Static task
static1
Behavioral task
behavioral1
Sample
7d2572bea3fac3ce6d5a9baae608bbf0e9f6ceedfdc03fcc87114bd4829dac36.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7d2572bea3fac3ce6d5a9baae608bbf0e9f6ceedfdc03fcc87114bd4829dac36.exe
Resource
win10v2004-20220812-en
General
-
Target
7d2572bea3fac3ce6d5a9baae608bbf0e9f6ceedfdc03fcc87114bd4829dac36
-
Size
1.2MB
-
MD5
704a5cb3a2f5191ddde658e5f6dd4125
-
SHA1
5ccbd009d91d3420c7d9bac0a3aff98a4a75f1d8
-
SHA256
7d2572bea3fac3ce6d5a9baae608bbf0e9f6ceedfdc03fcc87114bd4829dac36
-
SHA512
e9c2c1d1f3a582e48382533f626af0afd1efb13db2a19c701d48460cb29e3b820f17bb8c2ecb724b786221c3aba75e718fab9d082809d2cea91de0f8ad2b7b10
-
SSDEEP
24576:I5OmL8b835kVYcTnZFL1NwofvfRTczyiE2oQp/DrM9vkz8:g335k3TnZPyGKyiDhDrMlkz8
Malware Config
Signatures
-
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_2
Files
-
7d2572bea3fac3ce6d5a9baae608bbf0e9f6ceedfdc03fcc87114bd4829dac36.exe windows x86
e3495ca6780c9d83c2ef7ac413d2bb49
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExW
CreateFileW
GetFileSizeEx
LocalFree
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
WideCharToMultiByte
GetACP
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
lstrlenW
GetTempPathW
SetFileAttributesW
FindClose
FindNextFileW
InitializeCriticalSection
GetLocalTime
ExpandEnvironmentStringsW
GetCurrentProcess
SetLastError
GetVersion
GetComputerNameW
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThread
GetCurrentProcessId
GetDiskFreeSpaceW
GetLogicalDriveStringsW
GetVolumeInformationW
OpenProcess
EncodePointer
FindResourceW
InterlockedExchangeAdd
QueryDosDeviceW
ReleaseMutex
CreateMutexW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetModuleHandleExW
ExitProcess
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
CreateToolhelp32Snapshot
Process32NextW
TerminateProcess
Process32FirstW
GetCurrentThreadId
lstrcmpiW
EnterCriticalSection
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
Sleep
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
DeleteFileW
CloseHandle
DeleteCriticalSection
DecodePointer
LockResource
GetProcAddress
GetLastError
RaiseException
GetFileAttributesW
SizeofResource
InitializeCriticalSectionAndSpinCount
LoadLibraryW
WaitForSingleObject
CreateProcessW
LoadResource
FreeLibrary
DeviceIoControl
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineW
IsProcessorFeaturePresent
OutputDebugStringW
IsDebuggerPresent
user32
DestroyWindow
CharNextW
MessageBoxW
DefWindowProcW
advapi32
LookupAccountSidW
OpenThreadToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
GetUserNameW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
ole32
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
oleaut32
VarUI4FromStr
SysFreeString
SysAllocString
VariantClear
VariantInit
comctl32
InitCommonControlsEx
wininet
HttpQueryInfoW
InternetCrackUrlW
InternetReadFile
InternetConnectW
InternetWriteFile
InternetCloseHandle
HttpEndRequestW
HttpOpenRequestW
HttpSendRequestExW
Sections
.text Size: 480KB - Virtual size: 480KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69.3MB - Virtual size: 69.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ