Static task
static1
Behavioral task
behavioral1
Sample
0eee036050176cd459eb2782daa45d48cec17d0432a13075d2594b6c3bcfc024.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0eee036050176cd459eb2782daa45d48cec17d0432a13075d2594b6c3bcfc024.exe
Resource
win10v2004-20220812-en
General
-
Target
0eee036050176cd459eb2782daa45d48cec17d0432a13075d2594b6c3bcfc024
-
Size
106KB
-
MD5
37a1f9fba22022966cfeb8b32663d840
-
SHA1
a835882ed20b063b1d52ce2df438ca915a09a50d
-
SHA256
0eee036050176cd459eb2782daa45d48cec17d0432a13075d2594b6c3bcfc024
-
SHA512
08b5505dccb2c27ee24aedde4072fef45badf31566083d5d13a381f7b6e79e3607b7154b186cb299e484a388ff4816b47cb66536d88416cb6c9a04059c859376
-
SSDEEP
3072:ChtHPI33xtfVH84ea65AdSnNWbx/65SwfwXyH:CtHPI3htfJdea7V56pf5
Malware Config
Signatures
Files
-
0eee036050176cd459eb2782daa45d48cec17d0432a13075d2594b6c3bcfc024.exe windows x86
9c3dfd258cafd7284d517368f4f118c2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegConnectRegistryW
LookupAccountSidW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
kernel32
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetLocaleInfoW
SetLastError
GetNumberFormatW
OpenProcess
InterlockedDecrement
GetLastError
GetCurrentThreadId
HeapSetInformation
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
GetTimeFormatW
GetModuleFileNameW
FileTimeToSystemTime
SetConsoleMode
GetCurrentProcess
ReadConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
GetComputerNameExW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
CloseHandle
FreeLibrary
ReadFile
msvcrt
wcstod
fprintf
fflush
_vsnwprintf
wcstol
wcsstr
wcstoul
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
_wtoi64
_wcsicmp
free
_wcsdup
wcscpy_s
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsrchr
__iob_func
wcschr
memset
memcpy
__CxxFrameHandler3
wcstok
_memicmp
_get_osfhandle
_errno
_fileno
user32
GetWindowThreadProcessId
EnumWindows
CloseDesktop
SetThreadDesktop
IsHungAppWindow
GetWindowTextW
GetWindowLongW
wsprintfW
EnumWindowStationsW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
FindWindowExW
GetWindow
LoadStringW
CharUpperW
OpenDesktopW
GetThreadDesktop
EnumDesktopsW
ntdll
RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields
ole32
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
mpr
WNetGetLastErrorW
WNetAddConnection2W
WNetCancelConnection2W
oleaut32
SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear
secur32
GetUserNameExW
ws2_32
FreeAddrInfoW
GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup
WSACleanup
framedynos
??4CHString@@QAEABV0@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBD@Z
?Left@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Find@CHString@@QBEHPBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXPBGZZ
?Empty@CHString@@QAEXXZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
netapi32
NetApiBufferFree
NetServerGetInfo
dbghelp
EnumerateLoadedModulesW64
shlwapi
StrStrIW
StrChrIW
StrStrW
StrChrW
Sections
.text Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 31KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE