E:\zhanlue\rcimage\bin\Win32\Release\pdb\2345Login.pdb
Static task
static1
Behavioral task
behavioral1
Sample
78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07.exe
Resource
win10v2004-20241007-en
General
-
Target
78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07
-
Size
1.9MB
-
MD5
6e9b527ec0dc02c8e51a87fbaa9c8435
-
SHA1
004d68970e5dea277d74251f84b25224ceec4e9b
-
SHA256
78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07
-
SHA512
f785e5eb89d6005521f5ccdd4b6249386c3a72055980cbfa191cc80821726b5c3bcdadc10a4f1fc65c9d1c8b40be919139018deb824827ca3523b42dd9164c6f
-
SSDEEP
24576:5GGBFkm7N6ryHK10zNcYg4sfRoxwAw/KXzkDrbSeEiYTUcK5BJQVqOPqpCTuT1x/:JLGaxwIzuPbYTUX4qOPqcTuxxT6M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07
Files
-
78ef9b0af68ed2c74ba87833036faa0d9f66db230ed408a4e7a116a5b8357a07.exe windows:5 windows x86 arch:x86
de9a5a4bb0356ff779c40fb0fc40f32e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetCurrentDirectoryW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
MoveFileW
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
FreeLibrary
LockResource
LoadResource
FindResourceW
GetCurrentProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
CreateEventW
SetEvent
ResetEvent
InterlockedExchangeAdd
LoadLibraryA
FormatMessageW
GetFileSizeEx
InterlockedExchange
SystemTimeToFileTime
SetLastError
GlobalUnlock
GlobalLock
VerSetConditionMask
MulDiv
VerifyVersionInfoW
ExitProcess
LocalFileTimeToFileTime
FreeResource
SizeofResource
GetLocalTime
lstrcpynW
CreateDirectoryW
GetTickCount
FindClose
FindNextFileW
GetEnvironmentVariableW
GetProcessHeap
SetFileAttributesW
WriteConsoleW
GetConsoleCP
FlushFileBuffers
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetModuleHandleExW
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
DeleteFileW
GetTempPathW
HeapAlloc
GlobalAlloc
OpenProcess
GetCurrentThreadId
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetFullPathNameW
EnterCriticalSection
GetFileSize
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
ReadFile
lstrcmpiW
lstrcpyW
lstrcatW
GetVersionExW
GetFileAttributesW
ExpandEnvironmentStringsW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetFileAttributesExW
CreateFileW
GetLongPathNameW
FindFirstFileW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetLastError
Sleep
SetErrorMode
LoadLibraryExW
CreateProcessW
GetProcAddress
CloseHandle
OutputDebugStringW
GetPrivateProfileStringW
LocalFree
GetCommandLineW
user32
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
GetWindowRgn
MoveWindow
UpdateLayeredWindow
SetWindowRgn
MonitorFromPoint
MessageBoxW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
EqualRect
IsWindowEnabled
wsprintfA
DrawTextA
CreateAcceleratorTableW
FindWindowW
PostMessageW
EnumWindows
GetClassNameA
ReleaseDC
GetClientRect
GetDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
ReleaseCapture
GetPropW
SetPropW
GetSystemMetrics
InvalidateRgn
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PtInRect
KillTimer
SetCursor
SetCapture
LoadCursorW
SetFocus
IntersectRect
MessageBoxA
SetTimer
ShowWindow
ScreenToClient
SetWindowPos
GetWindowRect
SetForegroundWindow
SetWindowLongW
DestroyWindow
GetWindowLongW
SendMessageW
GetActiveWindow
GetParent
IsWindow
IsIconic
EnableWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
OffsetRect
MapWindowPoints
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindowVisible
IsZoomed
CharNextW
GetFocus
GetKeyState
PostQuitMessage
DefWindowProcW
wsprintfW
InflateRect
LoadImageW
GetGUIThreadInfo
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
GetUpdateRect
GetSysColor
UnionRect
IsRectEmpty
gdi32
CreateCompatibleDC
DeleteDC
DeleteObject
CreateEnhMetaFileW
GetEnhMetaFileHeader
GetStockObject
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetTextExtentPoint32W
CreateDIBSection
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
SelectObject
BitBlt
CreateCompatibleBitmap
CreateDIBitmap
CreatePen
AddFontMemResourceEx
GetClipBox
CreateFontIndirectW
LineTo
CloseEnhMetaFile
GetDeviceCaps
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
shell32
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW
CommandLineToArgvW
ole32
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateInstance
DoDragDrop
CoTaskMemFree
OleDuplicateData
oleaut32
VariantInit
SysAllocString
VariantClear
SysFreeString
comctl32
ord17
_TrackMouseEvent
InitCommonControlsEx
gdiplus
GdiplusStartup
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdipMeasureString
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
shlwapi
PathFileExistsW
ws2_32
WSAStartup
gethostname
gethostbyname
Exports
Exports
CheckSigner
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 216KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 657KB - Virtual size: 656KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ