D:\bamboo\home\xml-data\build-dir\CODRU-BA-SOURCES\bin\Win32\Release\ProductAgentUI.pdb
Static task
static1
Behavioral task
behavioral1
Sample
d9c7beeacdac2aae5d8c675556bfaae9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d9c7beeacdac2aae5d8c675556bfaae9.exe
Resource
win10v2004-20241007-en
General
-
Target
d9c7beeacdac2aae5d8c675556bfaae9.exe
-
Size
1.9MB
-
MD5
d9c7beeacdac2aae5d8c675556bfaae9
-
SHA1
b1c2dd3bd27624a8aa310cbb481b9a64fdbaf921
-
SHA256
7c2906c9277e39c2d1be87adbd342e6faba7b0aa593233663d0007cb4119ccc6
-
SHA512
498d3d7053cfb612cc91dc44483ab38431eb694a6aed2613b1d9ad9d90db89001e68fa07ead050fa56bbaa957276f9eea9fb985051d059df4553c66cde130e98
-
SSDEEP
49152:3rLGA8M9iYz45FWeYTZxTUxXpKg+fmjcozmKxS:65FWBTZxYxJo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d9c7beeacdac2aae5d8c675556bfaae9.exe
Files
-
d9c7beeacdac2aae5d8c675556bfaae9.exe.exe windows:6 windows x86 arch:x86
a7052ad8566216bfcf537f94ec6b5a66
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
crypt32
CryptBinaryToStringA
CryptUnprotectData
CryptBinaryToStringW
CryptStringToBinaryW
kernel32
WaitForSingleObject
MultiByteToWideChar
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
GetThreadId
GetStdHandle
WriteFile
GlobalFree
GlobalAlloc
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
IsWow64Process
CreateProcessW
ReadFile
CreateFileW
GetSystemDirectoryW
SetEnvironmentVariableW
CreateThread
VerSetConditionMask
VerifyVersionInfoW
SetCurrentDirectoryW
SetLastError
GetFileAttributesW
OpenProcess
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
LocalAlloc
InitOnceComplete
ResetEvent
GetProcessHeap
FindResourceExW
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
ExitProcess
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
SetStdHandle
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryDosDeviceW
GetLongPathNameW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
WriteConsoleW
K32GetMappedFileNameW
FileTimeToSystemTime
SetSearchPathMode
FormatMessageW
LoadLibraryA
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
Sleep
CreateMutexW
GetCurrentProcess
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
LocalFree
GetCommandLineW
SetEvent
CreateEventW
WaitForMultipleObjects
OpenEventW
CloseHandle
FormatMessageA
ReadConsoleW
DecodePointer
LoadLibraryExA
GetModuleFileNameA
GetWindowsDirectoryW
GetLocalTime
GetCurrentThread
GetProcessTimes
OutputDebugStringA
DebugBreak
SetFilePointer
GetFileSizeEx
DeleteFileW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
InitOnceBeginInitialize
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentDirectoryW
user32
KillTimer
PostMessageW
PostThreadMessageW
GetSystemMetrics
LoadIconW
SetWindowTextW
MonitorFromPoint
GetMonitorInfoW
MonitorFromRect
SetWindowPos
MoveWindow
GetCursorPos
GetAncestor
GetWindowLongW
OffsetRect
CopyRect
SystemParametersInfoW
ExitWindowsEx
IsWindow
IsIconic
ShowWindow
SetForegroundWindow
CreateWindowExW
DestroyWindow
GetClientRect
GetKeyState
BroadcastSystemMessageW
FindWindowW
SendMessageW
ChangeWindowMessageFilterEx
BringWindowToTop
EnableWindow
SetTimer
RegisterWindowMessageW
GetWindowRect
SetClassLongW
CreateDialogIndirectParamW
GetWindowThreadProcessId
GetMessageW
GetDC
GetPropW
SetActiveWindow
EnumChildWindows
GetShellWindow
RegisterClassExW
GetActiveWindow
OpenClipboard
DispatchMessageW
IsDialogMessageW
DefDlgProcW
CloseClipboard
EmptyClipboard
TranslateMessage
SetParent
SetClipboardData
SetWindowLongW
GetDesktopWindow
ReleaseDC
gdi32
GetDeviceCaps
advapi32
GetTokenInformation
LookupAccountSidW
GetAclInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyExW
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
IsWellKnownSid
ConvertSidToStringSidW
GetNamedSecurityInfoW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetAce
GetFileSecurityW
GetSecurityDescriptorDacl
GetSidIdentifierAuthority
shell32
SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteW
ole32
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
OleSetContainedObject
CoGetClassObject
OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize
oleaut32
SysAllocString
VariantCopy
SysFreeString
VariantInit
VariantClear
VariantChangeType
shlwapi
PathRemoveFileSpecW
PathAppendW
SHGetValueW
PathIsRelativeW
dwmapi
DwmIsCompositionEnabled
winmm
timeGetTime
ntdll
LdrFindResource_U
LdrAccessResource
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wintrust
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
rpcrt4
UuidCreate
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 216KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.detourc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 565KB - Virtual size: 564KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ