xpnetdiag.pdb
Static task
static1
Behavioral task
behavioral1
Sample
897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38.exe
Resource
win10v2004-20240802-en
General
-
Target
897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38
-
Size
545KB
-
MD5
317039320133bf99c3dec88164a63b2d
-
SHA1
339e722d8b45f3c5afd846b9b0cf00038551c137
-
SHA256
897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38
-
SHA512
65f59187fc691bf4f7bbf2f4b94b8a0953de5596a19a74a3c2a6999825516ac8038d410a73eae7d17af2d26fa67d56cdefc34b1f9a6849c6d542d79a70227c4f
-
SSDEEP
6144:UZruX6Eii0qX344BYYawOZ3wpxFPDjKiQSzmhR:UsX6Eii0qjXPDjKiQMcR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38
Files
-
897cfacd0950b2abd3d36557085059848ffe4a317f40d20e05a4b0c03a1afc38.exe windows:5 windows x86 arch:x86
a29f8caeaf5eedc50ef3e501864344d7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mfc42u
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord3948
ord2859
ord2371
ord2078
ord1143
ord3562
ord602
ord4370
ord4847
ord5276
ord3592
ord641
ord4229
ord755
ord470
ord324
ord6193
ord6375
ord2634
ord6330
ord1105
ord940
ord537
ord6920
ord942
ord2099
ord2836
ord922
ord4074
ord1155
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord3605
ord656
ord2332
ord2362
ord2812
ord3806
ord3621
ord2406
ord2855
ord3614
ord1634
ord4273
ord6655
ord4124
ord6868
ord925
ord927
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1165
ord2350
ord3087
ord6211
ord4704
ord6195
ord1569
ord5568
ord2756
ord6867
ord4272
ord5679
ord539
ord4253
ord2294
ord489
ord768
ord4419
ord4829
ord5283
ord1767
ord6048
ord2506
ord4992
ord4848
ord4371
ord5261
ord4352
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord1899
ord609
ord3569
ord4390
ord2567
ord795
ord567
ord3716
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord825
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord6379
ord5436
ord6390
ord5446
ord540
ord541
ord801
ord823
ord2810
ord858
ord2755
ord5706
ord2910
ord538
ord861
ord6278
ord6279
ord535
ord800
ord3658
ord6874
ord860
msvcrt
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_vsnprintf
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_wctime
_wtol
difftime
_ftol
memset
_wcsnicmp
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memmove
_except_handler3
wcscmp
_wcsicmp
_CxxThrowException
time
wcschr
wcslen
_vsnwprintf
__CxxFrameHandler
_purecall
strrchr
advapi32
RegCreateKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
ChangeServiceConfigW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
StartServiceW
kernel32
lstrcmpiW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
WaitForMultipleObjects
ResetEvent
GetModuleHandleW
GetTickCount
FormatMessageW
ReleaseMutex
CreateProcessW
SetEvent
WaitForSingleObject
CreateMutexW
LoadLibraryExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalFree
GetLastError
LocalAlloc
LocalFree
WriteFile
GetProcAddress
ExpandEnvironmentStringsW
CreateFileW
Sleep
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
OpenMutexW
LoadLibraryExW
MulDiv
InterlockedDecrement
DeleteFileW
SetLastError
DeviceIoControl
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
LoadLibraryW
GetSystemDirectoryW
TerminateThread
GetExitCodeThread
CreateThread
CloseHandle
lstrcmpW
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileW
FindFirstFileW
GetCommandLineW
HeapAlloc
GetProcessHeap
HeapFree
GetLocaleInfoW
GetUserDefaultUILanguage
GetThreadLocale
InterlockedIncrement
GetSystemDefaultUILanguage
SearchPathW
GetVersionExW
gdi32
GetObjectW
CreateFontIndirectW
GetDeviceCaps
user32
EnableWindow
SendMessageW
GetDC
LoadBitmapW
FindWindowW
PostThreadMessageW
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
PostMessageW
PostQuitMessage
RegisterWindowMessageW
DrawIcon
IsIconic
BringWindowToTop
GetClientRect
InvalidateRect
FlashWindowEx
GetSystemMetrics
LoadIconW
GetForegroundWindow
LoadStringW
SetForegroundWindow
KillTimer
SetTimer
ntdll
RtlInitUnicodeString
NtOpenFile
RtlNtStatusToDosError
DbgPrint
comctl32
ord17
InitCommonControlsEx
iphlpapi
GetAdaptersInfo
GetPerAdapterInfo
FlushIpNetTable
DeleteIpForwardEntry
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
GetIpForwardTable
GetIpAddrTable
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
SendARP
GetNetworkParams
ws2_32
ntohs
WSACleanup
socket
closesocket
recv
select
sendto
connect
htons
WSAEnumNameSpaceProvidersW
inet_addr
setsockopt
inet_ntoa
WSAGetOverlappedResult
WSAIoctl
bind
WSCDeinstallProvider
WSCGetProviderPath
WSCUpdateProvider
WSASocketW
getsockname
listen
accept
send
recvfrom
WSCEnumProtocols
ntohl
WSAStartup
gethostbyname
WSAGetLastError
setupapi
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupPromptReboot
oleaut32
VariantInit
SysFreeString
VariantClear
SysAllocString
SysStringLen
ole32
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
rpcrt4
UuidCreateNil
RpcStringFreeW
UuidCompare
UuidIsNil
UuidToStringW
wininet
InternetConnectW
InternetSetOptionW
InternetCloseHandle
InternetSetStatusCallbackW
InternetQueryOptionW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
FtpFindFirstFileW
HttpOpenRequestW
winhttp
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle
dnsapi
DnsQuery_W
DnsRecordListFree
shell32
SHCreateDirectoryExW
ShellExecuteW
CommandLineToArgvW
netapi32
NetServerGetInfo
DsGetDcNameW
NetApiBufferFree
psapi
GetModuleFileNameExW
custsat
ord31
ord26
ord30
ord29
ord33
ord5
ord12
ord3
ord17
ord16
ord2
ord47
ord4
ord34
ord22
ord19
ord46
ord32
ord18
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 361KB - Virtual size: 361KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA