Static task
static1
Behavioral task
behavioral1
Sample
d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb.exe
Resource
win10v2004-20240802-en
General
-
Target
d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb
-
Size
12.1MB
-
MD5
1bd53d5755339b380ce4ddcebc79d4eb
-
SHA1
e0ae458fa7493f3be60c31c06c9b4908d84e6c8c
-
SHA256
d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb
-
SHA512
b33f4911c8285a652728c9081120cb50cf09e2731a8e28c4e6ab82bd873f8fd78c95a911d88fd6552a1acc0ddf15e33e581ef526f1d6050f6f4fcea0feb3254a
-
SSDEEP
393216:Ef9SehgA1l6y2IzI9UtESYUroaxRtY/7jn:YSefl6AX3oaxo/7T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb
Files
-
d2f18e5965341dbc033d5fb7d4dc801e588dd0f73ef56c47ac6a055f7ea48feb.exe windows:5 windows x86 arch:x86
20fc4eb1d1a235854d6574ceb2253476
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetSystemTime
CreateSemaphoreA
CreateEventA
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
SystemTimeToTzSpecificLocalTime
SwitchToFiber
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
VerifyVersionInfoW
VerSetConditionMask
GetFullPathNameW
DeleteFiber
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GlobalLock
GlobalUnlock
LoadLibraryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SleepEx
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetACP
ExitProcess
OpenProcess
MulDiv
GetVersionExW
LocalFree
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
GetLongPathNameW
FindClose
GetSystemDirectoryW
GetTempPathW
FindFirstFileW
FindNextFileW
VirtualQuery
MoveFileW
InitializeCriticalSection
LocalAlloc
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FileTimeToSystemTime
CreateFileA
SetFileAttributesW
GetFileAttributesExW
MoveFileExW
GetSystemInfo
DeviceIoControl
GetSystemDirectoryA
GetVolumeInformationW
SetErrorMode
ReleaseMutex
CreateMutexW
GlobalMemoryStatus
SetCurrentDirectoryA
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
FlushFileBuffers
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile
WriteConsoleW
CreateDirectoryW
GetDriveTypeW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
FreeResource
InterlockedDecrement
GetCommandLineW
DeleteFileA
CopyFileA
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
DeleteFileW
Sleep
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
GetTempPathA
TerminateThread
GetExitCodeThread
WideCharToMultiByte
GetFileSize
CloseHandle
CreateFileW
ReadFile
GetTickCount
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
IsBadReadPtr
DeleteCriticalSection
FreeLibrary
GetProcessHeap
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
GetNativeSystemInfo
HeapReAlloc
LoadLibraryA
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
VirtualAlloc
lstrlenW
VirtualFree
SetLastError
HeapFree
SetFileTime
VirtualProtect
user32
InflateRect
LoadCursorW
SetCursor
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
DefWindowProcW
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
HideCaret
GetFocus
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
CreateWindowExW
CallWindowProcW
RegisterClassW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowRgn
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
MonitorFromPoint
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
MessageBoxW
DrawTextW
FillRect
SetRect
DestroyMenu
EnableMenuItem
CreateCaret
GetCursor
MapVirtualKeyExW
SendMessageW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
GetActiveWindow
GetMessageW
IsWindow
DispatchMessageW
PeekMessageW
CharNextW
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
DrawIconEx
DestroyIcon
PrivateExtractIconsW
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ReleaseDC
ShowCaret
TranslateMessage
FindWindowW
CreatePopupMenu
TrackPopupMenu
AppendMenuW
ActivateKeyboardLayout
PostQuitMessage
SetForegroundWindow
GetCursorPos
PostMessageW
ShowWindow
PtInRect
GetKeyState
GetCaretBlinkTime
advapi32
GetSidSubAuthority
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
DeregisterEventSource
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegisterEventSourceW
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
GetUserNameW
shell32
SHGetFolderPathW
SHGetFileInfoW
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathA
ole32
CoTaskMemRealloc
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoSetProxyBlanket
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CoUninitialize
CoInitialize
oleaut32
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
shlwapi
PathStripToRootW
PathIsDirectoryW
PathIsSameRootW
PathFileExistsW
PathFindFileNameA
PathFindFileNameW
PathFileExistsA
PathRemoveExtensionW
PathFindExtensionA
PathRemoveFileSpecW
PathCombineW
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipDrawImageI
GdipDrawLine
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipReleaseDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipGetImageHeight
GdipCloneBrush
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
dbghelp
MiniDumpWriteDump
urlmon
ObtainUserAgentString
gdi32
TextOutW
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
CreateDIBitmap
GetObjectA
GdiFlush
SetStretchBltMode
StretchBlt
SetBkMode
CreatePatternBrush
SetBkColor
GetTextExtentPointA
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
BitBlt
CreateSolidBrush
GetBitmapBits
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
SetBitmapBits
SetTextColor
GetCharABCWidthsW
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
comctl32
_TrackMouseEvent
ord17
InitCommonControlsEx
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ws2_32
sendto
recvfrom
getnameinfo
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
gethostbyname
gethostname
WSAStartup
WSAEventSelect
closesocket
shutdown
crypt32
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
wldap32
ord26
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord145
ord117
ord41
ord208
ord216
ord14
ord46
ord219
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 606KB - Virtual size: 606KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 51KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21.2MB - Virtual size: 21.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ