??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
Behavioral task
behavioral1
Sample
97b310fb39759d92bf3571aedda76f8b479ba9e079af97f5d0094195e708b708.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
97b310fb39759d92bf3571aedda76f8b479ba9e079af97f5d0094195e708b708.exe
Resource
win10v2004-20220812-en
Target
97b310fb39759d92bf3571aedda76f8b479ba9e079af97f5d0094195e708b708
Size
611KB
MD5
60ede1d183c45eda3cf121e2142fe590
SHA1
85fec1a896f35490ef924e7a2dd3253b5e34e958
SHA256
97b310fb39759d92bf3571aedda76f8b479ba9e079af97f5d0094195e708b708
SHA512
4a93943b989af8be29f7cdbc824984de2a7a7f11535c85fa071b7b168fc06ef33d8e6a6ea89c0376afc17e6730954b2e5f990e8c182ea1434d7c525d9ba4781d
SSDEEP
12288:Lfyo6wql1cAcoJGUqppLFPMdV4Fg31ZHNDnD8soJkAl:LfyotaOoJGNJkdV4K31ZHFDgJk
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
FileTimeToDosDateTime
CreateFileA
FreeLibrary
LoadLibraryW
GetFileAttributesA
GetLastError
GetProcAddress
CloseHandle
FileTimeToLocalFileTime
GetFileInformationByHandle
GetTempPathA
CreateEventW
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
WaitForMultipleObjects
CreateFileW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
WaitForMultipleObjectsEx
GetModuleHandleW
GetCurrentProcess
CancelIo
DeviceIoControl
GetOverlappedResult
SetUnhandledExceptionFilter
ZwFlushVirtualMemory
ZwMapViewOfSection
ZwFsControlFile
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwSetEvent
ZwWriteFile
ZwWaitForSingleObject
ZwReadFile
RtlOpenCurrentUser
NtClose
ZwQueryInformationFile
ZwOpenFile
ZwCreateFile
RtlFreeUnicodeString
ZwSetInformationFile
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
ZwQueryVirtualMemory
RtlAddVectoredExceptionHandler
RtlRemoveVectoredExceptionHandler
ZwWaitForMultipleObjects
ZwUnmapViewOfSection
ZwCreateSection
RtlCreateUnicodeString
ZwCancelIoFile
ZwTerminateProcess
RtlAcquirePebLock
RtlReleasePebLock
ZwDuplicateObject
ZwClose
RtlInitUnicodeString
ZwCreateEvent
RtlCreateUserProcess
ZwResumeThread
ZwQuerySystemInformation
?Delete@AvgBasFs@@YGHPB_WV?$AvgFlags@W4FileDeleteFlagItems@AvgBasFs@@@@@Z
?GetFullName@Item@AvgBasFs@@QBGHABU?$AvgMutableStringRefBase@_W$0A@@@@Z
??1Item@AvgBasFs@@QAE@XZ
?AvgFormatStringV@@YGHW4AvgCodePage@@PA_WIPB_WPAIPAD@Z
?AvgGetSystemTime@@YGHAA_K@Z
?AvgPrintV@@YGHPB_WPAD@Z
?Initialize@AvgWinSecurityDescriptor@@QAGHXZ
?AddDaclAce@AvgWinSecurityDescriptor@@QAGHW4WellKnownSidType@AvgWinSecurityIdentifier@@HW4Type@AvgWinAce@@V?$AvgFlags@W4FlagsValues@AvgWinAce@@@@@Z
?AvgConvertStructToAvgTime@@YGHAA_KABUAvgTimeStruct@@@Z
?AvgConvertString2Number@@YGHAAGPB_WIHPAPB_W@Z
?AvgConvertString2Number@@YGHAAKPB_WIHPAPB_W@Z
?AvgGetUtf162MbStringSize@@YGHAAIPB_WW4AvgCodePage@@I@Z
?AvgMemXor@@YGXPAEPBEI@Z
?FileExists@AvgBasFs@@YGHPB_W@Z
?GetName@Item@AvgBasFs@@QBGPB_WXZ
?IsSupported@AvgBasWinWow64FsRedirection@@QAG_NXZ
??1AvgBasWinWow64FsRedirection@@QAE@XZ
??0AvgBasWinWow64FsRedirection@@QAE@XZ
?AvgGenerateRandomBuffer@@YGXPAEI@Z
?EnablePrivilege@AvgBasWinRegistryHandle@@SGHW4AvgBasWinRegistryPrivilege@@_N@Z
?UnLoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z
?LoadKey@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@0@Z
?GetWinUsernameSid@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@@Z
?GetSpecialFolderForUser@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z
?AvgConvertUtf162MbString@@YGHPADIPB_WW4AvgCodePage@@PAII@Z
?AvgKernel32ForceInitialize@@YGXXZ
?UnloadSharedLibraries@AvgBasObjectFactoryImpl@detail@@QAGX_N@Z
?GetAvgObject@AvgBasObjectFactoryImpl@detail@@QAGHABU_AvgGuid@@PAPAX@Z
?SetProgramPath@AvgBasObjectFactoryImpl@detail@@QAGHPB_W@Z
?Initialize@AvgBasObjectFactoryImpl@detail@@QAGHPBUAvgBasObjectFactoryMapping@@I@Z
??1AvgBasObjectFactoryImpl@detail@@QAE@XZ
??0AvgBasObjectFactoryImpl@detail@@QAE@XZ
?Wait@AvgBasEvent@@QAGHH@Z
?Create@AvgBasEvent@@QAGHW4ResetType@1@_N@Z
?AvgCreateErrorCodeFromWin32@@YGHW4_AvgErrorCodeSeverity@@K@Z
?GetHandle@AvgBasWaitable@@IBGPAXXZ
?AvgCopyString@@YGHPA_WIPB_WI@Z
?GetNormalizedPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z
?GetRandomTempFileNameSize@AvgBasPath@@YGIXZ
?GetRandomTempFileName@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z
?GetFullPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z
?GetFilenameWithoutExtension@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z
?GetTempDirPath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PAI@Z
?GetDirectoryPathFromFilenamePath@AvgBasPath@@YGHAAU_AVG_UTF16CHAR_STR@@PB_WIPAI@Z
?IsPathRooted@AvgBasPath@@YG_NPB_WI@Z
??1AvgSpinLockLocker@@QAE@XZ
??0AvgSpinLockLocker@@QAE@PAUAvgSpinLock@@_N@Z
?AvgDestroySysMini@@YGXXZ
?AvgInitializeSysMini@@YGHXZ
?InitializeEnvironment@AvgEnvironment@@YGHXZ
?DestroyEnvironment@AvgEnvironment@@YGXXZ
?AvgBasGetStackFrameModulePath@@YGHAAV?$IAvgString@_W$0A@@@ABUAvgBasStackFrameX86@@@Z
?AvgCompareStringNoCase@@YGHW4AvgCodePage@@PB_W1II@Z
?AvgConvertString2Number@@YGHAAHPB_WIHPAPB_W@Z
?New@Impl@DirectoryEnumerator@AvgBasFs@@SGHAAPAU123@PB_W1V?$AvgFlags@W4DirectoryEnumerationFlagItems@AvgBasFs@@@@PAVAvgWinTransaction@@@Z
?Initialize@Item@AvgBasFs@@QAGHPBEIABU?$AvgStringRefBase@_W$0A@@@@Z
??0Item@AvgBasFs@@QAE@XZ
?AvgBufferXor@@YGXPAEPBEI1I_J@Z
?AvgNtdll_RtlDosPathNameToNtPathName_T_EliminateDosDevice@@YGHPB_WPAU_UNICODE_STRING@@@Z
?AppendDescriptorToObject@AvgWinSecurity@@YGHAAVAvgWinSecurityDescriptor@@ABVAvgWinObject@@_N@Z
?AvgUpperString@@YGHW4AvgCodePage@@PA_WIPB_WPAII@Z
?OpenRegistryRoot@AvgBasWinRegistryHandle@@QAGHW4AvgBasWinRegistryRootType@@@Z
??0AvgBasWinRegistryHandle@@QAE@PAV0@@Z
?WinExpandString@AvgEnvironment@@YGHAAV?$IAvgString@_W$0A@@@PB_WPAX@Z
?GetChildrenEnumeratorImpl@AvgBasWinRegistryHandle@@AAGHAAPAV?$IAvgEnumerator@U?$AvgStringzRefBase@_W$0A@@@@@@Z
?Set@AvgBasEvent@@QAGHXZ
?AvgCreateErrorCodeFromWin32@@YGHK@Z
?GetForward@AvgBasWaitable@@IBGPAV1@XZ
?GetResourceType@AvgBasWaitable@@IBG?AW4AvgBasWaitableResourceType@@XZ
?Destroy@AvgBasWaitable@@UAGHXZ
?GetThreadExitCode@AvgBasThread@@QAGHAAH@Z
?StopThread@AvgBasThread@@QAGHH@Z
?CreateDir@AvgBasFs@@YGHPB_W_NPAVAvgSecurityCtx@@@Z
?Initialize@AvgBasThread@@QAGHPAVAvgBasEvent@@@Z
?Cleanup@AvgBasThread@@MAGXXZ
?KeyExists@AvgBasWinRegistryHandle@@QAG_NABU?$AvgStringRefBase@_W$0A@@@@Z
?Reset@AvgBasEvent@@QAGHXZ
?Release@AvgBasCriticalSection@@QAGHXZ
?Acquire@AvgBasCriticalSection@@QAGHXZ
?Create@AvgBasCriticalSection@@QAGHXZ
??1AvgBasCriticalSection@@QAE@XZ
??0AvgBasCriticalSection@@QAE@XZ
?IsInitialized@AvgBasCriticalSection@@QBG_NXZ
?Release@AvgBasMutex@@QAGHXZ
?Acquire@AvgBasMutex@@QAGHH@Z
?Create@AvgBasMutex@@QAGH_N@Z
?IsInitialized@AvgBasWaitable@@QBG_NXZ
?Move@AvgBasFs@@YGHPB_W0W4FileOverwriteParamters@1@@Z
?ParseWinSecDes@AvgWinSecurityDescriptor@@KGHAAV1@PBXV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@@Z
?ReleaseClonedObject@AvgWinSecurityDescriptor@@UAEXXZ
?ClearSecurityAttributes@AvgWinSecurityDescriptor@@QAGXXZ
?CloneImpl@AvgWinSecurityDescriptor@@MBEHAAPAVAvgSecurityCtx@@@Z
?GetInformationType@AvgWinSecurityDescriptor@@QBG?AV?$AvgFlags@W4InformationValues@AvgWinSecurityDescriptor@@@@XZ
?AvgWinZwOpenFile@@YGHPB_WPAPAXKPAU_IO_STATUS_BLOCK@@KK@Z
?AvgGetTimestamp@@YGKXZ
?AvgKernel32IsFnLoaded_UnhandledExceptionFilter@@YG_NXZ
?AvgKernel32_SetUnhandledExceptionFilter@@YGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z
?AvgWinIsProcessBeingDebugged@@YG_NXZ
?AvgKernel32_UnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
?FreeResource@AvgBasWaitable@@IAGHXZ
?CreateLuid@AvgGuidUtils@@YGHAAU_AvgGuid@@@Z
?Assign@AvgGuidUtils@@YGXAAU_AvgGuid@@ABU2@@Z
?GetCurrentModuleHandle@AvgProcess@@YGPAXXZ
??0AvgUtf16CharHeapBuffer@@QAE@XZ
??1AvgUtf16CharHeapBuffer@@QAE@XZ
?Assign@AvgUtf16CharHeapBuffer@@QAGHPB_WI@Z
?Initialize@AvgWinMandatoryLabel@@QAGHW4Label@1@V?$AvgFlags@W4FlagsValues@AvgWinMandatoryLabel@@@@@Z
?Sleep@AvgBasThread@@SGHH@Z
?GetSpecialFolder@AvgEnvironment@@YGHW4SpecialFolder@1@AAV?$IAvgString@_W$0A@@@@Z
?GetMaxPathLength@AvgEnvironment@@YGHAAIPB_W@Z
??0AvgBasSharedLibraryLoader@@QAE@PB_W@Z
??1AvgBasSharedLibraryLoader@@UAE@XZ
?Load@AvgBasSharedLibraryLoader@@QAGHPB_W@Z
?Unload@AvgBasSharedLibraryLoader@@UAGXXZ
?AttachTo@AvgBasSharedLibraryLoader@@QAGHPBDPCRAX@Z
?Parse@AvgGuidUtils@@YGHAAU_AvgGuid@@PB_W@Z
??0AvgBasWinRegistryHandle@@QAE@W4AvgBasWinRegistryRootType@@@Z
??1AvgBasWinRegistryHandle@@QAE@XZ
?OpenKeyIfExists@AvgBasWinRegistryHandle@@QAGHABU?$AvgStringRefBase@_W$0A@@@@Z
?IsWow64ViewModeSupported@AvgBasWinRegistryHandle@@SG_NXZ
?SetViewMode@AvgBasWinRegistryHandle@@QAGHV?$AvgFlags@W4AvgBasWinRegistryViewModeValues@@@@@Z
?GetStringValue@AvgBasWinRegistryHandle@@QAGHAAV?$IAvgString@_W$0A@@@ABU?$AvgStringRefBase@_W$0A@@@@Z
?CloseKey@AvgBasWinRegistryHandle@@QAGXXZ
?AvgCompareString@@YGHPB_W0II@Z
?AvgConvertMb2Utf16String@@YGHPA_WIPBDW4AvgCodePage@@PAII@Z
?AvgGetMb2Utf16StringSize@@YGHAAIPBDW4AvgCodePage@@I@Z
?DirectoryExists@AvgBasFs@@YGHPB_W@Z
?AvgGetStringSizeInElements@@YGIPB_W@Z
?AvgGetStringSizeInElements@@YGIPBD@Z
?GetModuleDirectory@AvgModule@@YGHPAXAAU_AVG_UTF16CHAR_STR@@PAI@Z
?StartThread@AvgBasThread@@QAGHW4AvgPriority@@PAVAvgSecurityCtx@@V?$AvgFlags@W4ThreadFlag@AvgBasThread@@@@PBD@Z
??0AvgTimeStruct@@QAE@XZ
memcpy
memset
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
__CxxFrameHandler3
_onexit
_lock
__dllonexit
_unlock
strncpy
swprintf_s
_set_invalid_parameter_handler
_invoke_watson
??2@YAPAXI@Z
_close
_write
_lseek
_sopen_s
strcpy_s
_read
remove
_errno
sprintf_s
_stricmp
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z
memmove
_CxxThrowException
??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE