Static task
static1
Behavioral task
behavioral1
Sample
8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1.exe
Resource
win11-20250619-en
General
-
Target
8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1
-
Size
1.0MB
-
MD5
d495e6ec61adaac8953650e15ed0f9af
-
SHA1
4037d8cee3f51538b99074c824394904764ecff4
-
SHA256
8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1
-
SHA512
267dd0b04c8e5dc0feb9f9d4672daeef1b6e10523577321a092259b96c83850696a9a52d3700853b6bd48eed7710fe001e04dba2c1a91f0723e2811661c93dfd
-
SSDEEP
12288:8bCILvCEhIooDNBuU/pvMKcOIC8wFARPyC:xIKcVrRPyC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1
Files
-
8819901803fae5fe0663aa53a4b35c92a213979be8bc09486ce2e6bab4917be1.exe windows:6 windows x86 arch:x86
deb595bd13f08827d77d6bf3271d812c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
nazdaktronics
NazDaktronics_SendMessage
streetwise2bridge
SW2SQLObj_getString
SW2SQLObj_getInt
SW2SQLObj_getDate
SW2SQLObj_doQuery
SW2SQLObj_setWSObjType
SW2_Log
SW2SQLObj_setColumnDataInt
SW2SQLObj_doCommand
SW2SQLObj_setColumnDataDate
SW2_SendMail
SW2_ClearSession
SW2SQLObj_getFloat
SW2_ReportHealth
SW2_RegisterUpdateFilesCallback
SW2_RegisterManualControlCallback
SW2_RegisterPriorityControlCallback
SW2_RegisterInstantReportCallback
SW2_RegisterCMSCallback
SW2_RegisterEmailCallback
SW2_RegisterDownloadCompleteCallback
SW2_RegisterAlarmCallback
SW2_SetProperty
SW2_RegisterAlarmChangeCallback
SW2_SendDelayedIncidentTrigger
SW2_SendDelayedMail
SW2SQLObj_getRowCount
SW2SQLObj_setColumnDataString
SW2SQLObj_resetWSObjType
SW2_RegisterDhcpIpCallback
SW2_RegisterUploadCallback
SW2_RegisterDownloadCallback
mscoree
CorBindToRuntimeEx
dbflibnt
_DbfWriteRec@8
_SetDeleted@4
_FldCount@4
_FldWidth@8
_DbfSkip@8
_FldName@12
_DbfZap@4
_DbfGo@8
_DbfTop@4
FldPtr
_DbfAppend@4
FldCopy
_DbfClose@4
_CvtAsciiToDouble@8
_FldType@8
CvtDateToChar
_DbfDelete@8
_DbfOpen@12
_FldReplace@12
_DbfPackAndReindex@8
_DbfCreateFile@24
_FldValue@8
_DbfReccount@4
_SetAllowNulls@4
_DbfDeleted@4
_DbfRecno@4
xipc
MemRead
QueListBuild
QueReceive
MemWrite
XipcError
XipcLoginEx
QuePurge
QueAccess
XipcLogout
MemAccess
QueSend
wsock32
WSACleanup
WSAStartup
ioctlsocket
accept
recvfrom
recv
htons
setsockopt
WSAGetLastError
gethostname
inet_addr
listen
gethostbyname
sendto
connect
closesocket
socket
bind
send
xnmhb580
xvt_help_process_event
xvt_help_set_menu_assoc
xvt_help_open_helpfile
xvt_help_close_helpfile
xvt_help_set_win_assoc
kernel32
GetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WinExec
GetSystemTimeAsFileTime
SetSystemTime
Sleep
CreateProcessA
GetSystemTime
SetLocalTime
SetThreadPriority
CreateMutexA
CopyFileA
TerminateThread
CreateDirectoryA
WaitForSingleObject
ReleaseMutex
GetModuleFileNameA
ExitThread
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
shell32
ShellExecuteA
xnmba580
xvtv_str_find_substring
xvtv_tx_add_par
xvtv_tx_is_valid
xvtv_tx_clear
xvtv_tx_create_def
xvtv_tx_destroy
xvtv_tx_move
xvtv_tx_set_font
xvtv_rect_set_height
xvtv_rect_set_pos
xvtk_vobj_destroy
xvtv_list_add
xvtk_vobj_is_list
xvtk_list_clear
xvtk_list_get_sel_index
xvtk_list_is_sel
xvtk_list_resume
xvtk_list_set_sel
xvtk_list_suspend
xvtk_vobj_get_attr
xvtv_mem_set_functions
xvtv_mem_get_functions
xvtk_vobj_get_client_rect
xvtk_vobj_move
xvtv_vobj_set_attr
xvtk_vobj_set_enabled
xvtv_vobj_set_title
xvtk_vobj_translate_points
xvtk_app_allow_quit
xvtv_app_destroy
xvtv_fsys_get_file_attr
xvtk_fsys_convert_dir_to_str
xvtk_fsys_get_default_dir
xvtv_debug_printf
xvtv_dm_post_error
xvtv_dm_post_file_open
xvtv_dm_post_note
xvtv_win_create_res
xvtk_win_dispatch_event
xvtk_win_get_ctl
xvtv_win_get_tx
xvtv_tx_reset_colors
xvtk_ctl_is_checked
xvtk_ctl_set_colors
xvtv_ctl_set_font
xvtk_ctl_set_checked
xvtv_font_create
xvtv_font_deserialize
xvtv_font_destroy
xvtk_timer_create
xvtv_slist_add_at_elt
xvtv_slist_is_valid
xvtv_slist_add_at_pos
xvtv_slist_add_sorted
xvtv_slist_count
xvtv_slist_create
xvtv_slist_destroy
xvtv_slist_get
xvtv_slist_get_elt
xvtv_slist_get_first
xvtv_slist_get_next
xvtv_slist_rem
xvtwi_End
xvtwi_Init
xvtwi_Begin
xvtwi_xvt_system
xvtv_tx_get_tx
xvtv_str_compare_n_char
xvtv_mem_zalloc
xvtv_mem_realloc
xvtv_mem_free
xvtv_mem_alloc
xvtv_str_copy
xvtv_font_is_valid
xvtv_rect_repair_ptr
xvtv_app_proc_update
xvtv_errmsg_dispatch
xvtv_dwin_clear
xvtv_errfrm_mark_API
xvtv_errfrm_unmark_API
vcruntime140
strstr
_except_handler4_common
memset
__current_exception_context
__current_exception
memcpy
api-ms-win-crt-runtime-l1-1-0
_errno
_invalid_parameter_noinfo
_beginthread
system
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argc
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
exit
api-ms-win-crt-stdio-l1-1-0
_lseek
_filelength
fclose
_write
_set_fmode
__p__commode
fseek
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
fwrite
__stdio_common_vsprintf
fputs
__stdio_common_vfprintf_s
_sopen
__stdio_common_vfscanf
__stdio_common_vsscanf
_open
_close
fgets
fopen
_read
api-ms-win-crt-string-l1-1-0
_stricmp
tolower
strtok
strncpy_s
isdigit
strcat_s
strncat
strncat_s
strncpy
isgraph
isalnum
strcpy_s
api-ms-win-crt-time-l1-1-0
_localtime32
_difftime32
_mktime32
_time32
_ctime32
_gmtime32
strftime
clock
api-ms-win-crt-convert-l1-1-0
strtoul
_itoa
_gcvt
atoi
atol
atof
api-ms-win-crt-filesystem-l1-1-0
_stat32
_fstat32
remove
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
realloc
api-ms-win-crt-process-l1-1-0
_cwait
api-ms-win-crt-utility-l1-1-0
_swab
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 744KB - Virtual size: 148.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ