Static task
static1
Behavioral task
behavioral1
Sample
3e0aa69c07e4bde12e41bd05f41b9e7977dab61c52c65fe3b5929aba8afd1d52.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3e0aa69c07e4bde12e41bd05f41b9e7977dab61c52c65fe3b5929aba8afd1d52.exe
Resource
win10v2004-20220901-en
General
-
Target
3e0aa69c07e4bde12e41bd05f41b9e7977dab61c52c65fe3b5929aba8afd1d52
-
Size
144KB
-
MD5
4aabb6c4e66ba5c15c3b9e990c65c1d6
-
SHA1
bed9b8e095a2d6bc3dfe1c69c1ee42c86419c138
-
SHA256
3e0aa69c07e4bde12e41bd05f41b9e7977dab61c52c65fe3b5929aba8afd1d52
-
SHA512
0895fb97e98adbe52f473203157c7fc732d3be8ff7cc8675633a669243c71e487e7559f6051f1c4d385ae8bd8642a74616dc414d9aa7c83ef7b7c91f9ab1c42d
-
SSDEEP
3072:z/uNrmzdU3Zn6SHFb4XhT23asaV4s5t/e4HVx6ltP2afqMjpI5ek6G:zGNr2dwnPFb4RTCOWYt24HTaLVoek
Malware Config
Signatures
Files
-
3e0aa69c07e4bde12e41bd05f41b9e7977dab61c52c65fe3b5929aba8afd1d52.exe windows x86
abbc2dd5f9536e1fc5507377a6513250
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
AddAccessAllowedAce
RegQueryInfoKeyA
FreeSid
OpenThreadToken
EqualSid
ChangeServiceConfigA
ControlService
RegDeleteValueA
SetThreadToken
AddAce
CreateServiceA
MakeAbsoluteSD
DuplicateTokenEx
InitializeAcl
GetSecurityDescriptorControl
DeleteService
AdjustTokenPrivileges
RegQueryValueExA
GetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
GetSecurityDescriptorGroup
RegQueryValueExW
SetServiceStatus
ReportEventA
GetSecurityDescriptorSacl
SetSecurityDescriptorGroup
DeregisterEventSource
SetSecurityDescriptorSacl
GetUserNameA
GetSidLengthRequired
RegEnumKeyA
CopySid
CloseServiceHandle
AccessCheck
MakeSelfRelativeSD
GetTokenInformation
RegCloseKey
GetSecurityDescriptorLength
AllocateAndInitializeSid
RegOpenKeyExA
SetSecurityDescriptorDacl
IsValidSid
SetSecurityDescriptorOwner
LookupAccountSidW
DuplicateToken
RegConnectRegistryA
RegEnumKeyExA
GetSidSubAuthority
OpenServiceA
InitializeSecurityDescriptor
RegDeleteKeyA
PrivilegeCheck
RegisterEventSourceA
RegEnumValueA
QueryServiceStatus
OpenSCManagerA
GetAclInformation
RegSetKeySecurity
InitializeSid
RegCreateKeyA
GetAce
RegSetValueExA
LookupAccountNameA
LookupAccountSidA
GetLengthSid
AddAccessDeniedAce
OpenProcessToken
RegCreateKeyExA
StartServiceCtrlDispatcherA
RegOpenKeyExW
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
shlwapi
PathFindExtensionA
kernel32
HeapReAlloc
GetTickCount
HeapDestroy
FindResourceExA
SetHandleCount
GetEnvironmentStringsW
DeleteCriticalSection
LockResource
SetFilePointer
GetExitCodeProcess
GetPrivateProfileIntA
WaitForSingleObject
QueryPerformanceCounter
LeaveCriticalSection
InterlockedExchange
TlsFree
GetModuleHandleW
InterlockedDecrement
SetLastError
HeapAlloc
GetOEMCP
GetThreadLocale
LocalFree
FindClose
SetEnvironmentVariableA
GetProcAddress
GetModuleFileNameW
UnmapViewOfFile
OpenProcess
FreeEnvironmentStringsW
EnterCriticalSection
lstrcatA
LocalSize
GetModuleHandleA
FreeLibrary
GetProcessHeap
GetCurrentProcess
LoadResource
GetCommandLineA
lstrcmpiA
InterlockedCompareExchange
CreateFileA
CreateMutexA
GetComputerNameA
Sleep
VirtualQuery
FindFirstFileA
FlushFileBuffers
VirtualFree
ClearCommError
SizeofResource
MultiByteToWideChar
GetSystemTimeAsFileTime
GetPrivateProfileSectionA
ExitProcess
GetACP
InitializeCriticalSection
IsBadReadPtr
GetStartupInfoA
SetErrorMode
LocalAlloc
EnumResourceNamesW
RaiseException
GetEnvironmentStrings
lstrcpynA
TlsAlloc
TerminateThread
CreateProcessW
CompareStringA
GetCurrentProcessId
LoadLibraryW
UnhandledExceptionFilter
FindResourceA
SetUnhandledExceptionFilter
DuplicateHandle
HeapCreate
SetStdHandle
GetFileAttributesA
CreateEventA
IsBadWritePtr
IsBadCodePtr
MapViewOfFile
SetLastError
ReleaseMutex
GetModuleFileNameA
TerminateProcess
WriteFile
ExitProcess
GetLastError
CreateDirectoryA
GetCurrentThread
HeapSize
CreateThread
lstrlenA
GetVersionExA
GetStringTypeW
GetCPInfo
LoadLibraryExA
GetStdHandle
ReadProcessMemory
SetEvent
GetSystemDirectoryA
CompareStringW
lstrcpyA
GetPrivateProfileSectionNamesA
CreateFileMappingA
CloseHandle
WriteProfileStringA
IsDBCSLeadByte
GetLocaleInfoA
LoadLibraryA
RtlUnwind
TlsSetValue
FreeEnvironmentStringsA
GetStringTypeA
SetEndOfFile
WideCharToMultiByte
CreateProcessA
GetProfileStringA
lstrlenW
LCMapStringA
WritePrivateProfileStringA
GetVersion
GetCurrentThreadId
GetProcessTimes
VirtualAlloc
InterlockedIncrement
GetPrivateProfileStringA
ReadFile
GetSystemInfo
FormatMessageA
VirtualProtect
TlsGetValue
LCMapStringW
GetFileType
HeapFree
user32
MessageBoxA
LoadStringA
SetTimer
EnumWindows
CharNextA
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible
CharUpperA
PostThreadMessageA
GetMessageA
KillTimer
DispatchMessageA
wsprintfW
PeekMessageA
wsprintfA
rpcrt4
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcStringFreeA
ole32
StringFromCLSID
CoQueryProxyBlanket
CoRevertToSelf
CLSIDFromString
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoImpersonateClient
CoRegisterClassObject
CoCreateGuid
CoTaskMemAlloc
CoDisconnectObject
CoGetClassObject
StringFromIID
CoCreateInstance
CoGetCallContext
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoRevokeClassObject
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rscr Size: 512B - Virtual size: 224KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ