Static task
static1
Behavioral task
behavioral1
Sample
ef516c3a5f72a513b256ec85f8ef71d3c131aad57f7ad4a3a4bc945ecb34160d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ef516c3a5f72a513b256ec85f8ef71d3c131aad57f7ad4a3a4bc945ecb34160d.exe
Resource
win10v2004-20220812-en
General
-
Target
ef516c3a5f72a513b256ec85f8ef71d3c131aad57f7ad4a3a4bc945ecb34160d
-
Size
710KB
-
MD5
925ba6012085749f19fdc1f3ad41a0fd
-
SHA1
64c2e9e1d99b91ce1a9b6f2e489644e5db9e8e58
-
SHA256
ef516c3a5f72a513b256ec85f8ef71d3c131aad57f7ad4a3a4bc945ecb34160d
-
SHA512
9d8d1eba0a26458ab53336199be21eb8af5e8b208135be703003abcc5b5991337a169a7bbd7b25bab68b07533ccf28343c2723c0bcae9a7eb208abee4bb74022
-
SSDEEP
12288:rpmzf1oDauN5wiAwr2pa0pbrX/1bbvh99wAlA9Jvcefpd8pmecKz4irbk18Wnum:rAzfawFRpa0prtb19+A+TDfpMqK588Wb
Malware Config
Signatures
Files
-
ef516c3a5f72a513b256ec85f8ef71d3c131aad57f7ad4a3a4bc945ecb34160d.exe windows x86
4589f5c2ef2b26d5c65eaed7d68762f7
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
memmove
NtQueryInformationProcess
NtDeviceIoControlFile
RtlComputeCrc32
swprintf
RtlInitializeGenericTable
RtlInsertElementGenericTable
NtQueryInformationFile
RtlQueryRegistryValues
NtOpenKey
ulib
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?ValidateVersion@PROGRAM@@UBEXKK@Z
??0DSTRING@@QAE@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@PATH@@QAEEPBV1@E@Z
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
kernel32
InterlockedExchange
GetACP
GetProcessHeap
GetLocalTime
GetStdHandle
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
GetConsoleOutputCP
GetOEMCP
GetStringTypeW
HeapAlloc
LoadLibraryW
UnhandledExceptionFilter
UnmapViewOfFile
lstrcpyA
msvcrt
wcslen
_pctype
_controlfp
wcscpy
free
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ