Static task
static1
Behavioral task
behavioral1
Sample
05461438c03a283374a43fe210a19e23580e3c521a96d7bba932e0727dca98a7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
05461438c03a283374a43fe210a19e23580e3c521a96d7bba932e0727dca98a7.exe
Resource
win10v2004-20220812-en
General
-
Target
05461438c03a283374a43fe210a19e23580e3c521a96d7bba932e0727dca98a7
-
Size
2.8MB
-
MD5
8433e8ccabace1259aba191c22637207
-
SHA1
db656fac442d8745ed4f3ef45d3434c7bb2bb899
-
SHA256
05461438c03a283374a43fe210a19e23580e3c521a96d7bba932e0727dca98a7
-
SHA512
6fb9d7a64f7294d05269f74e9b3551b36bd5341137f68cc76f88e7809965fa74624ed47a5d6f7244c5fa4fe842e4598ede1423fc7004f7cd32f421b8d26e1084
-
SSDEEP
49152:vG2yD9hJ7M4yQzgNbQUk7oqRjSPCz7uptqbILlfpRH/jkbW:O1tgNbA7JjSPM7Iq4l
Malware Config
Signatures
Files
-
05461438c03a283374a43fe210a19e23580e3c521a96d7bba932e0727dca98a7.exe windows x86
edae0fe1fb8e42d9bd117e837c1d991a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
iphlpapi
GetIpNetTable
GetAdaptersInfo
mfc100
ord11781
ord10852
ord9445
ord13305
ord12865
ord11896
ord12695
ord4345
ord6132
ord6133
ord8551
ord3988
ord2219
ord12432
ord7216
ord3390
ord12344
ord7060
ord5776
ord337
ord12124
ord5144
ord12128
ord5171
ord11941
ord4341
ord4130
ord5168
ord12790
ord12850
ord11916
ord4589
ord1210
ord788
ord6829
ord1004
ord457
ord5830
ord1280
ord6106
ord8235
ord1480
ord2818
ord4317
ord3486
ord11728
ord1929
ord11938
ord2184
ord5837
ord3439
ord1982
ord6070
ord11812
ord2183
ord943
ord374
ord6836
ord995
ord895
ord1292
ord5841
ord9286
ord5123
ord11103
ord2846
ord2944
ord2945
ord3484
ord11060
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8351
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8226
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord2763
ord2916
ord2617
ord869
ord11277
ord5208
ord2524
ord13312
ord10906
ord977
ord421
ord2067
ord4464
ord1479
ord1483
ord1481
ord7876
ord11968
ord11377
ord2632
ord7999
ord2516
ord1498
ord5770
ord8360
ord11374
ord11951
ord11546
ord1713
ord3839
ord10023
ord8268
ord1268
ord870
ord911
ord330
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord1267
ord12720
ord12095
ord11513
ord423
ord979
ord4188
ord4790
ord2741
ord2179
ord2628
ord13135
ord13137
ord7832
ord7837
ord11627
ord1317
ord7012
ord381
ord6678
ord1939
ord4267
ord9475
ord1900
ord7933
ord12285
ord12868
ord12283
ord12962
ord4785
ord7871
ord3970
ord11184
ord11153
ord11787
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord6112
ord4078
ord946
ord3620
ord1981
ord1288
ord888
ord12096
ord10007
ord4791
ord5803
ord2088
ord8305
ord11107
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord10360
ord8137
ord2845
ord4340
ord12694
ord6628
ord11439
ord14120
ord868
ord1266
ord5215
ord10915
ord13326
ord2538
ord5209
ord6835
ord9399
ord1437
ord12090
ord2611
ord4143
ord4144
ord11744
ord13131
ord13125
ord13129
ord7875
ord7487
ord2626
ord305
ord5242
ord300
ord4283
ord316
ord1294
ord1313
ord901
ord4498
ord1316
ord2525
ord4207
ord5539
ord422
ord310
ord6010
ord13329
ord11297
ord265
ord2063
ord2061
ord13310
ord1485
ord11274
ord2056
ord266
ord1296
ord978
ord3621
ord7835
ord306
ord11067
msvcr100
_CxxThrowException
_setmbcp
floor
_CIpow
ldiv
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
calloc
rewind
_difftime64
sprintf
signal
_stat64i32
strtoul
sscanf
_gmtime64_s
getenv
strtol
_stricmp
fprintf
fopen
_wfopen
_strnicmp
strncpy
strcmp
strerror_s
_errno
fseek
ftell
_fileno
_setmode
ferror
raise
_exit
_vsnprintf
_vsnwprintf
wcsstr
strspn
memchr
qsort
memset
memcpy
strcspn
_beginthreadex
_endthreadex
_msize
__iob_func
_snprintf_s
fputs
?what@exception@std@@UBEPBDXZ
realloc
vsprintf_s
strcpy_s
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_access
atol
srand
strncpy_s
isspace
rand
atof
strftime
??0exception@std@@QAE@ABV01@@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_ftime64
isdigit
_CIlog10
strcat_s
_recalloc
strstr
strrchr
_localtime64_s
_time64
_mktime64
_resetstkoflw
tolower
strchr
malloc
free
strncmp
sscanf_s
_unlink
fgets
fclose
fflush
fwrite
feof
fread
sprintf_s
fopen_s
atoi
memmove_s
memcpy_s
kernel32
WinExec
GetStartupInfoA
CreateProcessA
WaitForSingleObject
ReadFile
CreateThread
TerminateThread
OpenFileMappingA
GetPrivateProfileStringA
Sleep
WideCharToMultiByte
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
DeactivateActCtx
SetLastError
GlobalAlloc
RaiseException
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
MultiByteToWideChar
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
lstrlenA
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetLastError
CreatePipe
AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedExchange
DecodePointer
EncodePointer
FindFirstFileW
FindNextFileW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
SwitchToFiber
DeleteFiber
GetModuleHandleExW
GetStdHandle
GetFileType
GetVersion
GetModuleHandleW
GetEnvironmentVariableW
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
CreateMutexA
GetSystemTime
GetTempPathA
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
GetCurrentThreadId
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
GetVersionExW
FormatMessageW
LoadLibraryW
InitializeCriticalSection
WriteFile
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
LocalFree
GetLocalTime
CreateDirectoryA
ReleaseSemaphore
CreateSemaphoreA
GetFileAttributesA
FormatMessageA
GetUserDefaultLCID
GetCurrentProcess
WritePrivateProfileStringA
SetCurrentDirectoryA
CopyFileA
MapViewOfFile
user32
CopyRect
SendMessageA
DrawTextA
InvalidateRect
GetSysColor
GetClientRect
FillRect
LockWindowUpdate
GetParent
GetWindowRect
DrawFrameControl
InflateRect
SetDlgItemTextA
FindWindowA
LoadIconW
EnableWindow
SetTimer
KillTimer
EnableScrollBar
ShowScrollBar
GetScrollPos
GetDC
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
SystemParametersInfoA
MessageBoxA
gdi32
GetBkColor
CreateFontIndirectA
GetObjectA
CreateRectRgnIndirect
GetTextExtentPoint32A
advapi32
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
shell32
ShellExecuteA
ole32
CoCreateInstance
CoUninitialize
CoInitialize
OleRun
oleaut32
VariantClear
GetErrorInfo
SysAllocString
SysFreeString
VarDateFromStr
VariantTimeToSystemTime
wsock32
htons
WSASetLastError
shutdown
gethostname
gethostbyname
ioctlsocket
setsockopt
socket
recv
connect
closesocket
inet_addr
inet_ntoa
select
send
WSAGetLastError
getsockopt
WSAStartup
WSACleanup
msvcp100
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Strcoll
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xmem@tr1@std@@YAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
bcrypt
BCryptGenRandom
crypt32
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 498KB - Virtual size: 497KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ