Static task
static1
Behavioral task
behavioral1
Sample
e2ebb51e25ea8e6f1d4e8f6c265f89d90c780bb954c93d202020de0df2862e03.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
e2ebb51e25ea8e6f1d4e8f6c265f89d90c780bb954c93d202020de0df2862e03.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
e2ebb51e25ea8e6f1d4e8f6c265f89d90c780bb954c93d202020de0df2862e03
-
Size
536KB
-
MD5
00035aee62f9626f3125eee494031680
-
SHA1
91e73a2e608af88c303bcfacb0e0cef84460814c
-
SHA256
e2ebb51e25ea8e6f1d4e8f6c265f89d90c780bb954c93d202020de0df2862e03
-
SHA512
3991a9c9d44d56febd5170a9f127016aa2229e005dc6ad181addc15bc4189f7f59ff63faa4ada68d74cadb24aad372b76ad908be6d6e4c018d72270c68834796
-
SSDEEP
6144:HA8qXJ0LwVwIieUf/Xb7xkwAza+TBqvI8yO+JaMwd498:HAjuLwyvPpAzLTsvlMG
Malware Config
Signatures
Files
-
e2ebb51e25ea8e6f1d4e8f6c265f89d90c780bb954c93d202020de0df2862e03.exe windows x86
90ddb5845034f65241624cc3b8c19009
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wtsapi32
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
msimg32
TransparentBlt
core
?GetLanguage@ConfigurationManager@NMC@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?CheckAndSwitchDeviceMode@DeviceManager@NMC@@SA_NW4DeviceCheckSource@12@@Z
?Cleanup@Controller@NMC@@SAXXZ
?GetDeviceInfoCached@DeviceManager@NMC@@SA?AUModemInfo@2@XZ
?GetDeviceDescriptor@DeviceManager@NMC@@SA?AUDeviceDescriptor@2@XZ
?IsInternetConnected@Controller@NMC@@SA_NXZ
?IsDevice@DeviceManager@NMC@@SA_NXZ
??1DeviceDescriptor@NMC@@QAE@XZ
??1ModemInfo@NMC@@QAE@XZ
?IsUpdateAvailable@VersionChecker@NMC@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?GetCurrentVersion@ConfigurationManager@NMC@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetUpgradeCode@ConfigurationManager@NMC@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?ProcessUserInput@Controller@NMC@@SA_NW4UserInput@12@@Z
?GetCurrentState@Controller@NMC@@SA?AW4ControllerStates@12@XZ
?SignalModemArrived@DeviceManager@NMC@@SAXXZ
?GetCloseToTray@ConfigurationManager@NMC@@SA_NXZ
?SetIsApplicationActive@Controller@NMC@@SAX_N@Z
?IsActiveWindowsSession@Controller@NMC@@SA_NXZ
?SetIsActiveWindowsSession@Controller@NMC@@SAX_N@Z
?SuppressCleanup@DeviceManager@NMC@@SAX_N@Z
?Initialize@Controller@NMC@@SAXXZ
?Initialize@DeviceManager@NMC@@SAXXZ
?GetSessionId@Controller@NMC@@SAKXZ
??0AccessPointInfo@NMC@@QAE@XZ
?GetAccessPoint@AccessPointInfo@NMC@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?IsDeviceConnected@Controller@NMC@@SA_NXZ
?SetAccessPoint@AccessPointInfo@NMC@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsNetworkAvailable@Controller@NMC@@SA_NXZ
?SetUserName@AccessPointInfo@NMC@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetPassword@AccessPointInfo@NMC@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetCurrentAccessPoint@Controller@NMC@@SA?AVAccessPointInfo@2@XZ
?SetCustomAccessPoint@ConfigurationManager@NMC@@SAXABVAccessPointInfo@2@@Z
??1AccessPointInfo@NMC@@UAE@XZ
?SetCustomAtCommands@ConfigurationManager@NMC@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetDefaultPageUrl@ConfigurationManager@NMC@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetCloseToTray@ConfigurationManager@NMC@@SAX_N@Z
?Initialize@Controller@NMC@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?GetValidAccessPoints@Controller@NMC@@SA?AV?$deque@VAccessPointInfo@NMC@@V?$allocator@VAccessPointInfo@NMC@@@std@@@std@@XZ
?SetLaunchOnWindowsStartup@ConfigurationManager@NMC@@SAX_N@Z
?GetAccessPointMode@ConfigurationManager@NMC@@SA?AW4AccessPointMode@AccessPoint@2@XZ
?SetOpenWebPage@ConfigurationManager@NMC@@SAX_N@Z
?IsEmpty@AccessPointInfo@NMC@@QBE_NXZ
?Save@ConfigurationManager@NMC@@SAXXZ
?IsDetectingDevice@DeviceManager@NMC@@SA_NXZ
?Load@ConfigurationManager@NMC@@SAXXZ
?GetNetworkInfo@Controller@NMC@@SA?AUNetworkInfo@2@XZ
?GetCustomAccessPoint@ConfigurationManager@NMC@@SA?AVAccessPointInfo@2@XZ
?GetUserNameW@AccessPointInfo@NMC@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Register@GenericEvent@NMC@@QAEXAAVGenericEventHandler@2@@Z
?GetBranded@ConfigurationManager@NMC@@SA_NXZ
?GetPassword@AccessPointInfo@NMC@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetCustomAtCommands@ConfigurationManager@NMC@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDefaultPageUrl@ConfigurationManager@NMC@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDeviceInfo@DeviceManager@NMC@@SA?AUModemInfo@2@XZ
?GetLaunchOnWindowsStartup@ConfigurationManager@NMC@@SA_NXZ
?FindModemModel@DeviceManager@NMC@@SAXAAUModemInfo@2@@Z
?GetOpenWebPage@ConfigurationManager@NMC@@SA_NXZ
?GetAutoconnectTimerRemainingTime@Controller@NMC@@SAHXZ
?GetModemInfo@Controller@NMC@@SA?AUModemInfo@2@XZ
??_7GenericEventHandler@NMC@@6B@
?GetConnectionStatistics@Controller@NMC@@SA?AU_RAS_STATS@@XZ
?IsRefreshEnabled@Controller@NMC@@SA_NXZ
?SetIsMainView@Controller@NMC@@SAX_N@Z
?SetSelectedAccessPointIndex@Controller@NMC@@SA_NH@Z
?SetAccessPointMode@ConfigurationManager@NMC@@SAXW4AccessPointMode@AccessPoint@2@@Z
?GetSessionBasedBilling@AccessPointInfo@NMC@@QBE_NXZ
?EventUpdateUi@Controller@NMC@@2VGenericEvent@2@A
?EventApDeterminingFinished@Controller@NMC@@2VGenericEvent@2@A
?EventStartAutoconnectTimer@Controller@NMC@@2VGenericEvent@2@A
?EventStopAutoconnectTimer@Controller@NMC@@2VGenericEvent@2@A
??0GenericEvent@NMC@@QAE@XZ
??1GenericEvent@NMC@@QAE@XZ
?RaiseEvent@GenericEvent@NMC@@QAEXABUGenericEventArgs@2@@Z
??1NetworkInfo@NMC@@QAE@XZ
comctl32
InitCommonControlsEx
kernel32
GetModuleHandleW
FreeLibrary
FindFirstFileW
FindClose
GetUserDefaultUILanguage
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentThreadId
CloseHandle
GetModuleFileNameW
SetCurrentDirectoryW
CreateMutexW
GetLastError
GetCommandLineW
LocalFree
Sleep
CreateWaitableTimerW
WaitForSingleObject
SetWaitableTimer
CancelWaitableTimer
ResetEvent
CreateThread
SetEvent
TerminateThread
WTSGetActiveConsoleSessionId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
CreateEventW
user32
DestroyIcon
DestroyCursor
LoadBitmapW
ModifyMenuW
TrackPopupMenu
LoadIconW
AppendMenuW
CreatePopupMenu
LoadCursorW
SetCursor
GetDesktopWindow
UnregisterDeviceNotification
PostQuitMessage
RegisterDeviceNotificationW
SetWindowRgn
GetSystemMetrics
FillRect
PtInRect
SetLayeredWindowAttributes
GetMessageW
UpdateWindow
GetWindowRect
UnregisterClassW
RegisterClassExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
EndPaint
DrawTextW
BeginPaint
DefWindowProcW
ReleaseDC
GetDC
GetSysColorBrush
SetClassLongW
CreateWindowExW
EnableWindow
IsWindowVisible
IsWindowEnabled
SetFocus
TrackMouseEvent
InvalidateRect
SetWindowLongW
GetWindowLongW
GetClientRect
ShowWindow
GetCursorPos
SendMessageW
FindWindowW
LoadStringW
SetForegroundWindow
SetWindowPos
gdi32
GetDIBits
SetDIBits
CreateDIBSection
CreateFontIndirectW
AddFontResourceExW
RemoveFontResourceExW
CreatePatternBrush
CreateRoundRectRgn
MaskBlt
GetStockObject
StretchBlt
CreateCompatibleBitmap
BitBlt
GetObjectW
DeleteObject
DeleteDC
SetTextColor
SetBkMode
CreateCompatibleDC
SelectObject
SetLayout
GetLayout
GetTextExtentPoint32W
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
Shell_NotifyIconW
CommandLineToArgvW
msvcp80
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
msvcr80
wcsncpy_s
pow
memcpy
_CxxThrowException
_wfopen
fread
fclose
sprintf
abort
_setjmp3
strncpy
longjmp
fprintf
_iob
malloc
free
strtod
_ftol
_CIpow
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_wcmdln
toupper
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
memcmp
memset
abs
?what@exception@std@@UBEPBDXZ
memmove_s
??0exception@std@@QAE@ABQBD@Z
wcscpy_s
Sections
.text Size: 152KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 48KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 320KB - Virtual size: 340KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE