Static task
static1
Behavioral task
behavioral1
Sample
94c73b35062570dc01003140f1d4839cb121f669e2cc859a16ac8f04e2e4508b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
94c73b35062570dc01003140f1d4839cb121f669e2cc859a16ac8f04e2e4508b.exe
Resource
win10v2004-20220901-en
General
-
Target
94c73b35062570dc01003140f1d4839cb121f669e2cc859a16ac8f04e2e4508b
-
Size
904KB
-
MD5
40450305d7a95677b0f2e4616bf6c5d0
-
SHA1
aa5bb8c16cecd24b0702d115cabdace95d4e49f0
-
SHA256
94c73b35062570dc01003140f1d4839cb121f669e2cc859a16ac8f04e2e4508b
-
SHA512
87bd51315abb908f6646a2106c98c58f0b574bd4552ba573e764d26870da1c122d7aad41e0b183f38e86e5c6c5880b1df375c95ec007d89e77eb778ca6c564f5
-
SSDEEP
12288:lBCXY5Ec4dMynYZXGowght51nUzdzSLAX5EWuiL2eTJsv76mhw0NBz3weMiUnD9:eXcpt1nUztS8XRzTJsv76kw0NBzwI89
Malware Config
Signatures
Files
-
94c73b35062570dc01003140f1d4839cb121f669e2cc859a16ac8f04e2e4508b.exe windows x64
2dcf0dc757c44604bcae3f2308fbbd43
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
CreateProcessAsUserW
CreateRestrictedToken
RegCloseKey
ReadEventLogW
RegOpenKeyExW
RegQueryValueExW
OpenEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
AdjustTokenPrivileges
ConvertStringSidToSidW
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
CopySid
FreeSid
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
ControlService
LookupPrivilegeValueW
QueryServiceConfigW
kernel32
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlPcToFileHeader
LeaveCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFileAttributesW
GetSystemPowerStatus
RemoveDirectoryW
IsValidLanguageGroup
GetLocaleInfoW
OutputDebugStringA
GetFileAttributesW
DeviceIoControl
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSetInformation
CreateEventW
CreateTimerQueueTimer
GetFileSizeEx
GetTempPathW
LoadLibraryW
GetSystemDirectoryW
WriteFile
SetEvent
SetEnvironmentVariableW
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
GetNativeSystemInfo
WaitForSingleObject
VirtualProtect
GetSystemDefaultUILanguage
CompareFileTime
Sleep
LoadLibraryExW
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CreateDirectoryW
DeleteFileW
DeleteTimerQueueTimer
CreateFileW
GetSystemTime
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
CloseHandle
MoveFileExW
GetTickCount
GetCommandLineW
GetLocalTime
GetTimeFormatW
GetDateFormatW
SetLastError
GetLastError
FormatMessageW
SetErrorMode
DebugBreak
GetProcAddress
GetModuleHandleW
LocalFree
LocalAlloc
ConvertDefaultLocale
GetFileInformationByHandle
msvcrt
fclose
memmove
_purecall
wprintf
printf
_wcsicmp
_vsnwprintf
ungetc
realloc
__badioinfo
_read
wcstombs
iswctype
wctomb
__mb_cur_max
mbtowc
localeconv
isleadbyte
isxdigit
isdigit
_write
__pioinfo
??1bad_cast@@UEAA@XZ
??1__non_rtti_object@@UEAA@XZ
??0bad_typeid@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@PEBD@Z
??0bad_cast@@QEAA@PEBD@Z
memset
_fileno
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcsrchr
_wopen
__doserrno
_wremove
_wtempnam
_vsnprintf
_lseek
_close
_wfopen
feof
fgetws
iswspace
wcscmp
towlower
_onexit
__dllonexit
_unlock
_lock
wcschr
wcsstr
vwprintf
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
memcpy
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
malloc
__CxxFrameHandler
free
calloc
_errno
_getch
wcstoul
iswprint
_wtoi
oleaut32
VariantChangeType
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
ole32
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoWaitForMultipleHandles
CoTaskMemAlloc
rpcrt4
UuidFromStringW
secur32
GetUserNameExW
userenv
CreateEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
DestroyEnvironmentBlock
mpclient
MpDynamicSignatureOpen
MpDynamicSignatureEnumerate
MpConfigGetValueAlloc
MpManagerStatusQuery
MpConfigIteratorOpen
MpConfigIteratorEnum
MpConfigIteratorClose
MpHandleClose
MpSampleSubmit
MpSampleQuery
MpUpdateStart
MpManagerStatusQueryEx
MpFreeMemory
MpConfigUninitialize
MpTelemetryUpload
MpQuarantineRequest
MpManagerEnable
MpThreatOpen
MpThreatEnumerate
MpScanResult
MpManagerOpen
MpScanStart
MpTelemetrySetDWORD
MpCleanOpen
MpCleanStart
MpConfigOpen
MpConfigGetValue
MpConfigClose
MpUpdateStartEx
MpManagerVersionQuery
MpAddDynamicSignatureFile
MpClientUtilExportFunctions
MpConfigInitialize
MpTelemetryInitialize
MpTelemetryUninitialize
WDEnable
MpConfigSetValue
MpAllocMemory
MpTelemetrySetIfMaxDWORD
MpTelemetryAddToAverageDWORD
MpUtilsExportFunctions
MpRemoveDynamicSignatureFile
MpConfigDelValue
cabinet
ord13
ord10
ord14
ord11
Sections
.text Size: 197KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 556KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE