Static task
static1
Behavioral task
behavioral1
Sample
fd2aa1b363b401fbca34333013ff827a94530ca267a7a52a2b2e53bbface3ff5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fd2aa1b363b401fbca34333013ff827a94530ca267a7a52a2b2e53bbface3ff5.exe
Resource
win10v2004-20220901-en
General
-
Target
fd2aa1b363b401fbca34333013ff827a94530ca267a7a52a2b2e53bbface3ff5
-
Size
547KB
-
MD5
6c9dbd1210fa4ecde31ccde2152842d0
-
SHA1
b96df1c7c5b66f368ec69e064e7777f7d2c209a8
-
SHA256
fd2aa1b363b401fbca34333013ff827a94530ca267a7a52a2b2e53bbface3ff5
-
SHA512
188ed42c1b32373ca46f9707d3384fc5d418f563332a025b7b105facd70f9b92cb32fe07795716a573e5d88cf12bf1021f1659a7844ab5e1bffa3d1fc14b88a7
-
SSDEEP
12288:JDT1e1nrodoExQ8R0AaMpbKoXLqD5qhX:JHCn0aE+8o8bXLqVQ
Malware Config
Signatures
Files
-
fd2aa1b363b401fbca34333013ff827a94530ca267a7a52a2b2e53bbface3ff5.exe windows x86
a55c1f3c672d15089b5c25657ffeb5b3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
IsTextUnicode
kernel32
GetProcessHeap
InterlockedIncrement
GetLastError
HeapDestroy
FreeLibrary
CloseHandle
SetEvent
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetCommandLineW
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetFileType
GetStdHandle
CreateEventW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
SetLastError
FormatMessageW
WaitForMultipleObjects
ReadFile
GetConsoleCP
ReadConsoleW
CreateThread
ExitProcess
LoadLibraryExW
CancelIoEx
SetStdHandle
WriteConsoleInputA
SetConsoleMode
GetConsoleMode
InterlockedExchange
InterlockedCompareExchange
DeleteCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
HeapSetInformation
SetThreadPreferredUILanguages
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
msvcrt
_vsnwprintf
memcpy
malloc
_except_handler4_common
_purecall
memset
?terminate@@YAXXZ
_wcsnicmp
_onexit
__CxxFrameHandler3
_controlfp
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
free
_strnicmp
isdigit
_snwscanf_s
_wcsicmp
ntdll
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwLogTraceEvent
EtwUnregisterTraceGuids
user32
LoadStringW
LoadStringA
credui
CredUICmdLinePromptForCredentialsW
wsmsvc
WSManSetSessionOption
WSManCreateShell
WSManRunShellCommand
WSManReceiveShellOutput
WSManSignalShell
WSManSendShellInput
WSManCreateSession
WSManCloseCommand
WSManCloseShell
WSManCloseSession
WSManDeinitialize
?Free@WSManMemory@@SGXPAXABVCallSite@TestSystem@@@Z
?Alloc@WSManMemory@@SGPAXIABVCallSite@TestSystem@@W4Mode@3@@Z
WSManInitialize
WSManCloseOperation
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.vmp0 Size: 508KB - Virtual size: 1.6MB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE