LoÆv@�b�/9Z�Ќ6;'>� 1/z����{�ޙ�A��5�`�ׂ.劇�]c�0ۆ(&y�#������b܂ǮA��s��֛1�IC�kh>Q��MN��cv��1x}�R�*����7=����3��>X�!���j��_�D-$�WcJ� �MA��&Ms�����P@�����RV�f��2���K��]���J���k��R�, ���;,��2��Fv��t�u�4�&�>K�s��^9�BY�2��nΗ�o �'Dk�1���V�����^�Z�t!���:�d�������ԠTHP�d'�E�q�ų�����3=A�짿���+���[��2�#�}��@�y�gYv� Rq��A�E�aM.m ��&�L!�,,���$�@$�l�l�2�S��q`�d2R�Y�m�1�h� AJ�ݞ�CU�]�n4�Q�qA�'�QGcY��O�f�ꚤ�[>�T�&_�>W=�|͒���:H���.I �*�iy�1�2L�J\�g��uQ!�S��m����Y:�'z���1Τév���-�B|����8a܃�}T0��0-��V�7�c �A�$̾5s��l���/�\*��Z��d�ݾ�p�e�{�@|i�?�p|�S��S��6�0�u�x]�(!��� ��T���!= l��i��ƪBi?f��R�x�Tx*m�`T�9�˽i�+������dM�Q7�j�,�P!�(\���eh�o�r����=����J���B��u�� ��&�1;r��9�-L��k+JL}{`��*IM�a���H��&c��\Է6�;�����=c���,S�I����Pg#��m�R^*�hnX��K5�H:}�2�_k�gk{��w�y��tc�\m�i�e/�bra���Jmu�j��h�S���� ߃�*[�E�"tӭ8�7PDW��C��M(B��ǹ�o���>�~ǘ*�X�B��`MX"1�JV�d�:y��۔c!���'�(|l�Í�t �p���[��|@ J��Dr��=& ��w�,"#����b�z���9dِ��!.%���]�DZ�Q��$�R�E��7.i|R�&�� ���ds'}�R�!gTT��S�ݙ#��FT��� ���E��rmل]�1$��0!-�E�o��ڥ`R���~�66�����$�1 5Ъ �AC���'��º��$,�aq�z��Ǘ(�>��K��<>2̿w�Ӳ[�OE5OeA"f��cF_j�\� ''�SN @?�&�fAp2�S@#8m&�Nؤ��B�B��^J{$����vΌ�_�)�Y��5 p��>�ʟ���^&ρ��ˬ����ٶ��L q�eBSZ���I�J��y+�)U�:J�6���2�����/tJ���G�B�z�k6����{�$D��Rĺ; ���;-~L2�� ��do¬s���w��:s4W������o�Em�8@S�'{�`f�o��N�f�7��u�B]��R2y�.�S����#���$����Ղ��m��eB����b�iya�,����L��k�>��u��4�"������*��?�Y����������aXGQ��Wm�N��Q �#B���ӳ���`L������xT��۞{������bY�,1<=[y�E��S� �埜uġ]fEf�<-�e���1y�3?���^`/���>nȥ+�^M��%UAl�x���7��O�����{��ď��B�]�)����77K6������75�+zqy�U��6�����Q�Nw���Xk� T?�(�l?�"&hQW>>�%4F��4��Mt^v:� ��6�n�9`�>6YCrJ�s���! ��$�!�y�e듪J`�2���<�(BɮX2��!_����J�s7La��������OM�ʍ���w�y��1d I���Fޣf��")o'�=���̵������$�q+8,���� { 7�vW���맗��*���{�L�z��l h�6� {4 �N������<�?��|��+�lyY%��qx���ů��͍"�d�ty�"��_$`wL\(@H<���G�Z�-�e�zt<�o��f*�ZQM��j�X����N5�;3W�擙�L]��5�J"�ڭqʺ�Q�18���X�G��V8�!��Lc�"����>S1��M����� ��455��`4I�7����O������̽�C±���2�����$�R���d�n�!ߕy\�e�)�S����]2vۼ��4j�#:�����E�o)75i�'�d�F�Q����aѫ���8�ߛ�����fU�}g��q�H^/>� *�:m�^��Ƨ\`>L[^��_{�ނA �Ek"q�61���o7n���ڐ�큳�p��< �����Y���BD��>���.}�$��n�v��e$��E�iK�m������l����v��Ur�Q�Օ���rg��c��1�ٳ�"��t�����_�ς�sG1��x�w�������0c��E��m/خ;[��5����iXA�y.3��?O�J�>�����5�����>vYl"�R�f�8�R���u�h��g�o/�ij�@+�;��K�J.e�[�����f�E�r�zW;;u�"��hGI��З,<<�z��F��dwf�9��V�����P�s~ϵ���r��#Ѯ��9�_v��L1]�E��J$�N��1��8�I�ю�W����U��ԃ'��M>r�H6��?�*�U�5�Í���2@�ݴ�FJ�v�|�M�-ݭ���Ҽ���A ~LjQ�.��sϮ�W��/���0�on}��c�i����2)�#��yi@7ݗ;×]��S����f"'@�|�*`N��ae���������0��K6�����Zf�˅�?�8l�r"o��T�{@v��ϛ�c�ۡT�}/�_���kN�C�4x���zx�rAR�}�]��g�U?������op�KJz���2�N��]�@��ISAd�6o��SגU��W�Y2?�=�@���!��K�����!G�Z��ȣx�b�=� :T�{`*��A��6#w�@��}m�z����t1�A��q�Ι^Z��4Ɓ�$��XU=Ͻ��>�P`sAJ�
Static task
static1
Behavioral task
behavioral1
Sample
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2.exe
Resource
win10v2004-en-20220113
General
-
Target
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
-
Size
4.8MB
-
MD5
7d13e9ce716ea55bd73ea87055b8fa4b
-
SHA1
b42ad1b713cca94d44abc97b23a99d1ddc2b8866
-
SHA256
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
-
SHA512
9fde41cb27a4c2a6436b628ff645f3201ec9378480f90ea859509417878682143fa30d34edee95175a22474f199a5c78a7b6bf0d69ed804d8717c428aba50260
-
SSDEEP
98304:WZKhG387D9HGnWnaXLHebEr4EDj1cVKkoCvc6ubAYwhzt5SrApfUAkvsfxP:w7M7D9WWnaXLHeEr1VcVKkoMYwhJVfU
Malware Config
Signatures
Files
-
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2.exe windows x86
9f35e965f6effd939584bb73fc92ab6c
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wtsapi32
WTSSendMessageW
kernel32
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
Exports
Exports
Sections
.text Size: - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
..search Size: - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
..search Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ