ISIGN32.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ac494205f38dc31a976d8d5e5e055a27e634625b9cf95d046ad0bf18f9a443b2N.dll
Resource
win7-20240903-en
General
-
Target
ac494205f38dc31a976d8d5e5e055a27e634625b9cf95d046ad0bf18f9a443b2N
-
Size
140KB
-
MD5
81bbdaf7d1a9102e7dc6b07c99aae9a0
-
SHA1
f47d1b65a127de229f283e5d4df17b4557b08682
-
SHA256
ac494205f38dc31a976d8d5e5e055a27e634625b9cf95d046ad0bf18f9a443b2
-
SHA512
04bf1bb3aedc12900f00736f56dbe647407b1b375413cfebd8b449c9c02bc05ccd74e6c391e5ddc3d405fb07be56f2dacc7992aa202deed3c01faaca6845c3dd
-
SSDEEP
3072:68t1Ohg3RWQZh5zPIHVyDvhmCyaenWVo/estel5XkATa/hG:omRWQn5zaVQVenWVoWsIr6G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ac494205f38dc31a976d8d5e5e055a27e634625b9cf95d046ad0bf18f9a443b2N
Files
-
ac494205f38dc31a976d8d5e5e055a27e634625b9cf95d046ad0bf18f9a443b2N.dll windows:5 windows x86 arch:x86
ea1bb93e46a84c45cc12f56dff86b3fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
malloc
_initterm
free
memmove
wcslen
_wsplitpath
_wmakepath
_adjust_fdiv
wcschr
wcsrchr
atof
_wtoi
??2@YAPAXI@Z
??3@YAXPAX@Z
wcstombs
mbstowcs
_vsnwprintf
kernel32
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExW
lstrlenW
LocalFree
lstrcpynW
LocalAlloc
lstrlenA
GetPrivateProfileStringW
lstrcmpiW
FreeLibrary
GetProcAddress
LoadLibraryW
GetPrivateProfileSectionW
GlobalFree
GlobalAlloc
lstrcpyW
lstrcatW
GetWindowsDirectoryW
CompareStringW
lstrcmpW
GetLastError
OutputDebugStringW
_lclose
_lwrite
_lcreat
GetPrivateProfileIntW
UnmapViewOfFile
CloseHandle
MapViewOfFile
CreateFileMappingW
SetLastError
Sleep
FindClose
FindFirstFileW
_llseek
_lread
_lopen
SetFileAttributesW
ExpandEnvironmentStringsW
CreateProcessW
GetCurrentProcess
WaitForSingleObject
CreateEventW
DeleteFileW
GetModuleHandleW
CreateThread
CreateSemaphoreW
WriteFile
CreateFileW
GetTempFileNameW
GetCurrentDirectoryW
GetTempPathW
GetShortPathNameW
GetFullPathNameW
GetSystemDirectoryW
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
SetCurrentDirectoryW
SetEvent
LocalReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
user32
SetTimer
MessageBoxW
wsprintfW
ShowWindow
LoadStringW
SetDlgItemTextW
SetWindowTextW
FindWindowW
GetParent
EndDialog
GetDlgItemTextW
DialogBoxParamW
RegisterWindowMessageA
SetWindowPos
KillTimer
PostMessageW
SendMessageW
CharNextW
CharPrevW
GetWindowTextW
IsWindowVisible
EnumWindows
DispatchMessageW
MsgWaitForMultipleObjects
SetForegroundWindow
SetFocus
CreateDialogParamW
IsWindow
UpdateWindow
ExitWindowsEx
DefWindowProcW
PostQuitMessage
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
DestroyWindow
TranslateMessage
GetMessageW
SetRect
ReleaseDC
GetDC
GetWindowRect
GetDlgItem
SetWindowLongW
GetWindowLongW
PeekMessageW
GetClassNameW
gdi32
GetDeviceCaps
GetStockObject
advapi32
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
shell32
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation
ShellExecuteExW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
tapi32
lineTranslateAddressW
lineShutdown
lineInitialize
lineGetTranslateCapsW
oleaut32
VariantInit
SysAllocString
SysFreeString
ole32
CoCreateInstance
CoInitialize
CoUninitialize
Exports
Exports
AutoDialLogon
AutoDialLogonA
AutoDialLogonW
AutoDialSignup
AutoDialSignupA
AutoDialSignupW
IEAKProcessISP
IEAKProcessISPA
IEAKProcessISPW
Signup
Sections
.text Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE