C:\Users\pu6c2\Downloads\Project4\Project4\x64\Release\Project4.pdb
Behavioral task
behavioral1
Sample
Project4.exe
Resource
win10v2004-20240802-en
General
-
Target
Project4.exe
-
Size
38.4MB
-
MD5
a3f2290cb48d78ad85a2b2eb944274d4
-
SHA1
54517da708a75c7d0cb80cf2d5c72b22bac1bf89
-
SHA256
1ae859387f4ee8730b679db13eb3045168b61260a985c646d6ac189862a91aa8
-
SHA512
81ad0c9414d75bb1ee93c70cf057653253e4b841f20d74c69f7607fde41083e327e1314350053b203c7c4a1eae983d8fc6a8be82a3126400576dd2df5a9278f4
-
SSDEEP
786432:89Z9HcRlhW8C7UdbTO5zcY8763ilvfXuZ6SeV8v0Rr2YgKraBgLEKb:+vHcRlhWt4dfME7tlHeKhpraEE
Malware Config
Signatures
-
Detect Pysilon 1 IoCs
resource yara_rule static1/unpack001/source_prepared.pyc pysilon -
Pysilon family
-
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Project4.exe
Files
-
Project4.exe.exe windows:6 windows x64 arch:x64
e78e7c1b0b16c667b3948093dd66d7b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlAdjustPrivilege
VerSetConditionMask
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
NtRaiseHardError
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
GetFileAttributesExW
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
FindFirstFileW
UnhandledExceptionFilter
WakeAllConditionVariable
GetFileInformationByHandleEx
FindClose
AreFileApisANSI
QueryPerformanceCounter
FreeLibrary
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateDirectoryW
SetConsoleTitleW
lstrcmpiW
GetConsoleWindow
WideCharToMultiByte
ExitProcess
CreateThread
Process32FirstW
Process32NextW
MultiByteToWideChar
CreateToolhelp32Snapshot
CreateFileW
DeviceIoControl
GetStdHandle
GetConsoleScreenBufferInfo
Sleep
GetCurrentDirectoryW
GetLocaleInfoEx
GetCurrentThreadId
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
QueryFullProcessImageNameW
VirtualAlloc
GetCurrentProcess
VirtualFree
GetSystemInfo
CloseHandle
ReadProcessMemory
GetProcAddress
GetModuleHandleA
SetLastError
GetModuleHandleW
GetCurrentThread
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameW
HeapSize
GetModuleFileNameA
UnmapViewOfFile
SetUnhandledExceptionFilter
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
VirtualProtect
MapViewOfFile
CreateFileMappingW
user32
GetCursorPos
UpdateWindow
RegisterClassExA
FindWindowA
GetDesktopWindow
PeekMessageA
SetWindowLongW
SendInput
LoadCursorW
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
DispatchMessageW
GetAsyncKeyState
ShowWindow
FindWindowW
SetWindowPos
DestroyWindow
GetWindowRect
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA
SetCursorPos
GetClientRect
SetCursor
GetSystemMetrics
ScreenToClient
ClientToScreen
GetForegroundWindow
advapi32
ConvertSidToStringSidA
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
CryptEncrypt
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
OpenServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
OpenProcessToken
msvcp140
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Query_perf_counter
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
wldap32
ord33
ord35
ord143
ord217
ord79
ord30
ord32
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord200
ord301
crypt32
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryA
PFXImportCertStore
CertAddCertificateContextToStore
CertOpenStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CryptDecodeObjectEx
CertGetNameStringA
CertEnumCertificatesInStore
ws2_32
WSAIoctl
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
select
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
RpcStringFreeA
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
__std_exception_destroy
__std_exception_copy
strstr
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strrchr
strchr
memset
memmove
memcpy
memcmp
memchr
api-ms-win-crt-runtime-l1-1-0
system
_beginthreadex
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
terminate
exit
strerror
__sys_nerr
_resetstkoflw
_getpid
abort
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_errno
api-ms-win-crt-string-l1-1-0
strncpy
strncmp
_strdup
isupper
strspn
tolower
strpbrk
strcmp
strcspn
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
_read
_write
fgetc
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
_close
_lseeki64
__p__commode
fflush
fgetpos
setvbuf
feof
fputs
fopen
ungetc
_open
fsetpos
fwrite
__acrt_iob_func
fread
_fseeki64
_get_stream_buffer_pointers
_popen
_pclose
fgets
fclose
_set_fmode
ftell
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
fseek
fputc
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
realloc
calloc
_callnewh
api-ms-win-crt-filesystem-l1-1-0
_unlink
_access
_fstat64
remove
_stat64
_lock_file
_unlock_file
api-ms-win-crt-utility-l1-1-0
qsort
rand
api-ms-win-crt-convert-l1-1-0
strtoul
atoi
strtod
strtoull
strtoll
strtol
api-ms-win-crt-math-l1-1-0
_dsign
acosf
__setusermatherr
_dclass
asin
atan2
ceilf
cosf
fmodf
powf
roundf
sinf
sqrt
sqrtf
tanf
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_time64
strftime
_localtime64
_gmtime64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
localeconv
shell32
ShellExecuteA
Sections
.text Size: 767KB - Virtual size: 767KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224KB - Virtual size: 224KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37.4MB - Virtual size: 37.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
discord_token_grabber.pyc
-
get_cookies.pyc
-
misc.pyc
-
passwords_grabber.pyc
-
source_prepared.pyc