D:\Projects\everyzone\Agent.Edit\Agent.Edit.2022.11.01\x64\Release\WSCAgent.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761.exe
Resource
win10v2004-20240802-en
General
-
Target
a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761
-
Size
611KB
-
MD5
de5127e5178e1e5d616f789f7efe86b2
-
SHA1
e35d92d564ecf2a71a9773d19110bb18d06796b9
-
SHA256
a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761
-
SHA512
a4b84a1e7e9112412abd09d176afa8c4947b5af4a6db27fff6b96bbe1991cf2d390cbf68003f04195700dcdd37d2bc9cf6aad82e400d8164a6e41e06d0d796bb
-
SSDEEP
6144:GDq/7PqdnrGS8yaZq8sr6+T+wsDulM2629b4xL0VzXzkBiUq0gt3MgewsSz8KtXC:LPqdnrG5XZjA6+DjpeacgeYtkrkx9k
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761
Files
-
a95fbbe118491fc0a52318ca9c1112927776a2ae4c681bc02f8828068e50b761.exe windows:6 windows x64 arch:x64
0c9fef52410b54c7f9d53a8c0156e5c0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
shlwapi
PathAddBackslashA
PathAddBackslashW
PathRemoveFileSpecA
PathFileExistsA
PathRemoveFileSpecW
PathFileExistsW
fltlib
FilterConnectCommunicationPort
FilterSendMessage
netapi32
NetWkstaGetInfo
NetApiBufferFree
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSQueryUserToken
kernel32
CloseHandle
VerifyVersionInfoW
VerSetConditionMask
CreateFileW
WriteFile
CreateMailslotW
GetMailslotInfo
ReadFile
CopyFileW
CreateMutexW
CreateEventW
WaitForSingleObject
WritePrivateProfileStringW
SetEvent
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
K32GetModuleFileNameExW
DeleteFileW
TerminateProcess
MoveFileExW
WTSGetActiveConsoleSessionId
GetStartupInfoW
GetModuleFileNameA
GetLastError
GetPrivateProfileIntA
FindNextFileW
ProcessIdToSessionId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
OpenMutexW
MultiByteToWideChar
FindResourceExW
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
LocalFree
GetModuleHandleW
GetEnvironmentVariableW
GetFileType
GetConsoleMode
LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetLocalTime
QueryPerformanceCounter
GetWindowsDirectoryW
GetModuleFileNameW
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
FindResourceW
GetProcAddress
SetStdHandle
GetStringTypeW
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetPrivateProfileStringA
GetConsoleCP
LCMapStringW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
GetACP
advapi32
CryptHashData
ConvertSidToStringSidW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
StartServiceW
CreateServiceW
DeleteService
QueryServiceStatus
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateTokenEx
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
StartServiceCtrlDispatcherW
shell32
ShellExecuteW
ShellExecuteExW
Sections
.text Size: 442KB - Virtual size: 441KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ