RuninH
ServiceMain
Working
jieshu
Behavioral task
behavioral1
Sample
b23791d624a2041fc6c5f3b4fe7e10721ed917700c2a41044f1f99004ae7d490.dll
Resource
win7-20220901-en
Target
b23791d624a2041fc6c5f3b4fe7e10721ed917700c2a41044f1f99004ae7d490
Size
117KB
MD5
68357e71d9b42bd3f03e7cc00aed718a
SHA1
9b85f49a59ded2c7bde97eef6670f9717eef9d4f
SHA256
b23791d624a2041fc6c5f3b4fe7e10721ed917700c2a41044f1f99004ae7d490
SHA512
a34aa0edb17e837d4ed013cb7358df0203c2fb6990e55bcad7468f6eacac931a80dbd0ca6bb945fd551ec83dcb01c327505b216f50a51269e08794d487f49ed2
SSDEEP
3072:OT6QTlxjLXCKDcMERjtJXVtEhKwQDw0cUy0:O3HyvjTXLiKwQDwtUb
resource | yara_rule |
---|---|
sample | family_gh0strat |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
GetProcAddress
LoadLibraryA
FreeLibrary
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
GetLastError
ResetEvent
InterlockedExchange
CancelIo
GetTickCount
GetLocalTime
GetCurrentProcessId
HeapAlloc
GetProcessHeap
lstrlenA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
lstrcmpiA
HeapFree
UnmapViewOfFile
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
LocalSize
OpenProcess
GetCurrentThreadId
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
SetErrorMode
RaiseException
strncpy
free
malloc
_except_handler3
strrchr
_beginthreadex
atoi
wcstombs
sprintf
srand
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__dllonexit
_onexit
rand
_CxxThrowException
strstr
_ftol
ceil
putchar
memmove
__CxxFrameHandler
puts
_access
??3@YAXPAX@Z
??2@YAPAXI@Z
_strrev
_stricmp
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
RuninH
ServiceMain
Working
jieshu
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ