devcon.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
General
-
Target
6ad7e53a2be770f646ef21fd5bcee00b71479a733937856b0f6d9132b8dc4521.exe
-
Size
91KB
-
MD5
b7db3fa0c089cd47d831b6c1d4d212a9
-
SHA1
06924776a0ddcffda8ce5c1d08c46488937df678
-
SHA256
6ad7e53a2be770f646ef21fd5bcee00b71479a733937856b0f6d9132b8dc4521
-
SHA512
d5961517bcc0b5a33fdf1ec8a6047723ffc48a2bd5b139400bdd007a8fc6b2bbc11b40dc4f3f8d7f6f227f0276363f0c571c04ef9a0191bbca93a552f78db487
-
SSDEEP
1536:jiq1GxAg85me0rfAJMsa2tjdMF4O7WV2XmatGCq2iW7z+:jiqExAf5me0rfAJMsa2hyRWV2vtGCHS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6ad7e53a2be770f646ef21fd5bcee00b71479a733937856b0f6d9132b8dc4521.exe
Files
-
6ad7e53a2be770f646ef21fd5bcee00b71479a733937856b0f6d9132b8dc4521.exe.exe windows:10 windows x86 arch:x86
3b302c16d4b2b86b0b32dd6579099d94
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW
kernel32
GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
msvcrt
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
memset
_callnewh
malloc
free
__iob_func
_cexit
_XcptFilter
wprintf
towupper
fputws
iswalpha
wcsrchr
fputs
_wcsnicmp
towlower
_wcsicmp
wcschr
ole32
CLSIDFromString
setupapi
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
SetupScanFileQueueW
CM_Get_Next_Res_Des_Ex
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
SetupDiClassGuidsFromNameExW
SetupDiGetClassDescriptionExW
SetupDiGetDriverInfoDetailW
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Get_First_Log_Conf_Ex
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiDestroyDriverInfoList
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupCloseInfFile
SetupDiOpenClassRegKeyExW
CM_Get_Res_Des_Data_Ex
SetupDiGetDriverInstallParamsW
SetupCloseFileQueue
user32
CharNextW
CharPrevW
LoadStringW
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0�֣u� Size: 16KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE