C:\Users\Administrator\source\repos\seidr\x64\Release\seidr_build.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ec2a17ea1fc8c8d6991d51d16bfef8adaa5363321c7ff63ae73698d004603550.exe
Resource
win7-20240903-en
General
-
Target
ec2a17ea1fc8c8d6991d51d16bfef8adaa5363321c7ff63ae73698d004603550.zip
-
Size
1.5MB
-
MD5
9befd8fa8227218da12912d0651f75ce
-
SHA1
2e608d5c79b1c330d22d5bd5f7761429ddb4e9a0
-
SHA256
7e525788ca31ac108fececdbe73ec70d66dab87565cf9834ffaab1a34b811b33
-
SHA512
2dc8ee442444b92803f0617e0ae2a8b5d5a4b7651b6c9f6078c79308f4c48d35af714ee98a1307ea10466afae0cb626dc7f867b1afb5de2a5edec2e24b64fffe
-
SSDEEP
24576:d6LR1Y3rb7Tu0DZVIvC6lJYDP2c9I3IU/CdwK9TzQ44b/Scc2kJAp4U:C1SzTuIcC6lJYDPD9I40C6K5Q4I/SkZD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ec2a17ea1fc8c8d6991d51d16bfef8adaa5363321c7ff63ae73698d004603550
Files
-
ec2a17ea1fc8c8d6991d51d16bfef8adaa5363321c7ff63ae73698d004603550.zip.zip
Password: infected
-
ec2a17ea1fc8c8d6991d51d16bfef8adaa5363321c7ff63ae73698d004603550.exe windows:6 windows x64 arch:x64
Password: infected
cfb4f01780bcc7e9e57a4c4e7800e99d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetStdHandle
GetEnvironmentVariableA
GetConsoleMode
ReadConsoleW
WriteConsoleW
SystemTimeToFileTime
GetFileType
GetSystemTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
RaiseException
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
MoveFileExW
GetFileSizeEx
GetFileTime
SetFilePointerEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
MoveFileExA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetComputerNameA
VerifyVersionInfoW
GetConsoleWindow
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
VerSetConditionMask
LocalFree
GetProcAddress
LoadLibraryW
GetSystemInfo
CloseHandle
Process32FirstW
CreateFileA
Process32NextW
GetLastError
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
GetModuleFileNameW
FreeLibraryAndExitThread
RtlUnwind
ExitThread
CreateThread
CreateProcessW
SetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
CreateFileW
FindClose
TerminateProcess
lstrlenW
GetCurrentProcess
FindNextFileW
GetFullPathNameW
FindFirstFileExW
FindFirstFileW
ReadFile
SetFileAttributesW
CreateDirectoryW
IsDebuggerPresent
WakeAllConditionVariable
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
CompareStringEx
GetStringTypeW
DecodePointer
EncodePointer
LCMapStringEx
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetLocaleInfoEx
GetFileInformationByHandleEx
GetCurrentDirectoryW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetFileInformationByHandle
CopyFileW
user32
GetSystemMetrics
ShowWindow
advapi32
CryptDestroyKey
RegEnumKeyExA
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey
GetSecurityInfo
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptDestroyHash
CryptHashData
shell32
SHGetKnownFolderPath
ole32
CoTaskMemFree
ws2_32
getaddrinfo
getsockopt
send
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
WSASetLastError
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
crypt32
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
wldap32
ord301
ord217
ord46
ord143
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
normaliz
IdnToUnicode
IdnToAscii
bcrypt
BCryptOpenAlgorithmProvider
BCryptDeriveKeyPBKDF2
BCryptGenRandom
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 579KB - Virtual size: 578KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ