Static task
static1
Behavioral task
behavioral1
Sample
ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba.exe
Resource
win10v2004-20240802-en
General
-
Target
ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba
-
Size
5.3MB
-
MD5
24dc5ae94fefa490e04ee7369d0895d7
-
SHA1
ac538062eb96f4dc0a3f5dbb98f425264ed8b07d
-
SHA256
ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba
-
SHA512
4454185c783688f949b9ac410615d673579d46eab73878e5c4836b61c955f7cfeef23f6e58d34d5f24f13701a964903c34f261f2dba4e86aed46d87c92bdff71
-
SSDEEP
98304:+82ifILGFy/bF7fNCJ9JghO1jR6tqHTexiCJKcJAFZbQBuVk:+uALG8BfNW9JgE1jR6yTetJtAFVk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba
Files
-
ee8cab15fa4055a5f8a5a17a9eda1d5b2ccf420afcd179a56d642b3994a6f0ba.exe windows:5 windows x86 arch:x86
2fc686217e7e2b82146a20c21fa85683
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SystemTimeToTzSpecificLocalTime
CreateSemaphoreA
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
GetSystemTime
SwitchToFiber
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
CreateEventA
VerifyVersionInfoW
GetFullPathNameW
DeleteFiber
VerSetConditionMask
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GlobalLock
GlobalUnlock
LoadLibraryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetFileTime
CompareFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetACP
ExitProcess
OpenProcess
MulDiv
GetVersionExW
LocalFree
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
GetLongPathNameW
FindClose
GetSystemDirectoryW
GetTempPathW
FindFirstFileW
FindNextFileW
VirtualQuery
MoveFileW
InitializeCriticalSection
LocalAlloc
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FileTimeToSystemTime
CreateFileA
SetFileAttributesW
GetFileAttributesExW
MoveFileExW
GetSystemInfo
DeviceIoControl
GetSystemDirectoryA
SetErrorMode
ReleaseMutex
CreateMutexW
GlobalMemoryStatus
SetCurrentDirectoryA
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
FlushFileBuffers
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile
WriteConsoleW
SleepEx
CreateDirectoryW
GetDriveTypeW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
FreeResource
InterlockedDecrement
GetCommandLineW
DeleteFileA
CopyFileA
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
DeleteFileW
Sleep
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
GetTempPathA
TerminateThread
GetExitCodeThread
WideCharToMultiByte
GetFileSize
CloseHandle
CreateFileW
ReadFile
GetTickCount
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
IsBadReadPtr
DeleteCriticalSection
FreeLibrary
GetProcessHeap
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
GetNativeSystemInfo
HeapReAlloc
LoadLibraryA
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
VirtualAlloc
lstrlenW
VirtualFree
SetLastError
HeapFree
SystemTimeToFileTime
VirtualProtect
user32
InflateRect
LoadCursorW
SetCursor
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
DefWindowProcW
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
ShowCaret
GetFocus
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
CreateWindowExW
CallWindowProcW
RegisterClassW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowRgn
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
MonitorFromPoint
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
MessageBoxW
CharPrevW
DrawTextW
FillRect
SetRect
DestroyMenu
EnableMenuItem
CreateCaret
GetCaretBlinkTime
GetCursor
SendMessageW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetActiveWindow
GetMessageW
IsWindow
DispatchMessageW
PeekMessageW
CharNextW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
DrawIconEx
DestroyIcon
PrivateExtractIconsW
UpdateWindow
ClientToScreen
GetCaretPos
ReleaseDC
SetCaretPos
TranslateMessage
FindWindowW
CreatePopupMenu
TrackPopupMenu
AppendMenuW
ActivateKeyboardLayout
PostQuitMessage
SetForegroundWindow
GetCursorPos
PostMessageW
ShowWindow
PtInRect
GetKeyState
HideCaret
advapi32
GetSidSubAuthority
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
GetUserNameW
shell32
SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
ole32
CoTaskMemRealloc
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CoUninitialize
CoInitialize
oleaut32
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
shlwapi
PathStripToRootW
PathIsDirectoryW
PathIsSameRootW
PathFileExistsW
PathFindFileNameA
PathFindFileNameW
PathFileExistsA
PathFindExtensionA
PathRemoveFileSpecW
PathCombineW
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipDrawImageI
GdipDrawLine
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipReleaseDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipGetImageHeight
GdipCloneBrush
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
dbghelp
MiniDumpWriteDump
urlmon
ObtainUserAgentString
gdi32
MoveToEx
TextOutW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateDIBitmap
GdiFlush
SetStretchBltMode
StretchBlt
SetBkMode
CreatePatternBrush
SetBkColor
GetTextExtentPointA
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
BitBlt
CreateSolidBrush
GetBitmapBits
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
SetBitmapBits
SetTextColor
GetCharABCWidthsW
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
comctl32
_TrackMouseEvent
ord17
InitCommonControlsEx
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ws2_32
sendto
recvfrom
getnameinfo
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
gethostbyname
gethostname
WSAStartup
WSAEventSelect
closesocket
shutdown
crypt32
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
wldap32
ord26
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord145
ord117
ord41
ord208
ord216
ord14
ord46
ord219
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 606KB - Virtual size: 605KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 51KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21.1MB - Virtual size: 21.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ