Static task
static1
Behavioral task
behavioral1
Sample
b75e1391fcb558e42cc05399fa716829114323e1d01aa284445955548302d71f.exe
Resource
win7-20220414-en
General
-
Target
b75e1391fcb558e42cc05399fa716829114323e1d01aa284445955548302d71f.exe
-
Size
241KB
-
MD5
23c77075baf7c9ba4e669239a7e1ab4c
-
SHA1
014421bdb1ea105a6df0c27fc114819ff3637704
-
SHA256
b75e1391fcb558e42cc05399fa716829114323e1d01aa284445955548302d71f
-
SHA512
08de7c9228f277fff346c6cdcfc1b27588772339c5be54960e3a16cfb7c4295dd9f87d1a62c02d1805618c939ef66923f5cd86de5c0b6e4e7a2c1a344ab083ab
-
SSDEEP
6144:qszGx9g1FlcP1CjXvcYKGy7VvfTB82dkGfnvY/:qsDlAAjXzhy7VvfT/d3fk
Malware Config
Signatures
Files
-
b75e1391fcb558e42cc05399fa716829114323e1d01aa284445955548302d71f.exe.exe windows x86
ebb0caae06e7200e8363340295d6765a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadFile
GetStartupInfoW
DisconnectNamedPipe
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
FindClose
CreateEventW
RemoveDirectoryW
CreatePipe
CancelIo
FindNextFileW
GetCurrentThreadId
GetDiskFreeSpaceExW
GetWindowsDirectoryW
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
DeleteFileA
GetVolumeInformationW
CreateThread
GetFileSize
InterlockedExchangeAdd
ConnectNamedPipe
CreateNamedPipeW
FlushFileBuffers
GetLocalTime
SetFilePointer
GetTempFileNameW
GetTempPathW
FreeLibrary
TerminateProcess
Sleep
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
GetCurrentThread
FlushInstructionCache
VirtualAlloc
VirtualProtect
SuspendThread
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
QueryDosDeviceW
DeviceIoControl
GetVersionExW
GetNativeSystemInfo
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
OpenProcess
GlobalAlloc
GetProcessHandleCount
GlobalFree
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetModuleHandleA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetEvent
CopyFileW
WaitForSingleObject
CreateDirectoryW
FatalAppExitW
TerminateThread
LoadLibraryW
WriteFile
GetTickCount
GetModuleHandleW
GetFileAttributesExA
GetLogicalDrives
QueryPerformanceCounter
SetFilePointerEx
GetCurrentProcess
SetUnhandledExceptionFilter
CreateProcessW
SetErrorMode
GetDriveTypeW
PeekNamedPipe
FindFirstFileW
ExitProcess
CloseHandle
DeleteCriticalSection
GetFileAttributesExW
GetComputerNameW
GetModuleFileNameA
EnterCriticalSection
CreateDirectoryA
CreateFileW
GetSystemDirectoryA
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
SetFileTime
user32
GetWindowThreadProcessId
ExitWindowsEx
GetForegroundWindow
GetSystemMetrics
GetWindowTextW
gdi32
DeleteDC
GetDIBits
CreateDCW
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
advapi32
QueryServiceConfigW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
ControlService
QueryServiceStatusEx
EnumServicesStatusW
ChangeServiceConfigW
SetSecurityDescriptorDacl
StartServiceA
InitializeSecurityDescriptor
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
GetUserNameW
shell32
ShellExecuteW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
shlwapi
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA
PathAppendA
PathAppendW
ws2_32
getsockname
htons
select
WSAStartup
inet_ntoa
connect
setsockopt
listen
__WSAFDIsSet
bind
getpeername
send
getsockopt
WSACleanup
recv
socket
closesocket
accept
gethostbyname
psapi
GetProcessImageFileNameW
GetProcessMemoryInfo
wininet
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetSetFilePointer
msvcrt
_ftol2
free
malloc
strlen
_snprintf
memset
strcat
memcpy
_stricmp
sprintf
wcscat
_snprintf_s
strstr
strcpy
atoi
_wremove
_except_handler3
printf
??_V@YAXPAX@Z
_snwprintf_s
strcpy_s
_purecall
??3@YAXPAX@Z
_wrename
wcscmp
wcscpy_s
wcscpy
??2@YAPAXI@Z
wprintf
rand
srand
_time64
strcmp
memmove
abort
__iob_func
fprintf
ceil
realloc
wcsstr
fflush
_wfopen
fopen
fread
fwrite
ftell
fseek
fclose
signal
exit
wcsncpy
strftime
_localtime64
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_controlfp
wcslen
__CxxFrameHandler3
iphlpapi
GetAdaptersInfo
Sections
.text Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ