Static task
static1
General
-
Target
425150_NdukP5ZD33.exe
-
Size
18.7MB
-
MD5
df33577d5a4121afebe508f33ce8902f
-
SHA1
19aa53de6567cc072d1f8fea016956aabfd2e637
-
SHA256
8e218389e9101eba2de328f14d5c2dde6f3a9b63247a8e15ff1902a824649569
-
SHA512
34c5d6cc934752f33d072a9873497f04dd574e8fc77130e922cd739279fc035efd2dc1ed740592c46934a992b17cf2ee7c0e1f4f6a2e5acde9e7026d2f314d31
-
SSDEEP
393216:RnOEpT2ONHT/pNQXleSMctb5xYMITVNOySsB:NjNHThNQXmEb5xVITVse
Malware Config
Signatures
Files
-
425150_NdukP5ZD33.exe.exe windows x64
61b70b2609e8746d5f65bd81fbd0b0eb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeleteFileW
LeaveCriticalSection
GetStartupInfoW
DeviceIoControl
GetCurrentThreadId
DeleteCriticalSection
RtlLookupFunctionEntry
TlsAlloc
ResetEvent
FormatMessageW
InitializeSListHead
WriteFile
LocalFree
FreeLibrary
GetFileAttributesW
InitializeCriticalSection
HeapFree
DebugBreak
CreateProcessW
SetFilePointer
GetSystemDirectoryW
QueryPerformanceCounter
RtlRestoreContext
SetThreadPriority
TlsSetValue
GetTimeZoneInformation
GetProcessTimes
SetUnhandledExceptionFilter
CreateFileMappingW
SetLastError
HeapAlloc
RtlVirtualUnwind
HeapReAlloc
GetModuleHandleW
IsProcessorFeaturePresent
GetVersionExW
GetLastError
SetEvent
TerminateThread
OpenProcess
CreateEventW
GetTickCount
RtlCaptureContext
GetProcessHeap
CloseHandle
WaitForSingleObjectEx
GetProcessVersion
GetTickCount64
WaitForSingleObject
GetFileSize
VerifyVersionInfoW
ReadFile
EnterCriticalSection
GetModuleFileNameW
TlsGetValue
GetSystemTimeAsFileTime
VirtualAlloc
GetExitCodeProcess
GetComputerNameW
GetSystemDefaultLocaleName
GetCurrentDirectoryW
Sleep
GetPhysicallyInstalledSystemMemory
GetCurrentProcessId
IsDebuggerPresent
LoadLibraryExW
GetProcAddress
CreateFileW
FileTimeToSystemTime
VerSetConditionMask
UnhandledExceptionFilter
FlsSetValue
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
api-ms-win-crt-utility-l1-1-0
srand
rand
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
__setusermatherr
cosf
sinf
ldexp
api-ms-win-crt-convert-l1-1-0
atoi
strtoull
_wtoi
wcstoull
advapi32
RegCloseKey
AdjustTokenPrivileges
GetUserNameW
RegOpenKeyExW
OpenProcessToken
CryptGenRandom
RegDeleteValueW
CryptReleaseContext
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegGetValueW
CryptAcquireContextW
user32
GetWindowRect
DefWindowProcW
SetWindowLongPtrW
KillTimer
GetForegroundWindow
GetSystemMetrics
GetActiveWindow
DispatchMessageW
CreateWindowExW
MessageBoxW
RegisterClassExW
wsprintfW
LoadIconW
EnumDisplayDevicesW
TranslateMessage
EndPaint
BringWindowToTop
DestroyWindow
SetTimer
ShowWindow
BeginPaint
GetMessageW
LoadCursorW
CloseWindow
RedrawWindow
UpdateWindow
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
shlwapi
ord12
msvcp140
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
_Cnd_destroy
?_Random_device@std@@YAIXZ
_Thrd_detach
_Cnd_init
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Incref@facet@locale@std@@UEAAXXZ
??0ios_base@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
_Unlink
?_Throw_Cpp_error@std@@YAXH@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
_Thrd_start
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
_Thrd_yield
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
_Thrd_join
?_Id_cnt@id@locale@std@@0HA
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
_Mtx_unlock
?_Init@ios_base@std@@IEAAXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
_Stat
_Mtx_lock
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??1_Lockit@std@@QEAA@XZ
??1ios_base@std@@UEAA@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Throw_C_error@std@@YAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
_Cnd_wait
_Close_dir
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
_Read_dir
?_Xout_of_range@std@@YAXPEBD@Z
_Remove_dir
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_init
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?clear@ios_base@std@@QEAAXH_N@Z
_Lstat
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Cnd_signal
_Thrd_id
_Open_dir
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Mtx_destroy
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_crt_atexit
_set_app_type
_wassert
_configure_wide_argv
_exit
_errno
_initialize_wide_environment
_initterm
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_c_exit
terminate
exit
_initterm_e
_register_onexit_function
_get_wide_winmain_command_line
_cexit
gdiplus
GdipCloneImage
GdipNewPrivateFontCollection
GdipFillRectangle
GdipDeleteStringFormat
GdipAddPathLineI
GdipCreateFont
GdipAddPathRectangleI
GdipCreateStringFormat
GdipFillPath
GdipSetSmoothingMode
GdipMeasureString
GdipCreateFromHDC
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdipSetStringFormatAlign
GdiplusShutdown
GdipCloneFontFamily
GdipDrawString
GdipDrawPath
GdipGetFontCollectionFamilyList
GdipCreatePath
GdipSetSolidFillColor
GdipLoadImageFromStream
GdipPrivateAddMemoryFont
GdipSetStringFormatLineAlign
GdipSetCompositingQuality
GdipDisposeImage
GdipSetPenColor
GdipDeleteFontFamily
GdipGetPathWorldBoundsI
GdipSetTextRenderingHint
GdipDrawLineI
GdipAlloc
GdipDeleteGraphics
GdipDrawRectangleI
GdipSetPenWidth
GdipTranslateWorldTransform
GdipDeletePen
GdipDrawImageRect
GdipDeletePrivateFontCollection
GdipFillRectangleI
GdipFree
GdipDrawLine
GdipDeleteFont
GdipEndContainer
GdipDeleteBrush
GdipCreatePen1
GdipCreateLineBrushI
GdipSetClipRectI
GdiplusStartup
GdipDeletePath
GdipBeginContainer2
shell32
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
vcruntime140
__std_type_info_compare
_CxxThrowException
__std_exception_copy
memmove
memchr
memcmp
_purecall
__std_terminate
__C_specific_handler
wcsstr
__CxxFrameHandler3
memcpy
__vcrt_InitializeCriticalSectionEx
__std_exception_destroy
memset
api-ms-win-crt-string-l1-1-0
wcscpy_s
strlen
wcslen
strcpy_s
wcscat_s
_wcsnicmp
_stricmp
_wcslwr_s
isalnum
wcscat
tolower
wcscmp
wcscpy
gdi32
GetStockObject
SelectObject
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
DeleteDC
DeleteObject
api-ms-win-crt-stdio-l1-1-0
_fseeki64
setvbuf
fsetpos
fclose
fseek
__stdio_common_vsnwprintf_s
fread
__stdio_common_vswprintf_s
fflush
fgetwc
fopen_s
_get_stream_buffer_pointers
fgetpos
fputc
fwrite
_set_fmode
ungetc
fgetc
ungetwc
__p__commode
fputwc
api-ms-win-crt-heap-l1-1-0
free
_callnewh
malloc
_set_new_mode
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 880KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xwJSI0 Size: - Virtual size: 440B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xwJSI1 Size: - Virtual size: 17.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
xwJSI2 Size: 18.7MB - Virtual size: 18.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 433B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ