C:\BUILD\work\3ec1P)yGv(dvl7q@Vf#%AcG
Static task
static1
Behavioral task
behavioral1
Sample
d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051N.exe
Resource
win10v2004-20241007-en
General
-
Target
d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051N.exe
-
Size
2.5MB
-
MD5
187b9b21317fc31a90a5b804102e15b0
-
SHA1
c99f09128e405dd75bf218e80c048c613ef90359
-
SHA256
d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051
-
SHA512
d75fe63e440260c701fecb500e2f8f62e97207f31610d6a93b28fa0f33a0df9d80c665c1e86692933862cb1ecc4979f48aa643b0ad95aa484d6822a24bd44434
-
SSDEEP
49152:q2daHSl4E1Kn2w719v6ODWb2h7dk2YCRq7fjN8QC7a0N9esKsJIV4:P1K2Vio2h7G2YCRq7h5C7aHs7o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051N.exe
Files
-
d1e47440f39aa38030291c418b411fdb89e30cf8b909069da2c3b70fb02c8051N.exe.exe windows:6 windows x64 arch:x64
3bfc6245c191702e6c5b0465d6aeae95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
advapi32
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteTreeW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegEnumKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
SystemFunction036
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
QueryServiceStatus
ControlService
StartServiceW
OpenProcessToken
GetTokenInformation
OpenThreadToken
RegQueryInfoKeyW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateSelf
RevertToSelf
AllocateAndInitializeSid
RegEnumKeyExW
LookupAccountSidW
EqualSid
FreeSid
ConvertStringSidToSidW
RegOpenKeyExW
RegQueryValueExW
user32
RegisterClassExW
LoadStringW
GetClassInfoExW
oleaut32
SysAllocString
VariantClear
VariantInit
SysFreeString
shell32
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
ole32
CoUninitialize
CoCreateInstance
CoInitializeEx
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
ntdll
NtClose
NtOpenKey
NtQueryKey
NtDeleteKey
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
VerSetConditionMask
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
kernel32
LCMapStringEx
EncodePointer
WaitForSingleObjectEx
GetTickCount64
Sleep
GetLastError
OpenProcess
CloseHandle
TerminateProcess
WideCharToMultiByte
GetProcessTimes
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
QueryUnbiasedInterruptTime
GetSystemPowerStatus
SetDllDirectoryW
GetProcAddress
LocalFree
CreateMutexW
HeapSetInformation
SetPriorityClass
GetCurrentProcess
CreateFileW
FlushFileBuffers
MoveFileExW
CopyFileW
DeviceIoControl
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
ReleaseMutex
SetLastError
GetVersionExW
GetNativeSystemInfo
GetDiskFreeSpaceExW
GetLocaleInfoA
GetComputerNameW
OpenMutexW
GetCommandLineW
HeapFree
GetModuleHandleExW
InitializeCriticalSectionEx
HeapSize
FormatMessageW
HeapReAlloc
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WaitForSingleObject
GetExitCodeProcess
CreateIoCompletionPort
ResumeThread
SetEndOfFile
WriteFile
SetFilePointerEx
GetFileSizeEx
GetCurrentThread
CompareStringW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
K32GetProcessImageFileNameW
CreateProcessW
ReadFile
VerifyVersionInfoW
FlsAlloc
FileTimeToSystemTime
GetSystemTimeAsFileTime
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
GetSystemInfo
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
VirtualProtect
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
GetExitCodeThread
TlsFree
GetDriveTypeW
SetFilePointer
SetFileAttributesW
GetFileSize
GetWindowsDirectoryW
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
FindFirstFileW
FindClose
SetFileTime
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
WriteProcessMemory
InitializeCriticalSectionAndSpinCount
GetVersion
LockResource
FindResourceExW
SetEnvironmentVariableW
IsProcessorFeaturePresent
SetThreadAffinityMask
UnlockFileEx
SetFileInformationByHandle
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GetSystemTimes
RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
SleepEx
MoveFileExA
GetEnvironmentVariableA
CreateFileA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
CreateThread
CreateEventA
RegisterWaitForSingleObject
UnregisterWait
ExpandEnvironmentStringsA
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetVersionExA
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
GetCPInfo
IsDebuggerPresent
GetConsoleOutputCP
InitializeSListHead
ReadConsoleW
GetConsoleMode
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetStringTypeW
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
PeekNamedPipe
GetFileType
ExitProcess
GetStdHandle
FreeLibraryAndExitThread
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
ExitThread
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertOpenStore
ws2_32
WSACloseEvent
send
getsockopt
WSAResetEvent
WSAGetLastError
ntohs
recvfrom
WSASetLastError
WSAEnumNetworkEvents
WSACleanup
closesocket
WSAWaitForMultipleEvents
socket
__WSAFDIsSet
select
bind
WSACreateEvent
WSAStartup
connect
getsockname
recv
setsockopt
WSAEventSelect
ntohl
WSAIoctl
htonl
ioctlsocket
gethostname
getservbyname
htons
bcrypt
BCryptGenRandom
winhttp
WinHttpCrackUrl
iphlpapi
if_nametoindex
GetBestRoute2
FreeMibTable
GetUnicastIpAddressTable
if_indextoname
CancelMibChangeNotify2
GetAdaptersAddresses
NotifyIpInterfaceChange
shlwapi
PathMatchSpecW
Exports
Exports
asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 555KB - Virtual size: 555KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 164KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ