Static task
static1
Behavioral task
behavioral1
Sample
28b244a11859e5fb3a3932c5ebfa62468a69f56c1e3f510938870aa0188c3639.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
28b244a11859e5fb3a3932c5ebfa62468a69f56c1e3f510938870aa0188c3639.exe
Resource
win10v2004-20220901-en
General
-
Target
28b244a11859e5fb3a3932c5ebfa62468a69f56c1e3f510938870aa0188c3639
-
Size
69KB
-
MD5
683cfec086302142e8ab18eab7f8b556
-
SHA1
d45fc5bebb3877bb98821cfa4bd363f712ce6797
-
SHA256
28b244a11859e5fb3a3932c5ebfa62468a69f56c1e3f510938870aa0188c3639
-
SHA512
5e7cff10d8f7aeb5a3483bf178b7c49b9af286778e99ce59d1d4cd6f2cb607584ccad5142d511135f434a951f071b60bd044271f7eb7e05b1ab147a2b77c05f5
-
SSDEEP
1536:Z0AsIrpUla/tKQR3bwRzOcaWiDiUxV/GWo+Z2W0gS:Z0hIrzIQlUFOcaziMVsHgS
Malware Config
Signatures
Files
-
28b244a11859e5fb3a3932c5ebfa62468a69f56c1e3f510938870aa0188c3639.exe windows x86
9f14fbaa5c70352cf5de78ea21627882
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
sqlunirl
_LogonUser_@24
_GetBinaryType_@8
_BackupEventLog_@8
_GetObject@12
_MessageBoxEx_@20
_PageSetupDlg_@4
_SetEnvironmentVariable_@8
_RegisterClipboardFormat_@4
_GetServiceKeyName_@16
_SendMessageCallback_@24
_StartDoc@8
_RegisterClass_@4
_SetUserObjectInformation_@16
_RegisterServiceCtrlHandler_@8
_CommDlg_OpenSave_GetFilePath@12
newMultiByteFromWideChar
_CreateDC_@16
_SetClassLong_@12
_ReplaceText_@4
_GetProcAddress_@8
_CopyFileEx_@24
_GetCharWidth32_@16
_GetEnvironmentStrings_@4
_LoadBitmap@8
_OpenEvent_@12
_TranslateAccelerator@12
_DrawState_@40
_MoveFileEx_@12
_CopyMetaFile_@8
_GetDiskFreeSpaceEx@16
_LoadCursor@8
_DragQueryFile_@16
_OpenSCManager_@12
_EnumDependentServices_@24
_LoadKeyboardLayout_@8
_CharLowerBuff_@8
_AddFontResource_@4
_WriteProfileSection_@8
__hwrite_@12
_GetVersionEx@4
_CreateSemaphore_@16
_RemoveDirectory_@4
_GetPrivateProfileStruct_@20
_CreateFileMapping_@24
ntdll
RtlDowncaseUnicodeString
ZwPrivilegeCheck
NtExtendSection
wcsncmp
ZwQuerySecurityObject
ZwSetIoCompletion
ZwTestAlert
RtlFreeAnsiString
ZwClose
RtlSetInformationAcl
RtlGetCurrentDirectory_U
ZwOpenThreadTokenEx
RtlNumberGenericTableElements
RtlDeleteAtomFromAtomTable
NtUnmapViewOfSection
RtlOpenCurrentUser
ZwReplaceKey
RtlReleasePebLock
RtlEnterCriticalSection
_wcsupr
RtlMoveMemory
RtlGetElementGenericTableAvl
NtOpenIoCompletion
NtMapUserPhysicalPages
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
NtSetTimerResolution
NtAllocateUserPhysicalPages
ZwCreateNamedPipeFile
_fltused
RtlInterlockedPopEntrySList
ZwQuerySystemInformation
ZwEnumerateKey
RtlCaptureStackContext
RtlTraceDatabaseUnlock
NtQueryFullAttributesFile
RtlCopySidAndAttributesArray
NtLockRegistryKey
RtlSetSecurityObjectEx
ZwQuerySymbolicLinkObject
strlen
ZwWaitForSingleObject
DbgBreakPoint
RtlTimeToElapsedTimeFields
ZwSetSecurityObject
isprint
RtlFindMessage
NtGetPlugPlayEvent
RtlCopySecurityDescriptor
NtCreateThread
NtRequestWaitReplyPort
RtlStringFromGUID
NlsAnsiCodePage
RtlFillMemory
RtlDeleteResource
ZwSetVolumeInformationFile
ZwQueryDefaultLocale
RtlQueryInformationActivationContext
ZwOpenTimer
RtlQueryTagHeap
RtlDeactivateActivationContextUnsafeFast
NtAssignProcessToJobObject
ZwFlushWriteBuffer
ZwSetInformationDebugObject
RtlGetFullPathName_U
RtlInitializeGenericTable
RtlZombifyActivationContext
ZwUnloadDriver
RtlSecondsSince1970ToTime
NtSetSecurityObject
RtlInsertElementGenericTable
NtSuspendThread
RtlUnicodeStringToAnsiString
ZwAccessCheckByTypeResultList
gdi32
EqualRgn
DdEntry9
bMakePathNameW
gdiPlaySpoolStream
GdiPlayJournal
SetMiterLimit
EngStretchBltROP
GetPolyFillMode
GetObjectW
DeleteObject
FontIsLinked
GetSystemPaletteUse
BRUSHOBJ_ulGetBrushColor
XLATEOBJ_piVector
GetCurrentPositionEx
CreateDiscardableBitmap
GetRasterizerCaps
SetTextCharacterExtra
GdiConsoleTextOut
GdiEntry6
EngGetCurrentCodePage
DdEntry12
SetMapMode
EnumFontFamiliesA
DdEntry40
GdiAddFontResourceW
CancelDC
kernel32
FindNextVolumeA
SetFileShortNameA
CancelWaitableTimer
HeapFree
GetStartupInfoW
GetDiskFreeSpaceA
SetWaitableTimer
GetNumberOfConsoleFonts
CommConfigDialogA
TransactNamedPipe
DeleteFiber
ShowConsoleCursor
GetLocaleInfoW
SetConsoleCursorPosition
HeapCreate
LZSeek
GetConsoleScreenBufferInfo
VirtualAllocEx
lstrlenA
RemoveLocalAlternateComputerNameA
CmdBatNotification
LocalAlloc
LoadLibraryA
VirtualAlloc
DosDateTimeToFileTime
RemoveLocalAlternateComputerNameW
ReadFileScatter
Beep
GetConsoleNlsMode
SetConsolePalette
BaseInitAppcompatCacheSupport
msvcrt
fscanf
_execle
swscanf
ftell
_wsetlocale
_gcvt
_putwch
??0bad_typeid@@QAE@PBD@Z
malloc
_ismbbpunct
_wutime64
_adj_fpatan
_wctime
calloc
__p__pgmptr
_wexecvp
_getdiskfree
_i64toa
_wexecle
_ismbcpunct
_CIacos
_wexecve
_adj_fprem1
_fmode
_ismbbkana
_locking
_fileno
_snwscanf
_osplatform
fseek
strftime
?_query_new_mode@@YAHXZ
_wcstoui64
ldiv
_nextafter
_getmbcp
__STRINGTOLD
__fpecode
_getdcwd
__getmainargs
atmlib
ATMEnumFontsW
ATMGetNtmFieldsA
ATMGetVersionExA
ATMMakePFMW
ATMBBoxBaseXYShowTextA
ATMAddFont
ATMRemoveFontA
ATMAddFontExA
ATMGetFontInfoA
ATMMakePFMA
ATMFinish
ATMEnumFontsA
ATMGetNtmFields
ATMMakePSS
ATMGetFontPathsA
ATMGetGlyphListW
ATMGetVersion
ATMRemoveSubstFontA
ATMGetGlyphList
ATMClient
ATMAddFontExW
ATMGetPostScriptNameW
ATMGetOutlineW
ATMFontSelected
ATMEnumMMFontsA
ATMXYShowTextW
ATMGetPostScriptName
ATMMakePSSW
ATMGetOutline
ATMEnumMMFonts
ATMGetOutlineA
ATMGetBuildStrW
ATMGetVersionEx
ATMSelectObject
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 197KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ