D:\dbs\el\omr\Target\x86\ship\click2run\en-us.pre\SetupBootstrapper.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487N.exe
Resource
win10v2004-20241007-en
General
-
Target
ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487N
-
Size
7.2MB
-
MD5
60982d11348eda050dbb1ddf0d184d20
-
SHA1
268e286f853d33373523c673b08b8e80a188672c
-
SHA256
ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487
-
SHA512
95c2df3e778caf920bc1faafdd8bcb3ff588e76e48cd7771bbc7e03497d9a8d4bfdac1d0f6af19ca40f144f8c0230b8f43a07a8b030f0c51eed8b9587044fc0f
-
SSDEEP
196608:YcCzNbAUF5oM8uxzOXUTNGZMMpOqgdwP3Mm58f6skfhsu5aI6HMaJTtGbB:kJs6oMhCXYUOE3o8sW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487N
Files
-
ccfde67e41bb5506bc8d220dabb5b6a2243276643f010c91b11fe031416de487N.exe windows:5 windows x86 arch:x86
ca7d3169e7c7942080190cde3c16c7c7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Imports
advapi32
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CreateWellKnownSid
CheckTokenMembership
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
RegNotifyChangeKeyValue
RevertToSelf
OpenThreadToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
RegEnumValueA
RegDeleteValueA
RegGetValueA
EventWrite
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
ole32
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler
IIDFromString
CoInitializeSecurity
CoInitializeEx
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoUninitialize
oleaut32
GetErrorInfo
SysFreeString
VariantInit
VariantClear
SetErrorInfo
SysAllocString
SysStringLen
gdi32
CreateFontW
SetBkColor
SetTextColor
DeleteObject
Rectangle
SetDCPenColor
CreatePen
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
SetDCBrushColor
GetTextMetricsW
GetStockObject
GetDeviceCaps
kernel32
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
CreateTimerQueueTimer
ExitProcess
GetOEMCP
CloseHandle
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
CompareStringEx
LocalFree
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
FreeLibrary
CreateThread
GetCurrentThreadId
GetExitCodeThread
SetProcessMitigationPolicy
CreateEventExW
WriteFile
DeleteFileW
WideCharToMultiByte
IsWow64Process
GetModuleHandleExW
ExpandEnvironmentStringsW
GlobalFree
MultiByteToWideChar
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CreateMutexW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLocaleName
FlsFree
FlsAlloc
AttachConsole
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
LocaleNameToLCID
FindClose
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FormatMessageA
RaiseException
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
OpenProcess
GetExitCodeProcess
GetProcessTimes
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
GlobalMemoryStatusEx
GetVersionExW
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfoExW
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetSystemDirectoryW
HeapAlloc
CreateEventW
SetEvent
WaitForSingleObject
ReleaseSemaphore
EnumSystemLocalesW
WaitForMultipleObjectsEx
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
QueryDepthSList
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
TzSpecificLocalTimeToSystemTime
QueryUnbiasedInterruptTime
OpenEventW
ReleaseMutex
CreateMutexExW
OpenMutexW
GetTempPathW
GetLongPathNameW
GetFinalPathNameByHandleW
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
ResetEvent
IsDebuggerPresent
GetFileAttributesExW
FindFirstFileExW
MoveFileExW
FindNextFileW
CreateDirectoryW
SetFileAttributesW
ReadFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
LockFileEx
UnlockFileEx
GetFileInformationByHandleEx
GetCurrentDirectoryW
GetTempFileNameW
CopyFileExW
GetVolumePathNamesForVolumeNameW
SetFileInformationByHandle
WaitForMultipleObjects
K32EnumProcessModulesEx
OpenThread
GetFileType
SetFilePointer
GetOverlappedResult
GetFileAttributesW
GetFileTime
CopyFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
LockResource
LCIDToLocaleName
SetFileTime
CancelIoEx
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetTickCount
InitOnceExecuteOnce
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
CreateFileMappingA
LocalAlloc
GetLocaleInfoEx
LCMapStringEx
IsValidLocale
GetSystemDefaultLCID
ResolveLocaleName
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetFileAttributesA
LoadLibraryExA
GetUserGeoID
GetLocaleInfoW
GetUserPreferredUILanguages
GetACP
GetTimeZoneInformation
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
FlushViewOfFile
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
K32GetProcessMemoryInfo
GetPhysicallyInstalledSystemMemory
GetProductInfo
SwitchToThread
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GetThreadLocale
lstrcmpW
ProcessIdToSessionId
GetCommandLineW
SetEnvironmentVariableW
GetPriorityClass
K32EnumProcesses
IsProcessorFeaturePresent
InitOnceComplete
InitOnceBeginInitialize
CreateSymbolicLinkW
DeleteTimerQueueTimer
GetThreadTimes
FreeLibraryAndExitThread
ExitThread
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
RemoveDirectoryW
GetFileInformationByHandle
GetStringTypeW
TryAcquireSRWLockExclusive
CompareStringW
SetStdHandle
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualProtect
VirtualQuery
GetLocalTime
WaitForSingleObjectEx
GetSystemPreferredUILanguages
K32GetProcessImageFileNameW
GetDateFormatW
GetTimeFormatW
GetDriveTypeW
setupapi
SetupIterateCabinetW
gdiplus
GdipDeleteGraphics
GdiplusStartup
GdipCreateFromHDC
GdipDrawImageRectI
GdipLoadImageFromStream
GdipFree
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipAlloc
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 142KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 341KB - Virtual size: 341KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 373KB - Virtual size: 372KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ