dcpromo.pdb
Static task
static1
Behavioral task
behavioral1
Sample
903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1.exe
Resource
win10v2004-20240802-en
General
-
Target
903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1
-
Size
599KB
-
MD5
67a279c3657acb36ab9e8ceaf4cb50e3
-
SHA1
b4623cc2c35c4260c59f15049b169b38b698075e
-
SHA256
903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1
-
SHA512
1190771a3f57c4ce92518872fcddaff8c13f8e482ea27b29d70958133efe3cadf5bc7e6de2ae4e4740959e34343d8b11c65591760e5662c237df5f46d49b8698
-
SSDEEP
6144:dPyNOrpEfwlIz/c3IkXyv/6igM1KyVgfqQ+z/OAD8jtP0itsqlSpGfd41bl1O:dkfwSaIkFigM1y8zHRjqP41x1O
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1
Files
-
903ff671a640924134e03534fc10d7a7925891a48bdf1d87c0370d72612cf1d1.exe windows:5 windows x86 arch:x86
a0b01ec4c765c1c651d6ef764b7f99c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
msvcrt
_errno
__RTDynamicCast
_wsplitpath
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_beginthread
wcscmp
swprintf
wcscat
malloc
free
_except_handler3
wcscpy
_CxxThrowException
wcschr
_purecall
wcslen
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
msvcp60
?assign@?$char_traits@D@std@@SAPADPADIABD@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?assign@?$char_traits@D@std@@SAXAADABD@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?_Xlen@std@@YAXXZ
?length@?$char_traits@G@std@@SAIPBG@Z
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?assign@?$char_traits@G@std@@SAPAGPAGIABG@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
?move@?$char_traits@G@std@@SAPAGPAGPBGI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Xran@std@@YAXXZ
?move@?$char_traits@D@std@@SAPADPADPBDI@Z
advapi32
RegOpenKeyExA
RegQueryValueExA
InitiateSystemShutdownExW
CheckTokenMembership
OpenThreadToken
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
FreeSid
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenServiceW
RegConnectRegistryW
OpenSCManagerW
kernel32
LoadLibraryExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
TlsFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetSystemWindowsDirectoryW
CreateFileW
SetFilePointerEx
TlsGetValue
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA
LocalFree
LocalAlloc
TlsSetValue
InitializeCriticalSection
WriteFile
OutputDebugStringW
MulDiv
GetPrivateProfileStringW
DeleteCriticalSection
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
GetVersionExW
TlsAlloc
WideCharToMultiByte
GetStringTypeExW
MultiByteToWideChar
lstrlenA
FormatMessageW
GetCurrentThread
GetFileType
GetLogicalDriveStringsW
GlobalFree
CreateDirectoryW
CreateMutexW
GetDiskFreeSpaceExW
WritePrivateProfileStringW
SetCurrentDirectoryW
ResetEvent
SetEvent
WaitForSingleObject
SetFileAttributesW
GetVolumeInformationW
GetCommandLineW
GetExitCodeProcess
GetWindowsDirectoryW
ExpandEnvironmentStringsW
CreateProcessW
GetComputerNameExW
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameW
CreateEventW
CompareStringW
DnsHostnameToComputerNameW
GetVolumePathNameW
SetErrorMode
GetSystemDirectoryW
user32
WinHelpW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
DialogBoxParamW
CreateDialogParamW
GetDC
DestroyWindow
EndDialog
UnregisterClassW
GetClientRect
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowDC
DefDlgProcW
LockSetForegroundWindow
GetKeyState
GetDlgCtrlID
wsprintfW
MapWindowPoints
SendMessageW
MessageBoxW
GetDesktopWindow
LoadStringW
CheckDlgButton
CheckRadioButton
EnableWindow
GetDlgItem
GetParent
GetSysColor
GetWindowRect
GetWindowLongW
IsDlgButtonChecked
IsWindow
IsWindowEnabled
LoadCursorW
LoadImageW
MoveWindow
PostMessageW
ReleaseDC
ScreenToClient
SetCursor
SetDlgItemTextW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetFocus
SetFocus
SetWindowLongW
ShowWindow
SystemParametersInfoW
SetWindowPos
CallWindowProcW
DestroyIcon
activeds
ord3
dnsapi
DnsUpdateTest_W
DnsRecordListFree
DnsStatusString
DnsNameCompareEx_W
DnsQuery_W
DnsValidateName_W
DnsQueryConfig
netapi32
DsRoleDnsNameToFlatName
I_NetNameValidate
NetJoinDomain
NetWkstaGetInfo
I_NetPathType
DsGetDcNameWithAccountW
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
DsRoleIfmHandleFree
NetApiBufferFree
NetValidatePasswordPolicy
DsRoleFreeMemory
DsRoleGetDcOperationProgress
NetUnjoinDomain
DsRoleCancel
DsRoleAbortDownlevelServerUpgrade
DsRoleGetDcOperationResults
DsRoleDcAsReplica
DsRoleDcAsDc
DsRoleUpgradeDownlevelServer
DsRoleDemoteDc
DsRoleGetDatabaseFacts
NetValidateName
ntdsapi
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW
DsCrackNamesW
DsFreeNameResultW
ole32
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
VariantInit
VariantClear
SysAllocString
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetDim
iphlpapi
GetIpAddrTable
shell32
SHGetMalloc
SHGetFolderPathW
SHSetLocalizedName
SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ws2_32
htonl
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
inet_ntoa
wldap32
ord224
ord41
ord140
ord21
ord26
ord208
ord147
ord133
ord13
ord73
ord145
ord18
ord203
ord97
ord170
credui
CredUIInitControls
ntdll
RtlInitUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlFreeOemString
RtlGetNtProductType
_wcsupr
wcstoul
wcstol
crypt32
CryptProtectMemory
CryptUnprotectMemory
gdi32
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W
GetDeviceCaps
Sections
.text Size: 400KB - Virtual size: 399KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 195KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE