Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
General
-
Target
tmp
-
Size
745KB
-
MD5
f67bb49bb86906a9ffc771e280f43a85
-
SHA1
b49ab390436229f854ecf2d7bd87792edb637a46
-
SHA256
98c4b88ea63337578782c500fcbf772550ebf2adf11ac28bdec3ff6bc31ff7e3
-
SHA512
aae8f324775595c24366e12b2822d9f445f2e48da63a974b12d4b35701e98cd84eb88b93818dc4a9f893198b1aa37a978dec89f1b64207f9063b9f564081a3f3
-
SSDEEP
12288:Me6pi+WEbUUwKW92UI604azu331AdmtSlC4iqBlUGmuW+InRUXPKtgwDEs:F6pi+WEbUF9j31AOSlC48G3XPKv
Malware Config
Signatures
Files
-
tmp.exe windows x86
d63e920222aab555f1e4385b502e5927
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureStackBackTrace
RtlUnwind
api-ms-win-core-processthreads-l1-1-0
ExitProcess
ResumeThread
ExitThread
GetCurrentThread
GetExitCodeThread
GetCurrentThreadId
FlushProcessWriteBuffers
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
TerminateProcess
SwitchToThread
GetStartupInfoW
GetCurrentProcessId
CreateThread
api-ms-win-core-processthreads-l1-1-1
GetCurrentProcessorNumber
IsProcessorFeaturePresent
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolWait
SubmitThreadpoolWork
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeLibraryAndExitThread
GetProcAddress
GetModuleHandleExW
FreeLibrary
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitOnceExecuteOnce
Sleep
InitializeConditionVariable
api-ms-win-core-localization-l1-2-0
GetLocaleInfoEx
GetLocaleInfoW
EnumSystemLocalesW
GetCPInfo
IsValidLocale
GetUserDefaultLCID
LCMapStringW
IsValidCodePage
GetACP
LCMapStringEx
FormatMessageA
GetOEMCP
api-ms-win-core-synch-l1-1-0
SetEvent
CreateEventExW
EnterCriticalSection
ResetEvent
CreateEventW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
InitializeSRWLock
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-file-l1-1-0
FindFirstFileExW
GetFileSizeEx
CreateFileW
ReadFile
FindClose
SetFilePointerEx
WriteFile
FlushFileBuffers
SetFileInformationByHandle
FindNextFileW
GetFileType
api-ms-win-core-fibers-l1-1-0
FlsFree
FlsGetValue
FlsSetValue
FlsAlloc
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
CreateSymbolicLinkW
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-string-l1-1-0
GetStringTypeW
CompareStringEx
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
user32
PostQuitMessage
DefWindowProcW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-interlocked-l1-1-0
InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineA
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentStringsW
SetStdHandle
GetStdHandle
api-ms-win-core-console-l1-1-0
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetConsoleCtrlHandler
ReadConsoleW
api-ms-win-core-heap-l1-1-0
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
GetTimeFormatW
api-ms-win-core-timezone-l1-1-0
GetTimeZoneInformation
Sections
.text Size: 507KB - Virtual size: 506KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 119KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ