Static task
static1
Behavioral task
behavioral1
Sample
3a16068c4ded8ef379ebcbe4ae65517fef4cc4aee5f27adebefa79018c2b98dc.exe
Resource
win7-20220901-en
General
-
Target
3a16068c4ded8ef379ebcbe4ae65517fef4cc4aee5f27adebefa79018c2b98dc
-
Size
466KB
-
MD5
6cca25a64659d29b3520612072fbfd00
-
SHA1
cd2470462be7369d41273a6c3a5985b0bb7354c3
-
SHA256
3a16068c4ded8ef379ebcbe4ae65517fef4cc4aee5f27adebefa79018c2b98dc
-
SHA512
7772df573bc1cd373397c5581b59ef53617843b477edb74636a5f487aeedf19362c092cd8ac5b50161e9cb0d9f177b04d85832103e44ce77faaba627c786dfbb
-
SSDEEP
12288:mEcXHp3y/5p8M8IJdGeFq2R47XQzeQBrGt6K7Fpy+dsvx55yMh8Tog:fJdtBrGtD7FpBsvP5yMdg
Malware Config
Signatures
Files
-
3a16068c4ded8ef379ebcbe4ae65517fef4cc4aee5f27adebefa79018c2b98dc.exe windows x86
9812bc63722d57af958372f0979680ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateEventW
SetWaitableTimer
CreateWaitableTimerW
GetDiskFreeSpaceExW
DeleteFileW
GetTempFileNameW
GetTempPathW
CancelWaitableTimer
WaitForMultipleObjects
GetSystemTime
OpenProcess
GetVersionExW
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcmpA
lstrcmpiA
GetModuleHandleW
GetCommandLineW
LoadLibraryA
SetErrorMode
GetPrivateProfileStringW
CreateDirectoryW
CreateMutexW
GetModuleFileNameW
GetSystemDirectoryW
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
GetCurrentProcessId
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetPrivateProfileIntW
FreeResource
LockResource
GlobalLock
GlobalAlloc
GetTickCount
LoadResource
FindResourceW
FileTimeToLocalFileTime
FindClose
FindNextFileW
FindFirstFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
ResetEvent
ReleaseMutex
OpenThread
GetProcessHeap
HeapFree
SetEnvironmentVariableW
HeapAlloc
TlsGetValue
GetEnvironmentVariableW
LocalFree
GetLocalTime
SetLastError
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetFileTime
WriteFile
TlsAlloc
TlsFree
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
lstrlenW
IsBadReadPtr
IsBadWritePtr
TlsSetValue
lstrlenA
WaitForSingleObject
Sleep
SetEvent
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetLastError
ReadFile
SizeofResource
CloseHandle
user32
ValidateRect
RedrawWindow
UpdateWindow
SendMessageW
SetWindowPos
IsWindowVisible
GetWindow
GetWindowThreadProcessId
GetForegroundWindow
wsprintfW
SendMessageTimeoutW
GetShellWindow
CopyRect
GetMonitorInfoW
MonitorFromPoint
FindWindowExW
ScreenToClient
SetWindowTextW
BeginPaint
EndPaint
DefWindowProcW
PostQuitMessage
GetDC
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
SetCursor
SetTimer
PtInRect
GetClientRect
ReleaseDC
GetPropW
IsDlgButtonChecked
IsWindow
FindWindowW
GetWindowRect
GetCursorPos
SubtractRect
RegisterClassW
CreateWindowExW
SetPropW
SetWindowRgn
GetDesktopWindow
LoadCursorW
gdi32
CreateSolidBrush
CreateFontIndirectW
SetBkMode
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
DeleteObject
DeleteDC
SelectObject
advapi32
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
DuplicateTokenEx
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
shell32
SHAppBarMessage
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
ole32
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeEx
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
oleaut32
VariantClear
SysAllocString
VariantInit
SysFreeString
shlwapi
PathRemoveFileSpecW
PathAppendW
SHGetValueW
PathFileExistsW
SHGetValueA
StrToIntExW
PathGetDriveNumberW
StrStrIW
StrStrW
StrToIntW
PathMatchSpecW
SHSetValueW
gdiplus
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdipCreateFromHDC
GdiplusShutdown
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
msvcp90
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xran@_String_base@std@@SAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wininet
HttpEndRequestW
FtpOpenFileW
InternetCloseHandle
HttpOpenRequestW
InternetReadFile
HttpSendRequestExW
InternetReadFileExA
InternetQueryOptionW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetSetOptionW
InternetWriteFile
InternetCrackUrlW
FtpCommandW
InternetGetLastResponseInfoW
InternetSetOptionA
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
HttpQueryInfoW
FtpGetFileSize
msvcr90
??0exception@std@@QAE@ABV01@@Z
wcstok
_errno
strerror
_swprintf
wcschr
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
strpbrk
sprintf_s
strchr
_purecall
wcsncpy_s
_snprintf_s
_snwprintf_s
_vsnwprintf_s
toupper
sscanf
swscanf
towlower
_localtime64
fwrite
srand
rand
_wtoi
wcsrchr
strncat
_strlwr
_vsnwprintf
_vsnprintf
strncpy
sprintf
memmove
_snprintf
_wcsnicmp
_wtol
_beginthreadex
_wcsicmp
memmove_s
_wtoi64
wcsncat
_ui64tow
_time64
wcsstr
tolower
isspace
isprint
wcsncpy
free
memcpy
??2@YAPAXI@Z
realloc
_CxxThrowException
_invalid_parameter_noinfo
memset
_wfopen
fseek
ftell
malloc
fread
fclose
??_V@YAXPAX@Z
_snwprintf
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
psapi
EnumProcesses
GetModuleFileNameExW
EnumProcessModules
Sections
.text Size: 269KB - Virtual size: 268KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 3KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE