Static task
static1
Behavioral task
behavioral1
Sample
78db4a8f418433443c02566d95f14febf7263d40b042d8c1294399ef385c5f95.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
78db4a8f418433443c02566d95f14febf7263d40b042d8c1294399ef385c5f95.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
78db4a8f418433443c02566d95f14febf7263d40b042d8c1294399ef385c5f95
-
Size
346KB
-
MD5
470ea5e2f72ebca6fea526786de9cff0
-
SHA1
08340ee1208df546a0b08ced702fc201672880c1
-
SHA256
78db4a8f418433443c02566d95f14febf7263d40b042d8c1294399ef385c5f95
-
SHA512
d80971c319761e5f167569afffe7d1cc9d884fb083a4a46e03c903cb2813dc6ec0bcadb98433c3e4065054c35143b29e828edf7db3d48c69de75c2902c6d21f8
-
SSDEEP
6144:3UZpZnEc/Wm/NcMwIlzYEy5EIBcveRrl2cWYBEuZRBs1Ti1xGerEhgVIXFMLGH:EXBEyWwGMTlzYX5E0lUFuaRerLIX/H
Malware Config
Signatures
Files
-
78db4a8f418433443c02566d95f14febf7263d40b042d8c1294399ef385c5f95.exe windows x86
af1733385ef5722e64a2a16dbfb35a22
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
EventWrite
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
EventRegister
EventUnregister
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegDeleteKeyW
ConvertSidToStringSidW
kernel32
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
OutputDebugStringA
CreateEventW
SetEvent
MulDiv
GetSystemTime
GetProcAddress
GetLastError
FreeLibrary
LoadLibraryW
LocalFree
LocalAlloc
HeapAlloc
GetProcessHeap
CloseHandle
ReleaseMutex
WaitForSingleObject
lstrlenW
GetPrivateProfileStringW
GetVersionExW
DuplicateHandle
OpenMutexW
MultiByteToWideChar
HeapFree
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
RegGetValueW
RegEnumValueW
FileTimeToSystemTime
GetFileAttributesW
SetThreadPriority
GetCurrentThread
OutputDebugStringW
GetModuleFileNameW
EnterCriticalSection
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
RegisterApplicationRecoveryCallback
CreateThread
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
UnregisterApplicationRecoveryCallback
RegisterApplicationRestart
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
UnregisterApplicationRestart
lstrcmpiW
LoadLibraryExW
GetCommandLineW
CreateDirectoryW
DeleteFileW
CreateMutexW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
DebugBreak
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
CompareStringW
gdi32
GdiAlphaBlend
CreateDIBSection
GetObjectW
GetTextExtentPoint32W
DeleteDC
SetLayout
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetClipRgn
BitBlt
CreateSolidBrush
GdiGradientFill
DeleteObject
CreateRectRgn
GetTextFaceW
CreateFontW
user32
ShowWindow
GetScrollInfo
SetScrollInfo
SetScrollRange
ShowScrollBar
CopyRect
OffsetRect
GetDC
ReleaseDC
BeginDeferWindowPos
EndDeferWindowPos
SetCursor
GetDesktopWindow
InflateRect
PtInRect
DefWindowProcW
DestroyMenu
GetWindowRect
SetWindowPos
LockWindowUpdate
InvalidateRect
DestroyWindow
SetGestureConfig
GetMenuItemCount
GetMenuItemInfoW
GetSystemMenu
EnableMenuItem
MapWindowPoints
ReleaseCapture
SetMenuItemInfoW
SendMessageW
PostMessageW
GetWindowLongW
GetSubMenu
GetClientRect
ClientToScreen
TrackPopupMenu
GetFocus
UnregisterClassW
LoadCursorW
LoadIconW
RegisterClassW
MessageBoxW
GetUpdateRect
RemoveMenu
ChangeWindowMessageFilter
GetWindowPlacement
SetWindowPlacement
PostQuitMessage
SetActiveWindow
EqualRect
IntersectRect
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
CharNextW
SetProcessDPIAware
SetForegroundWindow
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
CopyAcceleratorTableW
DeferWindowPos
RegisterClassExW
UpdateLayeredWindow
FillRect
SetWindowLongW
EndPaint
ShowCaret
GetAsyncKeyState
GetKeyState
IsWindowVisible
UpdateWindow
GetSysColor
HideCaret
BeginPaint
GetParent
EnableWindow
GetSysColorBrush
DestroyAcceleratorTable
TranslateAcceleratorW
GetMessageExtraInfo
IsClipboardFormatAvailable
LoadMenuW
GetScrollBarInfo
UnregisterClassA
LoadImageW
GetKeyboardLayout
LoadAcceleratorsW
GetSystemMetrics
ScreenToClient
CreateWindowExW
SetRect
GetWindowTextW
GetWindowTextLengthW
EnableScrollBar
SetFocus
CreateCaret
SetCaretPos
SetTimer
SetScrollPos
KillTimer
ScrollWindowEx
SystemParametersInfoW
SetCapture
GetAncestor
msvcrt
_purecall
free
calloc
memcpy_s
_CxxThrowException
__CxxFrameHandler3
memset
wcscpy_s
_ftol2
_ftol2_sse
_CIsin
_CIcos
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_wcsicmp
_vscwprintf
vswprintf_s
malloc
wcsncpy_s
_controlfp
_errno
realloc
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
_vsnwprintf
wcstoul
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_callnewh
??0exception@@QAE@XZ
memmove_s
ntdll
WinSqmIsOptedIn
WinSqmStartSession
WinSqmSetIfMaxDWORD
WinSqmAddToStream
WinSqmEndSession
shell32
ord165
SHCreateDirectoryExW
SHGetKnownFolderPath
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
SetCurrentProcessExplicitAppUserModelID
shlwapi
ord16
ord184
SHStrDupW
PathFileExistsW
SHCreateStreamOnFileW
ord154
ord219
ord212
ord628
ole32
StgOpenStorageEx
StgCreateStorageEx
OleSaveToStream
OleLoadFromStream
CoSetProxyBlanket
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
OleUninitialize
OleInitialize
CoInitializeEx
WriteClassStm
oleaut32
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime
VarUI4FromStr
SysAllocString
SafeArrayAccessData
comctl32
ord336
ord386
ord334
ord329
ord332
ord328
ord345
slc
SLGetWindowsInformationDWORD
dwmapi
DwmSetWindowAttribute
DwmInvalidateIconicBitmaps
DwmSetIconicThumbnail
DwmSetIconicLivePreviewBitmap
uxtheme
OpenThemeData
GetThemeFont
CloseThemeData
dui70
UnInitThread
?Register@HWNDElement@DirectUI@@SGJXZ
?Register@HWNDHost@DirectUI@@SGJXZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
??1CritSecLock@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
UnInitProcessPriv
InitProcessPriv
??1ClassInfoBase@DirectUI@@UAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?SetAbsorbsShortcut@Element@DirectUI@@QAEJ_N@Z
?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?Initialize@NativeHWNDHost@DirectUI@@QAEJPBG0PAUHWND__@@PAUHICON__@@HHHHHHPAUHINSTANCE__@@I@Z
?Destroy@NativeHWNDHost@DirectUI@@QAEXXZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
??1NativeHWNDHost@DirectUI@@UAE@XZ
??0NativeHWNDHost@DirectUI@@QAE@XZ
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?GetHWND@NativeHWNDHost@DirectUI@@QAEPAUHWND__@@XZ
InitThread
??1HWNDElement@DirectUI@@UAE@XZ
?CreateStyleParser@HWNDElement@DirectUI@@UAEJPAPAVDUIXmlParser@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
??0HWNDElement@DirectUI@@QAE@XZ
?SetAccValue@Element@DirectUI@@QAEJPBG@Z
??0HWNDHost@DirectUI@@QAE@XZ
?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??1HWNDHost@DirectUI@@UAE@XZ
?SetDirection@Element@DirectUI@@QAEJH@Z
?EnabledProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetLocation@Element@DirectUI@@QAEPBUtagPOINT@@PAPAVValue@2@@Z
?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z
?BackgroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
?GetType@Value@DirectUI@@QBEHXZ
?GetFill@Value@DirectUI@@QAEPBUFill@2@XZ
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?UpdateSheets@DUIXmlParser@DirectUI@@QAEJPAVElement@2@@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?WindowActiveProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetSheet@DUIXmlParser@DirectUI@@QAEJPBGPAPAVValue@2@@Z
?SheetProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?Release@Value@DirectUI@@QAEXXZ
?GetID@Element@DirectUI@@QAEGXZ
?GetWindowActive@Element@DirectUI@@QAE_NXZ
?MouseWithinProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetBool@Value@DirectUI@@QAE_NXZ
?SetWindowActive@Element@DirectUI@@QAEJ_N@Z
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
gdiplus
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipCloneBrush
GdipDrawImagePoints
GdipDrawImageRectI
GdipFillRectangleI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdiplusStartup
GdipSetCompositingMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCreateTexture
GdipSetInterpolationMode
rpcrt4
UuidCreateSequential
UuidToStringW
RpcStringFreeW
UuidCreate
windowscodecs
WICCreateImagingFactory_Proxy
Sections
.text Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE