D:\04-Code\GitHub\welzek-tool2\Release\WelzekTool.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0be079d9c7039aeb1af34193eb1f6a40N.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral2
Sample
0be079d9c7039aeb1af34193eb1f6a40N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
120 seconds
General
-
Target
0be079d9c7039aeb1af34193eb1f6a40N.exe
-
Size
3.0MB
-
MD5
0be079d9c7039aeb1af34193eb1f6a40
-
SHA1
67abd9465e5e22ad4d95fcc88c0eb166949a81db
-
SHA256
d3af9e04f242e032c89b81a6aa154d3d56955fd8aabfaa12893cd8faeaa03ea2
-
SHA512
a15f0e471a373f2d0919a2a0083f4c11f60a73c6283554bf727e70f808ea0124fefb5c189ecb739891b4c99b969c08ee026f8be81f3edf371e698276434fee1a
-
SSDEEP
49152:E2CTKsCXDyDP/o1KTIngWkW0yvFyWkdb7z7+7cuNu6Q8OI7YUzIFKQkwv2aQfgNB:z8W3vC
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0be079d9c7039aeb1af34193eb1f6a40N.exe
Files
-
0be079d9c7039aeb1af34193eb1f6a40N.exe.exe windows:6 windows x86 arch:x86
d024ccbb57f4fa7b950a4f0e0aeed3d6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mfc120
ord1061
ord8614
ord5306
ord14379
ord4597
ord14281
ord3765
ord9201
ord2944
ord1438
ord3554
ord5303
ord7667
ord4433
ord13743
ord13058
ord1550
ord1538
ord971
ord1442
ord4969
ord4612
ord12734
ord647
ord1065
ord1246
ord1446
ord6842
ord879
ord2430
ord12697
ord652
ord651
ord1949
ord12416
ord1911
ord4541
ord13267
ord5311
ord6231
ord2708
ord286
ord1654
ord1040
ord3645
ord1417
ord13723
ord6768
ord13726
ord2225
ord3881
ord4826
ord2482
ord7920
ord4825
ord13436
ord13146
ord7757
ord14151
ord5698
ord5731
ord5065
ord540
ord1166
ord501
ord6103
ord4042
ord6193
ord1138
ord14181
ord3135
ord6971
ord458
ord14225
ord8600
ord2123
ord8599
ord14188
ord6833
ord951
ord12383
ord7970
ord13547
ord545
ord2284
ord5584
ord11812
ord12145
ord12922
ord306
ord1938
ord1876
ord494
ord14194
ord4746
ord311
ord1687
ord1645
ord2361
ord798
ord1537
ord1249
ord12315
ord843
ord881
ord2476
ord12882
ord7270
ord450
ord4596
ord3813
ord1103
ord7918
ord7278
ord1455
ord8327
ord5725
ord2818
ord3278
ord4537
ord1463
ord990
ord7845
ord2158
ord949
ord13690
ord10867
ord9213
ord8308
ord2706
ord8554
ord1108
ord6973
ord8595
ord819
ord14098
ord2963
ord305
ord5801
ord895
ord3529
ord1384
ord13094
ord887
ord14009
ord8204
ord12898
ord12840
ord1467
ord997
ord2168
ord3782
ord4827
ord8658
ord5764
ord2478
ord3831
ord4613
ord8028
ord14182
ord1521
ord8561
ord12577
ord3798
ord2838
ord12374
ord12165
ord5005
ord5765
ord1137
ord2256
ord11782
ord500
ord1523
ord4272
ord310
ord1656
ord4764
ord1691
ord1524
ord2339
ord1128
ord300
ord316
ord2345
ord2341
ord2365
ord2199
ord1502
ord1504
ord6410
ord8311
ord8229
ord12677
ord8167
ord5241
ord2442
ord12355
ord12356
ord14368
ord7770
ord14366
ord9234
ord4100
ord4039
ord12759
ord7789
ord1985
ord11802
ord11803
ord14240
ord12345
ord7848
ord14440
ord6225
ord14442
ord6227
ord14441
ord6226
ord3801
ord5797
ord12057
ord12065
ord8062
ord10264
ord12069
ord12037
ord12740
ord5646
ord10083
ord6729
ord7507
ord10211
ord7501
ord6000
ord6723
ord7496
ord6363
ord14221
ord8324
ord8145
ord13885
ord11081
ord8748
ord8180
ord14122
ord7699
ord9305
ord3232
ord9204
ord2029
ord2010
ord7609
ord6046
ord12072
ord11171
ord9033
ord11131
ord9227
ord9007
ord8995
ord9876
ord3575
ord3355
ord11704
ord4775
ord9499
ord9448
ord9509
ord9579
ord12645
ord6529
ord8525
ord8532
ord12596
ord5398
ord5396
ord6432
ord7348
ord11990
ord8587
ord4175
ord6484
ord6689
ord2108
ord4187
ord3316
ord3211
ord8976
ord5995
ord6715
ord3821
ord2946
ord8585
ord4170
ord3100
ord8966
ord6374
ord4184
ord3208
ord8973
ord6707
ord11991
ord10302
ord8878
ord10844
ord7350
ord11949
ord11218
ord4041
ord3354
ord3353
ord3117
ord6096
ord13537
ord2716
ord9073
ord9048
ord6426
ord4167
ord3098
ord8964
ord6007
ord6367
ord7508
ord6098
ord13541
ord3256
ord3253
ord8055
ord2717
ord10118
ord10120
ord10119
ord10117
ord10121
ord5536
ord11546
ord11547
ord8977
ord11907
ord3787
ord11756
ord14361
ord8803
ord12038
ord6844
ord10831
ord9094
ord3217
ord13658
ord12077
ord12075
ord1706
ord1718
ord1726
ord1722
ord1731
ord4863
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord4900
ord4867
ord4916
ord4889
ord4851
ord4858
ord4893
ord4450
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord6745
ord11538
ord13488
ord5814
ord2638
ord11942
ord3890
ord3322
ord3321
ord3216
ord11986
ord5136
ord5433
ord5643
ord9186
ord5409
ord5672
ord5139
ord5295
ord462
ord7666
ord4425
ord13335
ord13914
ord3646
ord1041
ord1106
ord5119
ord7574
ord7575
ord7565
ord5293
ord8064
ord10088
ord9047
ord6436
ord6366
ord6669
ord6443
ord266
ord265
ord1346
msvcr120
_dtest
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
modf
free
malloc
sscanf
localeconv
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
strchr
memmove
sprintf_s
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
toupper
memset
vsprintf_s
vsprintf
__CxxFrameHandler3
_purecall
_recalloc
_setmbcp
__FrameUnwindFilter
strtok_s
_except1
memcpy
realloc
isdigit
ftell
fseek
fread
strncpy
_mbclen
fopen
strtol
strcspn
strcpy_s
roundf
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fgetc
ungetc
fputc
_unlock_file
_lock_file
fclose
fwrite
calloc
??0bad_cast@std@@QAE@PBD@Z
_localtime64
_findclose
_findnext64i32
_findfirst64i32
_access
_beginthreadex
_stat64i32
atof
atoi
sprintf
_time64
strstr
_itoa
printf
memcpy_s
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
memchr
tolower
kernel32
DeleteFileA
SetThreadPriority
WideCharToMultiByte
FreeLibrary
LoadLibraryA
lstrcpyA
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
InitializeCriticalSection
GetCurrentProcess
SetUnhandledExceptionFilter
FormatMessageA
GetACP
SystemTimeToFileTime
SetCommTimeouts
GetCommState
SetCommState
SetupComm
ClearCommError
SetCommMask
GetOverlappedResult
WaitCommEvent
CreateDirectoryA
SetThreadUILanguage
GetThreadLocale
GetWindowsDirectoryA
DeleteCriticalSection
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetLocalTime
CreateFileA
lstrlenA
LocalFree
WriteFile
PurgeComm
ReadFile
PeekNamedPipe
CreateProcessA
GetStartupInfoA
CreateThread
WaitForSingleObject
CreateEventA
TerminateThread
SetEvent
GetModuleFileNameA
Process32Next
InitializeCriticalSectionAndSpinCount
GetCommMask
CreatePipe
TerminateProcess
CloseHandle
GetLastError
OutputDebugStringA
Sleep
GetTickCount
DecodePointer
SetThreadLocale
GetProcAddress
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
user32
EnableWindow
SetRect
RedrawWindow
GetWindowLongA
IsWindow
SetWindowTextA
GetSubMenu
LoadMenuW
ClientToScreen
ScreenToClient
GetCursorPos
GetKeyState
MessageBoxA
CreateDesktopA
GetFocus
wsprintfA
SetCapture
ReleaseCapture
DrawIcon
AppendMenuA
EnableMenuItem
GetSystemMenu
IsIconic
GetSystemMetrics
GetSysColor
LoadIconW
GetParent
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetClientRect
SendMessageA
GetWindowRect
PostMessageA
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantCopy
GetErrorInfo
msvcp120
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_BADOFF@std@@3_JB
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Lockit_ctor@_Lockit@std@@SAXH@Z
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?setf@ios_base@std@@QAEHH@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?precision@ios_base@std@@QBE_JXZ
?widen@?$ctype@D@std@@QBEDD@Z
?_Getname@_Locinfo@std@@QBEPBDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0_Locinfo@std@@QAE@HPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Inf
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Xruntime_error@std@@YAXPBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??Bios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
_Strcoll
_Strxfrm
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@D@std@@2V0locale@2@A
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
_Nan
gdi32
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
GetStockObject
DeleteObject
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
comctl32
InitCommonControlsEx
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_ReplaceIcon
shlwapi
StrToIntA
PathIsDirectoryA
PathFileExistsA
StrToIntExA
ole32
CoTaskMemFree
OleRun
CoCreateInstance
OleInitialize
ws2_32
sendto
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACleanup
WSAStartup
WSACreateEvent
WSASocketA
WSAGetLastError
WSAEventSelect
inet_addr
htons
bind
socket
recvfrom
closesocket
send
recv
connect
ioctlsocket
select
setsockopt
libmysql
mysql_query
mysql_error
mysql_real_connect
mysql_init
visa32
ord141
ord256
ord279
ord257
ord132
ord134
ord142
ord131
dbghelp
MiniDumpWriteDump
mscoree
_CorExeMain
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 294KB - Virtual size: 294KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ