C:\cygwin\home\Julian\jrcpp\dist_xp\sotw.pdb
Static task
static1
Behavioral task
behavioral1
Sample
7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1N.exe
Resource
win10v2004-20240802-en
General
-
Target
7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1N
-
Size
4.1MB
-
MD5
7b301ec013ba33138a86c2f097893b30
-
SHA1
3183f930668975dc91a3f384dc866b2a1bea8a4a
-
SHA256
7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1
-
SHA512
79e221ee040c188f5d46c2392c624619b6a3d4d6c777d6dae080ad21d49319cbcc31c4e050645347c7ade9e788ececc5c554e3bfd36246eaa1df2a95a416ab8a
-
SSDEEP
98304:z9g4d0qTVGqHyQVO4WZJNer99XMqHauZXGmOjsfNTWxB:zNTVGqHyQVvWYrP30s6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1N
Files
-
7d46e970af01ef0047e414a088701c668c0c8f3a7a7711135ab3e75f9c62f6c1N.exe windows:5 windows x86 arch:x86
babc6950e778efeb527fb9310c81cbb4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
zlib1
uncompress
compress2
lua51
lua_getfield
lua_pcall
lua_pushinteger
lua_isnumber
lua_tointeger
lua_pushnumber
lua_gettop
lua_settop
lua_isstring
lua_type
lua_tonumber
lua_toboolean
lua_pushcclosure
lua_pushboolean
lua_createtable
lua_setfield
lua_rawseti
lua_error
lua_objlen
lua_gettable
lua_settable
lua_close
lua_pushlstring
lua_rawset
luaopen_base
luaL_openlibs
luaL_error
luaL_loadfile
luaL_loadstring
luaL_newstate
lua_pushstring
lua_tolstring
xerces-c_3_1
?doctypePI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
?doctypeDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypeComment@AbstractDOMParser@xercesc_3_1@@UAEXQB_W@Z
?docPI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
?docComment@AbstractDOMParser@xercesc_3_1@@UAEXQB_W@Z
?docCharacters@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK_N@Z
?createText@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMText@2@PB_WK@Z
?createElementNS@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMElement@2@PB_W000@Z
?createElement@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMElement@2@PB_W@Z
?createCDATASection@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMCDATASection@2@PB_WK@Z
?createAttrNS@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMAttr@2@PB_W000@Z
?createAttr@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMAttr@2@PB_W@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK@Z
?XMLDecl@AbstractDOMParser@xercesc_3_1@@UAEXQB_W000@Z
?TextDecl@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
??1XercesDOMParser@xercesc_3_1@@UAE@XZ
??0XercesDOMParser@xercesc_3_1@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?parse@AbstractDOMParser@xercesc_3_1@@QAEXQBD@Z
?setLoadExternalDTD@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setValidationScheme@AbstractDOMParser@xercesc_3_1@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?getDocument@AbstractDOMParser@xercesc_3_1@@QAEPAVDOMDocument@2@XZ
?release@XMLString@xercesc_3_1@@SAXPAPA_WQAVMemoryManager@2@@Z
?release@XMLString@xercesc_3_1@@SAXPAPADQAVMemoryManager@2@@Z
?transcode@XMLString@xercesc_3_1@@SAPA_WQBDQAVMemoryManager@2@@Z
?transcode@XMLString@xercesc_3_1@@SAPADQB_WQAVMemoryManager@2@@Z
?Terminate@XMLPlatformUtils@xercesc_3_1@@SAXXZ
?Initialize@XMLPlatformUtils@xercesc_3_1@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
??3XMemory@xercesc_3_1@@SAXPAX@Z
??2XMemory@xercesc_3_1@@SAPAXI@Z
?elementDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endEntityReference@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLEntityDecl@2@@Z
?endExtSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_3_1@@UAEXABVInputSource@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDEntityDecl@2@_N1@Z
?error@XercesDOMParser@xercesc_3_1@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000_K2@Z
?expandSystemId@XercesDOMParser@xercesc_3_1@@UAE_NQB_WAAVXMLBuffer@2@@Z
?handleAttributesPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
?handleElementPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIElement@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIElement@2@@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK_N@Z
?notationDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?resetEntities@XercesDOMParser@xercesc_3_1@@UAEXXZ
?resetErrors@XercesDOMParser@xercesc_3_1@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_3_1@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?setPSVIHandler@AbstractDOMParser@xercesc_3_1@@UAEXQAVPSVIHandler@2@@Z
?startAttList@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@@Z
?startDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?startElement@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_3_1@@@2@K_N3@Z
?startEntityReference@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLEntityDecl@2@@Z
?startExtSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?startInputSource@XercesDOMParser@xercesc_3_1@@UAEXABVInputSource@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?fgXercescDefaultLocale@XMLUni@xercesc_3_1@@2QBDB
?fgMemoryManager@XMLPlatformUtils@xercesc_3_1@@2PAVMemoryManager@2@A
?attDef@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?endDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
pdcurses
stdscr
wgetch
nodelay
clrtobot
mvwaddch
getcury
getcurx
getmaxy
getmaxx
wrefresh
wredrawln
wprintw
wmove
wclrtoeol
wclear
wattron
wattroff
start_color
refresh
raw
printw
noecho
nl
newwin
mvwprintw
mvprintw
move
keypad
initscr
init_pair
has_colors
endwin
curs_set
delwin
clear
kernel32
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
HeapReAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
LoadLibraryExW
RaiseException
RtlUnwind
SystemTimeToFileTime
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
CreateEventA
WaitForMultipleObjectsEx
GetProcessHeap
HeapFree
HeapAlloc
FormatMessageA
LocalFree
AreFileApisANSI
ReadConsoleW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
GetFullPathNameW
GetFileTime
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetCurrentDirectoryW
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
FreeLibrary
TerminateProcess
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
WideCharToMultiByte
GetLastError
WriteConsoleW
HeapSize
CreateFileA
CloseHandle
GetModuleHandleA
GetTickCount
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTime
LoadLibraryA
user32
LoadStringA
wsprintfA
advapi32
CryptAcquireContextW
CryptReleaseContext
GetUserNameA
CryptGenRandom
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 650KB - Virtual size: 650KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 116KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 224KB - Virtual size: 223KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ