Static task
static1
Behavioral task
behavioral1
Sample
f2e20699c32adf8e33be0f578a8ba571cf81f523891d86949e9adb5408014907.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f2e20699c32adf8e33be0f578a8ba571cf81f523891d86949e9adb5408014907.exe
Resource
win10v2004-20220812-en
General
-
Target
f2e20699c32adf8e33be0f578a8ba571cf81f523891d86949e9adb5408014907
-
Size
278KB
-
MD5
4c0a29bc28ae69f4f9aaaf5f669ca8a0
-
SHA1
01522cee19eea9b7c0e1c13fc6f7abd7310a2d37
-
SHA256
f2e20699c32adf8e33be0f578a8ba571cf81f523891d86949e9adb5408014907
-
SHA512
811e4b830711f415c999843a977f8a5845045ec3ab0938aa671e8e3ee635845d7d202b702f970e4a2c5dce6fc052e759a52613c836fcd6adad6ed428133a7039
-
SSDEEP
6144:4wcL44H1QsaMX+pd1bEz2s7ETRhEgjJqX+pd1bEz2s7ETRhEgjJD/3ir:rcs4H1SMX+pd167QhE0qX+pd167QhE0s
Malware Config
Signatures
Files
-
f2e20699c32adf8e33be0f578a8ba571cf81f523891d86949e9adb5408014907.exe windows x86
9970fa4104e4c405b7ecd7c2ba1e5649
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyExA
ConvertStringSidToSidW
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CopySid
CreateWellKnownSid
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthority
RegOpenCurrentUser
RegOverridePredefKey
GetTokenInformation
OpenProcessToken
InitializeAcl
GetLengthSid
IsValidSid
GetAce
GetSecurityDescriptorSacl
GetKernelObjectSecurity
SetSecurityInfo
GetSidSubAuthorityCount
kernel32
DeleteFileW
lstrcmpiW
lstrlenW
lstrcmpiA
lstrlenA
DeleteFileA
SetFileAttributesA
CreateProcessW
LoadLibraryExW
GetExitCodeThread
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
RemoveDirectoryA
CreateDirectoryExA
GetFileAttributesA
GetTempPathA
CopyFileW
InterlockedCompareExchange
CreateEventW
HeapSetInformation
SetEvent
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
CreateFileW
GetFileAttributesW
GetCurrentProcess
OpenProcess
DuplicateHandle
CloseHandle
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetProcessShutdownParameters
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
InterlockedExchange
GetModuleHandleW
GetLastError
ResumeThread
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW
user32
GetSystemMetrics
PostQuitMessage
CharNextW
LoadStringW
msvcrt
?terminate@@YAXXZ
memset
_vsnwprintf
wcsrchr
_vsnprintf
_wcsnicmp
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
wcstok
_controlfp
__setusermatherr
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
psapi
GetModuleBaseNameW
ole32
CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoGetCallContext
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoInitialize
CoUninitialize
CoRevokeClassObject
oleaut32
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString
rpcrt4
UuidCreate
UuidToStringW
RpcStringFreeW
urlmon
Extract
CompatFlagsFromClsid
CoInternetCreateSecurityManager
ord107
CoInternetSetFeatureEnabled
wintrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
iertutil
ord201
ord200
ord9
Sections
.text Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 194KB - Virtual size: 194KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jgqdaxs Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE