??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa
-
Size
4.5MB
-
MD5
1f8204eb2f32e3b12cb3d036b5d945e8
-
SHA1
d75e91252926fd1ee2cd42973d624f39d5e66b3e
-
SHA256
dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa
-
SHA512
ae98b519a740ad06adcd59e954e68626a01b6e55fc675712da53f10644647098e14e59a1aa9bd0617935ffc1b1437340436127a4f64732a6ba091b61cac81538
-
SSDEEP
49152:o8Rv++boKFiMzqcFodBlIBF/pt1IAtM5zGZ46dpJv4blXfk:oyG6oKFiRuojyFb1SoZ46d74blXs
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa
Files
-
dec9eaf2cc6cf9b0b2d9b5d8a617e46f5bf8c0939ac4ab8fc26abc07fc6541aa.exe windows:4 windows x86 arch:x86
02fe605ab701bc858e66c4d2b58c8be8
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
freeimageplus
?loadFromMemory@fipImage@@QAEHAAVfipMemoryIO@@H@Z
?getWidth@fipImage@@QBEIXZ
?getHeight@fipImage@@QBEIXZ
?rescale@fipImage@@QAEHIIW4FREE_IMAGE_FILTER@@@Z
??0fipWinImage@@QAE@W4FREE_IMAGE_TYPE@@III@Z
??1fipWinImage@@UAE@XZ
?saveU@fipImage@@QBEHPB_WH@Z
?isValid@fipWinImage@@UBEHXZ
?clear@fipWinImage@@UAEXXZ
??0fipMemoryIO@@QAE@PAEK@Z
??1fipMemoryIO@@UAE@XZ
?getFileType@fipMemoryIO@@QBE?AW4FREE_IMAGE_FORMAT@@XZ
kernel32
OpenProcess
TerminateProcess
lstrcmpiW
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
GlobalFree
GlobalUnlock
GetModuleHandleW
LocalAlloc
SetFilePointer
LocalFree
WriteFile
WaitForSingleObject
GetExitCodeThread
SetEvent
CreateEventW
WaitForMultipleObjects
GetFileAttributesW
WritePrivateProfileStringW
ResetEvent
DeleteFileW
GetCommandLineW
RemoveDirectoryW
CopyFileW
MoveFileW
CreateThread
OpenMutexW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
GetLogicalDriveStringsW
Process32NextW
QueryDosDeviceW
GlobalAlloc
InterlockedCompareExchange
CreateProcessW
GetTempPathW
GetComputerNameA
GetDiskFreeSpaceExW
ReleaseMutex
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToSystemTime
GetFileTime
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
GlobalLock
DeleteCriticalSection
CreateMutexW
Sleep
GetCurrentProcessId
FindResourceW
GetPrivateProfileStringW
SizeofResource
GetSystemTime
SystemTimeToFileTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
SwitchToFiber
DeleteFiber
LoadResource
GetModuleHandleExW
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetFileType
PeekNamedPipe
GetStdHandle
DuplicateHandle
TerminateThread
FormatMessageW
SleepEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LockResource
GetProcAddress
FreeResource
LeaveCriticalSection
FreeLibrary
CreateFileW
FindResourceExW
GetFileSize
EnterCriticalSection
RaiseException
GetLocalTime
ReadFile
CloseHandle
OutputDebugStringW
InitializeCriticalSection
GetPrivateProfileIntW
GetVersionExW
SetLastError
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetWindowsDirectoryW
GetCurrentProcess
GetLastError
InterlockedExchange
WideCharToMultiByte
lstrlenW
LoadLibraryW
GetSystemDirectoryW
GetVersion
user32
BeginPaint
SetCursor
EnableWindow
ShowWindow
GetFocus
LoadCursorW
IsChild
EndPaint
GetWindowThreadProcessId
GetNextDlgTabItem
FindWindowW
GetForegroundWindow
SendMessageW
UpdateLayeredWindow
IsDialogMessageW
SetCapture
SystemParametersInfoW
KillTimer
LoadImageW
SetWindowPos
OffsetRect
ReleaseCapture
AttachThreadInput
LoadIconW
GetCursorPos
SetForegroundWindow
DestroyIcon
SetWindowLongW
GetActiveWindow
IsWindowVisible
CallWindowProcW
GetDC
EqualRect
SetActiveWindow
MapWindowPoints
MonitorFromWindow
ScreenToClient
PeekMessageW
ReleaseDC
DrawTextW
GetMonitorInfoW
IsWindow
IsRectEmpty
CopyRect
GetMessageW
TranslateMessage
DefWindowProcW
DispatchMessageW
PostThreadMessageW
RegisterWindowMessageW
InflateRect
GetClassInfoExW
SetFocus
GetLastActivePopup
BringWindowToTop
IsIconic
GetWindowRect
DrawIconEx
CharNextW
GetWindow
GetParent
IntersectRect
SetRect
MoveWindow
GetDlgItem
PtInRect
wsprintfW
GetAsyncKeyState
FillRect
GetDlgCtrlID
IsWindowEnabled
GetClientRect
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
SetRectEmpty
ClientToScreen
GetDesktopWindow
RegisterClassExW
InvalidateRect
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetTimer
LoadBitmapW
PostMessageW
CreateWindowExW
SwitchToThisWindow
gdi32
CreateSolidBrush
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
BitBlt
DeleteObject
Rectangle
SelectObject
SetTextColor
SetBkMode
CreateCompatibleDC
ExtCreatePen
GetCurrentObject
SelectClipRgn
SetViewportOrgEx
GetClipRgn
ExtSelectClipRgn
GetStockObject
RoundRect
GetObjectW
GetViewportOrgEx
OffsetRgn
GetDeviceCaps
SaveDC
CreateRectRgnIndirect
CreatePen
GetTextColor
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateFontIndirectW
RectInRegion
CombineRgn
CreateRoundRectRgn
RestoreDC
CreateRectRgn
TextOutW
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
LineTo
MoveToEx
comdlg32
GetSaveFileNameW
GetOpenFileNameW
advapi32
CryptDestroyKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptDecrypt
shell32
SHCreateDirectoryExW
ShellExecuteExW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
ord680
ShellExecuteW
SHGetFolderPathW
ole32
CoCreateGuid
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
oleaut32
SysAllocStringLen
VarUI4FromStr
SysFreeString
shlwapi
PathFileExistsW
PathRemoveFileSpecW
StrToIntA
StrToIntW
PathFindFileNameW
StrStrIW
PathAppendW
PathIsDirectoryW
StrCmpLogicalW
PathFindExtensionW
PathCombineW
PathAddBackslashW
msvcp80
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
comctl32
InitCommonControlsEx
_TrackMouseEvent
msimg32
AlphaBlend
gdiplus
GdipDeletePrivateFontCollection
GdipDeleteFontFamily
GdipGetFontSize
GdipCreateLineBrushFromRectWithAngleI
GdipSetClipPath
GdipNewPrivateFontCollection
GdipFree
GdipCreatePen1
GdipAddPathStringI
GdipMeasureString
GdipSetSmoothingMode
GdipDisposeImageAttributes
GdipGetFamily
GdipCreateImageAttributes
GdipDeleteBrush
GdipDrawLinesI
GdipSetPixelOffsetMode
GdipCreateFontFromLogfontW
GdipAddPathRectangleI
GdipSetInterpolationMode
GdipDeleteFont
GdipCloneBrush
GdiplusStartup
GdipGetImageGraphicsContext
GdipFillPath
GdipClosePathFigure
GdipDeletePen
GdipCreateFont
GdipCreateBitmapFromScan0
GdipAddPathPieI
GdipRotateWorldTransform
GdipLoadImageFromFile
GdipAddPathArcI
GdiplusShutdown
GdipDrawString
GdipDeletePath
GdipCloneImage
GdipSetTextRenderingHint
GdipCreatePath
GdipDrawPath
GdipDisposeImage
GdipSetStringFormatTrimming
GdipDrawImagePointsRectI
GdipImageRotateFlip
GdipCloneBitmapArea
GdipCreateBitmapFromStream
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipSetPenDashStyle
GdipSetPenEndCap
GdipDeleteGraphics
GdipSetImageAttributesColorMatrix
GdipGraphicsClear
GdipSetPenStartCap
GdipCreateFromHDC
GdipPrivateAddFontFile
GdipDrawImageRectI
GdipCreateStringFormat
GdipSetPenMode
GdipGetFontCollectionFamilyCount
GdipCreateSolidFill
GdipDrawImageI
GdipDeleteStringFormat
GdipAlloc
GdipDrawImageRectRectI
GdipDrawLine
GdipFillRectangle
GdipSetStringFormatFlags
GdipDrawImageRectRect
GdipGetFontCollectionFamilyList
GdipSetStringFormatAlign
GdipGetImageHeight
GdipSetCompositingQuality
GdipDrawRectangleI
GdipCloneFontFamily
GdipFillRectangleI
GdipSetStringFormatLineAlign
GdipGetImageWidth
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipAddPathEllipseI
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
msvcr80
_vsnwprintf
_mktime64
_get_errno
wcstok
_findclose
_wfindnext64i32
_wfindfirst64i32
strcpy_s
_snwprintf_s
_wstat64
_wstat32
_wtoi64
setlocale
wcsncmp
_wcsnicmp
wcspbrk
iswspace
isalpha
tolower
isalnum
strchr
isspace
strncmp
_localtime64_s
_wtol
__CxxFrameHandler3
_CxxThrowException
sprintf_s
strpbrk
sprintf
sscanf
__argv
fgetws
fputws
fflush
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_stricmp
strcpy
realloc
__iob_func
strtoul
isxdigit
isdigit
strstr
strrchr
toupper
_strtoi64
memchr
_errno
fgets
fopen
fputs
strtol
strerror
strncpy
__sys_nerr
_gmtime64
_lseeki64
_fstat64
getenv
_stat64
qsort
clearerr
setbuf
_fstat64i32
_fileno
_putenv
_stat64i32
strerror_s
_strnicmp
strspn
_setmode
feof
_gmtime64_s
_vsnprintf
raise
_strdup
strcspn
signal
_read
_close
_open
_controlfp_s
ferror
fprintf
_vsnprintf_s
fputc
ftell
memmove
strcat
fseek
fwrite
memcmp
_wfopen
fclose
fread
_mbsinc
wcscat
wcscat_s
_wcslwr_s
_resetstkoflw
_wcsupr_s
??8type_info@@QBE_NABV0@@Z
_mbsstr
_time64
rand
srand
_wcsicmp
wcstol
__wargv
_beginthreadex
__argc
wcsncpy_s
_waccess
printf
free
_wtoi
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
calloc
??2@YAPAXI@Z
wcschr
swprintf_s
_mbscmp
strlen
_recalloc
memmove_s
abs
labs
_mbsicmp
_invalid_parameter_noinfo
vswprintf_s
?what@exception@std@@UBEPBDXZ
memset
??_V@YAXPAX@Z
_vscwprintf
ceil
vsprintf_s
floor
_vscprintf
wcsrchr
wcscpy_s
_wtof
_mbschr
memcpy_s
wcslen
??0exception@std@@QAE@ABV01@@Z
wcsstr
wcsspn
memcpy
??0exception@std@@QAE@XZ
wcscmp
strcmp
wcscspn
atoi
malloc
__RTDynamicCast
_purecall
??3@YAXPAX@Z
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ws2_32
getsockname
getsockopt
inet_addr
connect
ioctlsocket
socket
WSAGetLastError
gethostbyname
setsockopt
send
__WSAFDIsSet
select
accept
listen
sendto
recvfrom
WSASetLastError
recv
ntohs
htons
closesocket
inet_ntoa
WSACleanup
bind
WSAStartup
winmm
timeGetTime
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
Exports
Exports
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 676KB - Virtual size: 675KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 64KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE