D:\a\velopack\velopack\target\i686-pc-windows-msvc\release\deps\stub.pdb
Static task
static1
Behavioral task
behavioral1
Sample
CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe
Resource
win11-20240802-en
General
-
Target
CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.zip
-
Size
216KB
-
MD5
6b7ca8213f8d15a7bb23ff8b85243dde
-
SHA1
37734b106eddbe701552772b2e3d7632e895555b
-
SHA256
2fe1d5c69ca5dc1d6f10c624066bf3a087b4b2e892b8cbc13b4ca78b9eef5248
-
SHA512
8aa39008f45e5ea846e9a516b7b49b6c2f9de3f466d7f328d1ea23db817d1b69514d6e5f501ae100486df75777321846b863e9be194f77f09c4d82182f274ca8
-
SSDEEP
6144:qd7juf3T70BSAEcGOZL29vbMzMShwaSxcISdR:qhjuPTABSAEc/ZSMISXSxcIS3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A
Files
-
CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.zip.zip
Password: infected
-
CD37956E700204E4D2329EFE091697BBDB8021DE5A03AF00E815CB1466A1A53A.exe windows:6 windows x86 arch:x86
6fe591d1cf993574e14f648cc9819a93
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FindFirstFileW
GetLastError
FindNextFileW
FindClose
MoveFileExW
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
GetCommandLineW
GetProcessId
HeapReAlloc
GetTimeZoneInformationForYear
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
SetFilePointerEx
MultiByteToWideChar
WriteConsoleW
SetLastError
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
CreateMutexA
RtlCaptureContext
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
ReadFileEx
SleepEx
WriteFileEx
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
SystemTimeToFileTime
HeapFree
GetConsoleOutputCP
FlushFileBuffers
HeapSize
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
DecodePointer
user32
AllowSetForegroundWindow
ntdll
NtReadFile
RtlNtStatusToDosError
NtWriteFile
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ