
NtWriteFile
gdi32
DeleteObject
CreateRectRgn
GetDeviceCaps
dwmapi
DwmEnableBlurBehindWindow
ole32
CoTaskMemFree
RevokeDragDrop
CoCreateInstance
CoInitializeEx
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoUninitialize
CoInitializeSecurity
CoTaskMemAlloc
CoSetProxyBlanket
comctl32
RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
shell32
DragFinish
SHGetKnownFolderPath
SHAppBarMessage
DragQueryFileW
uxtheme
SetWindowTheme
advapi32
SystemFunction036
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
EventUnregister
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
oleaut32
SafeArrayAccessData
VariantClear
SysFreeString
SafeArrayGetLBound
SafeArrayUnaccessData
SetErrorInfo
GetErrorInfo
SysAllocStringLen
SysStringLen
SafeArrayGetUBound
bcrypt
BCryptGenRandom
api-ms-win-crt-math-l1-1-0
trunc
__setusermatherr
floor
pow
round
api-ms-win-crt-string-l1-1-0
wcslen
wcsncmp
strcpy_s
_wcsicmp
api-ms-win-crt-convert-l1-1-0
_ultow_s
wcstol
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_exit
_c_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type
__p___argc
_initterm_e
_initialize_onexit_table
exit
_register_onexit_function
_crt_atexit
abort
__p___argv
_seh_filter_exe
_initterm
terminate
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
_callnewh
calloc
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ