D:\a\_work\1\s\x64\Release\PowerToys.pdb
Static task
static1
Behavioral task
behavioral1
Sample
1e5db657d02c4e540214371e6d855018d74d4c3cd394741d934baf57de84a7c7.exe
Resource
win7-20240903-en
General
-
Target
1e5db657d02c4e540214371e6d855018d74d4c3cd394741d934baf57de84a7c7
-
Size
1.7MB
-
MD5
1d35ed7172326916b83883529b33b440
-
SHA1
3b2eb109b395ba04ce17c454618d44fb71830339
-
SHA256
1e5db657d02c4e540214371e6d855018d74d4c3cd394741d934baf57de84a7c7
-
SHA512
877d268ceed1b34faee76baeceebcc00376f82f4bb4f6489b2f9925ac9afe64859fceb884c84807c6f501aa6e6c62df32de3e428c2806640895bc07a87a10f9f
-
SSDEEP
49152:UZcF5AG33sp1ysXjS2kFO74BvyCMVjWncf:Xb+ysoBvJMVjWnc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1e5db657d02c4e540214371e6d855018d74d4c3cd394741d934baf57de84a7c7
Files
-
1e5db657d02c4e540214371e6d855018d74d4c3cd394741d934baf57de84a7c7.exe windows:6 windows x64 arch:x64
0fd2d28206103fb0fc335ab155ce2447
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
gdiplus
GdiplusStartup
api-ms-win-core-io-l1-1-0
CancelIoEx
api-ms-win-core-file-l1-1-0
FindClose
GetFileAttributesExW
GetFileAttributesW
ReadFile
GetFileSizeEx
CreateDirectoryW
FindNextFileW
FindFirstFileExW
SetFileInformationByHandle
FindFirstFileW
CreateFileW
WriteFile
GetFileType
SetFilePointerEx
DeleteFileW
FlushFileBuffers
SetEndOfFile
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
api-ms-win-core-namedpipe-l1-1-0
SetNamedPipeHandleState
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
WaitNamedPipeW
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-security-base-l1-1-0
EqualSid
MakeAbsoluteSD
CopySid
AllocateAndInitializeSid
FreeSid
GetLengthSid
GetTokenInformation
api-ms-win-core-heap-l1-1-0
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapDestroy
HeapFree
HeapSize
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
api-ms-win-core-heap-l2-1-0
GlobalAlloc
LocalFree
GlobalFree
LocalAlloc
oleaut32
GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocString
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
GetCommandLineA
GetStdHandle
SetEnvironmentVariableW
SetStdHandle
api-ms-win-core-libraryloader-l1-2-0
LockResource
LoadStringW
SizeofResource
FindResourceExW
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
LoadResource
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExW
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoGetApartmentType
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoRegisterClassObject
CoTaskMemFree
CoRevokeClassObject
CoInitializeEx
CLSIDFromString
CoUninitialize
api-ms-win-core-synch-l1-1-0
CreateEventW
WaitForSingleObjectEx
SetEvent
ReleaseSemaphore
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
CreateSemaphoreExW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockExclusive
OpenSemaphoreW
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-processthreads-l1-1-0
SwitchToThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
CreateThread
TerminateProcess
ExitThread
ExitProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
InitializeProcThreadAttributeList
GetExitCodeThread
GetStartupInfoW
UpdateProcThreadAttribute
CreateProcessW
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
LCMapStringEx
IsValidLocale
FormatMessageW
GetCPInfo
EnumSystemLocalesW
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
FormatMessageA
IsValidCodePage
GetACP
GetLocaleInfoEx
GetOEMCP
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryA
LoadLibraryW
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
Sleep
api-ms-win-shcore-obsolete-l1-1-0
CommandLineToArgvW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
IsProcessorFeaturePresent
rpcrt4
UuidCreate
RpcStringFreeW
UuidToStringW
shlwapi
PathRemoveFileSpecW
ord219
kernel32
LocalSize
user32
GetKeyboardLayout
MapVirtualKeyExW
MessageBoxW
ToUnicodeEx
GetKeyNameTextW
SetProcessDpiAwarenessContext
PostThreadMessageW
RegisterHotKey
ChangeWindowMessageFilterEx
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
DefWindowProcW
GetDoubleClickTime
TrackPopupMenu
GetSubMenu
LoadMenuW
RegisterWindowMessageW
GetCursorPos
DestroyWindow
DestroyMenu
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
SendMessageW
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
SendInput
GetAsyncKeyState
CallNextHookEx
GetShellWindow
GetWindowThreadProcessId
PostMessageW
FindWindowW
KillTimer
SetTimer
TranslateMessage
DispatchMessageW
GetMessageW
UnregisterHotKey
shell32
Shell_NotifyIconW
ShellExecuteExW
SHGetKnownFolderPath
ole32
CoInitialize
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-console-l1-1-0
WriteConsoleW
ReadConsoleW
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
api-ms-win-core-timezone-l1-1-0
GetTimeZoneInformation
GetDynamicTimeZoneInformation
api-ms-win-core-console-l2-1-0
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
api-ms-win-eventing-controller-l1-1-0
EnableTraceEx2
StartTraceW
ControlTraceW
api-ms-win-core-psapi-l1-1-0
K32GetModuleFileNameExW
api-ms-win-core-sysinfo-l1-2-0
GetSystemTimePreciseAsFileTime
api-ms-win-core-file-l1-2-2
AreFileApisANSI
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlCaptureContext
RtlPcToFileHeader
RtlLookupFunctionEntry
api-ms-win-core-threadpool-l1-2-0
TrySubmitThreadpoolCallback
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
InterlockedPushEntrySList
api-ms-win-core-fibers-l1-1-0
FlsFree
FlsGetValue
FlsAlloc
FlsSetValue
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
GetTimeFormatW
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
api-ms-win-core-winrt-error-l1-1-1
RoOriginateLanguageException
Sections
.text Size: 809KB - Virtual size: 809KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 572KB - Virtual size: 576KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE