Static task
static1
Behavioral task
behavioral1
Sample
3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8.dll
Resource
win10v2004-en-20220112
General
-
Target
3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8
-
Size
523KB
-
MD5
95f48e694a8beb8fd3a21a0b7ce73aa6
-
SHA1
6b5e94e8f94905be32eabc56ebf91ebd818dc61a
-
SHA256
3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8
-
SHA512
ac8df20bbbc36a77ef795ce047b942d3f0543f4baf92f4b9bf1df5ab8a31e6360c28c496ffbbda79c28408107d9fe9df4912ffd7cf25a532ce439ccd386b00a2
-
SSDEEP
12288:HJ9Q59mktu69ZSLxRbAOHddihFDTg0mXMaCsbeUWzHbFMmsih0ghD:vTrPdihFDTg0mXMaCsbezzbkyh
Malware Config
Signatures
Files
-
3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8.dll windows x86
eedba6c798d77dcccfec1ed86c2501a3
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindClose
ReadFile
GetConsoleMode
GetConsoleCP
FindFirstFileExW
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
GetStdHandle
FindNextFileW
IsValidCodePage
WriteFile
GetACP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
SetStdHandle
GetTimeFormatW
GetDateFormatW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
InterlockedFlushSList
GetOEMCP
FreeLibrary
GetLastError
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ReadConsoleW
HeapSize
CreateFileW
WriteConsoleW
CreateEventA
FormatMessageA
CreateDirectoryA
GetSystemTimeAsFileTime
FindFirstChangeNotificationA
GetProcessHeap
VirtualProtectEx
GetLocalTime
HeapAlloc
GetWindowsDirectoryA
ResetEvent
FileTimeToSystemTime
CreateFileA
CopyFileA
Sleep
GetVersion
GetCurrentDirectoryA
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetEnvironmentVariableW
VirtualAlloc
GetCPInfo
SetSystemPowerState
VirtualFree
VirtualProtect
IsValidLocale
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
CloseHandle
SetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
user32
SendMessageTimeoutA
InflateRect
BeginPaint
ReleaseDC
InvalidateRect
CheckDlgButton
EndDeferWindowPos
IntersectRect
CreateWindowExA
DestroyMenu
DefWindowProcA
EnumWindows
SetWindowTextA
LoadBitmapA
ValidateRect
GetWindowLongA
MapWindowPoints
ExitWindowsEx
IsDialogMessageA
OpenClipboard
GetClassInfoExA
GetSystemMetrics
CallNextHookEx
GetIconInfo
PostMessageA
gdi32
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
ole32
CLSIDFromString
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
ws2_32
sendto
setsockopt
socket
getsockname
WSAStartup
gethostbyname
WSACleanup
gethostname
winspool.drv
DocumentPropertiesA
DeletePrinterConnectionA
OpenPrinterA
AddPrinterConnectionA
ClosePrinter
GetJobA
advapi32
CloseServiceHandle
RegOpenKeyExA
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
RegSetValueExA
CreateServiceA
SetSecurityDescriptorDacl
SetEntriesInAclA
AdjustTokenPrivileges
RegEnumKeyA
RegCloseKey
StartServiceCtrlDispatcherA
GetTokenInformation
RegQueryValueExA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
ControlService
winmm
timeBeginPeriod
timeEndPeriod
PlaySoundA
comdlg32
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
ChooseFontA
GetFileTitleA
comctl32
ImageList_GetImageCount
ImageList_Create
ImageList_GetBkColor
ImageList_GetIcon
ImageList_DragEnter
ImageList_EndDrag
rasapi32
RasGetConnectStatusA
RasEnumConnectionsA
Sections
.text Size: 482KB - Virtual size: 482KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ