D:\Jenkins\.jenkins\workspace\install_project\install_main\install_and_uninstall\Release\Install.pdb
Static task
static1
Behavioral task
behavioral1
Sample
8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9.exe
Resource
win10v2004-20240802-en
General
-
Target
8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9
-
Size
4.8MB
-
MD5
dfd160702e3a1f34dbe5a671885e5cc0
-
SHA1
ae0c00cf2978e134536e0c419fdc7acb3d4afafb
-
SHA256
8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9
-
SHA512
1e51f4beb86591361c44fea208f8b297fa0c0bc56823cf9479fdbb6454c375fbd206400e105ce2ef2a7f8c3977aca54f7790069fa765a01de53ae8c334037e5a
-
SSDEEP
98304:IVeM4VwHuokyf28PGcx2HynIiprw0F80XZZ72:eAVwGkx2SnIe84Z72
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9
Files
-
8837fa7ced44e3fca9bd4a4c65ed19224cd8bffb92435d11e3935f275c860cc9.exe windows:6 windows x86 arch:x86
a52b0d6e68a672369339ad8663ac1b80
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetStartupInfoW
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
GetFileSizeEx
GetCommandLineW
DecodePointer
LoadLibraryExW
lstrcmpiW
LoadLibraryA
CopyFileW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
CreateProcessW
OutputDebugStringA
ResetEvent
GetSystemInfo
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
CreateDirectoryW
GetShortPathNameW
FormatMessageW
GetEnvironmentVariableW
IsDebuggerPresent
EncodePointer
InitializeSListHead
WriteProcessMemory
GetTempFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
WideCharToMultiByte
MoveFileW
lstrlenW
GetWindowsDirectoryW
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateEventW
LocalAlloc
GetTickCount
Sleep
GetLastError
WritePrivateProfileStringW
WriteConsoleW
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
GetModuleFileNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
MultiByteToWideChar
UnlockFile
LockFile
GetFileSize
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalDeleteAtom
OpenProcess
GetCurrentProcessId
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetVersionExW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileAttributesExW
CreateFileW
LoadLibraryW
DosDateTimeToFileTime
GetProcAddress
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OutputDebugStringW
SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetTempFileNameA
GetTempPathA
CloseHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
CreateMutexW
WaitForSingleObject
LocalFree
SetEvent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
TlsAlloc
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
FileTimeToDosDateTime
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OpenFileMappingW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
FlushFileBuffers
SetFileTime
SearchPathW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
SetEndOfFile
GetStdHandle
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
FileTimeToLocalFileTime
WriteFile
DeleteFileA
CreateFileA
SystemTimeToFileTime
GetSystemTime
GetFileTime
ReleaseMutex
FindNextFileA
FindFirstFileA
GetLocalTime
user32
UnhookWinEvent
SetWinEventHook
wsprintfW
SetTimer
KillTimer
DrawTextW
GetWindowTextLengthW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
SendMessageW
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
PostMessageW
IsWindow
SetCursor
SetRect
OffsetRect
LoadCursorW
ScreenToClient
PtInRect
CopyRect
DrawFocusRect
BeginPaint
EndPaint
IsRectEmpty
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
UpdateLayeredWindow
SetWindowPos
SetWindowRgn
SystemParametersInfoW
WaitForInputIdle
GetSystemMetrics
GetShellWindow
MonitorFromWindow
UnregisterClassA
SendNotifyMessageW
SendMessageTimeoutW
RegisterWindowMessageW
MessageBoxW
IsDialogMessageW
EndDialog
DialogBoxParamW
DestroyWindow
EnableWindow
FindWindowW
RedrawWindow
GetMonitorInfoW
LoadImageW
GetWindow
MapWindowPoints
SetWindowTextW
BringWindowToTop
MoveWindow
PostQuitMessage
ExitWindowsEx
SetProcessDPIAware
CharNextW
GetWindowTextW
gdi32
SaveDC
RestoreDC
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW
advapi32
BuildExplicitAccessWithNameW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetTokenInformation
GetTrusteeNameW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegGetValueW
shell32
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ord165
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHLoadInProc
ShellExecuteW
ShellExecuteExW
SHChangeNotify
SHGetDesktopFolder
ole32
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitializeEx
OleRun
oleaut32
VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr
shlwapi
PathAppendA
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfW
StrCmpW
PathFindFileNameW
SHGetValueW
PathUnquoteSpacesW
SHSetValueW
PathIsPrefixW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
StrStrIW
SHDeleteValueW
StrStrIA
StrCmpNIW
StrTrimA
StrCmpIW
StrToIntExW
SHGetValueA
PathIsDirectoryW
SHDeleteKeyW
comctl32
InitCommonControlsEx
_TrackMouseEvent
gdiplus
GdipCreateSolidFill
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipFillRectangleI
cabinet
ord23
ord20
ord22
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
psapi
GetModuleFileNameExW
EnumProcesses
setupapi
SetupIterateCabinetW
iphlpapi
GetAdaptersInfo
wininet
InternetGetConnectedState
urlmon
URLDownloadToCacheFileW
URLDownloadToFileW
secur32
GetUserNameExW
crypt32
CryptBinaryToStringW
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW
CryptStringToBinaryA
wintrust
WTHelperProvDataFromStateData
WinVerifyTrust
Exports
Exports
StartEast
_Start@12
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 284KB - Virtual size: 284KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ