D:\a\weasel\weasel\output\weasel.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5
-
Size
872KB
-
MD5
62f5be54d15be8c3069a87554f1ee1b7
-
SHA1
e8cc2a831f3e8db21c2e1abc3b884452c7066549
-
SHA256
4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5
-
SHA512
79564035a49e931ff970d929ea666e9b0e5b6c5267b9f655b34d3be6b43a0a39e8409e38f9c72dda17ef28efd61a737f20959b57457a1221a909c0d817df832c
-
SSDEEP
24576:YM516PyBxKOySlT0ews0LiKbjrKSwF/JM:zdBxnySlT0ews0LiKbj2SwdJM
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5
Files
-
4c131b150653526c6f897b75488757e2de4b84e564921d3d45571fc747011fd5.dll regsvr32 windows:6 windows x86 arch:x86
54b5a968faa0ce66efb939c4a50ef085
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
LeaveCriticalSection
CreateMutexW
EnterCriticalSection
GetModuleFileNameA
GetEnvironmentVariableW
lstrcpyW
GetUserDefaultUILanguage
ExitProcess
GetSystemWow64DirectoryW
GetLastError
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetUnhandledExceptionFilter
GetCurrentProcessId
DeleteCriticalSection
GetLocalTime
CloseHandle
GetCurrentThreadId
CreateFileW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenEventA
ResetEvent
GetStartupInfoW
IsDebuggerPresent
ExpandEnvironmentStringsW
GetCurrentProcess
InitializeSListHead
IsProcessorFeaturePresent
WideCharToMultiByte
FormatMessageA
LocalFree
CreateEventA
SetEvent
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ReadFile
RaiseException
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
GetProcessHeap
WaitForSingleObjectEx
Sleep
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
UnhandledExceptionFilter
TerminateProcess
CreateEventW
user32
ToUnicodeEx
GetKeyboardState
GetKeyState
GetMenuItemCount
SetRect
CallWindowProcW
EndPaint
BeginPaint
DefWindowProcW
DestroyIcon
DrawIconEx
MessageBoxW
GetMonitorInfoW
CopyRect
GetCursorPos
UpdateLayeredWindow
GetClientRect
GetWindowRect
InvalidateRect
TrackMouseEvent
PtInRect
InflateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
IsRectEmpty
RedrawWindow
ReleaseDC
SetWindowPos
GetDC
MonitorFromRect
CreateWindowExW
SetWindowLongW
GetForegroundWindow
SendInput
GetFocus
DestroyWindow
LoadCursorW
GetCaretPos
GetWindowLongW
GetClassInfoExW
GetWindowThreadProcessId
GetSystemMetrics
LoadImageW
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuW
GetMenuItemInfoW
MessageBoxA
IsWindow
KillTimer
ShowWindow
SetTimer
UnregisterClassW
RegisterClassExW
advapi32
RegEnumKeyExA
RegGetValueW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameW
RegOpenKeyA
RegCloseKey
RegQueryValueExW
shell32
ShellExecuteW
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
dbghelp
MiniDumpWriteDump
gdiplus
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawPath
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipAddPathLineI
GdipAddPathArcI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateRegionPath
GdipDeleteRegion
GdipCloneRegion
GdipCombineRegionRegion
GdipIsEmptyRegion
GdipFillPath
GdipDrawImageI
d2d1
ord1
dwrite
DWriteCreateFactory
api-ms-win-shcore-scaling-l1-1-1
GetDpiForMonitor
gdi32
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
DeleteObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
Exports
Exports
??0?$codecvt_null@_W@archive@boost@@QAE@I@Z
??0?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAE@XZ
??1?$codecvt_null@_W@archive@boost@@UAE@XZ
??_F?$codecvt_null@_W@archive@boost@@QAEXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EBE_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EBEHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EBEHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UCandidateInfo@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UText@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextAttribute@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextRange@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UUIStyle@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 526KB - Virtual size: 526KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 171KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ