C:\jenkins_home\workspace\indows-4.5-non-Arxan_release_5.6\CloudAgentInstaller\Release\CloudAgentInstaller.pdb
Static task
static1
Behavioral task
behavioral1
Sample
df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a.exe
Resource
win10v2004-20241007-en
General
-
Target
df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a
-
Size
8.8MB
-
MD5
2451d523a7045d8b626879f156950ddb
-
SHA1
f57843eefdc046cd6ae291ae303ecd60b27e8a28
-
SHA256
df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a
-
SHA512
427667d0df7f32dc62f1f7668bbcd05335c8966ba2db0033551c42c24bfd90c5e0c1fe6383449fb2f26c4cd1a042ad47f2fb38573481f705ba63d917883542c2
-
SSDEEP
98304:UPwv0GCAR4IQrKgz3rNK9BLqzMIfEmUdWVupjJJWhWcV:UPwHCAcKgz3rNKzqzMcvUdWVuxbWhWcV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a
Files
-
df07e9d7f9efced01c63ce3b973e5250e26ce436cf5fd296617343473dd3ff0a.exe windows:5 windows x86 arch:x86
667cd4ebeeff36c77bc94683d50504ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
GetConsoleCP
GetVersion
VerSetConditionMask
VerifyVersionInfoW
UnlockFile
DebugBreak
FindFirstFileW
CompareFileTime
FindNextFileW
FindClose
TerminateProcess
GetCurrentThread
SetThreadPriority
SetFileAttributesW
GetModuleFileNameW
GetTimeZoneInformation
GetSystemDirectoryW
HeapCompact
GlobalAlloc
GetLocalTime
CreateDirectoryW
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
SetThreadAffinityMask
ResumeThread
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
GetFileTime
GetSystemWow64DirectoryW
GlobalFree
DecodePointer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
ReleaseMutex
CopyFileW
CreateMutexW
SetDllDirectoryW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW
IsWow64Process
OutputDebugStringW
GetFileSizeEx
WriteFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
OpenProcess
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetLastError
SetStdHandle
WriteConsoleW
LoadLibraryExW
HeapDestroy
GetConsoleWindow
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
EncodePointer
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
user32
ShowWindow
MessageBoxW
advapi32
ControlService
StartServiceW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
GetTokenInformation
CryptReleaseContext
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TreeResetNamedSecurityInfoW
shell32
SHCreateDirectoryExW
shlwapi
PathFindFileNameW
PathCombineA
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
PathCombineW
Sections
.text Size: 1.3MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 248KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7.2MB - Virtual size: 7.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ