Static task
static1
Behavioral task
behavioral1
Sample
7aeb7398638de4d1a43234516a3e555e2f9f55b50903af1aaf03709cb1df9502.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7aeb7398638de4d1a43234516a3e555e2f9f55b50903af1aaf03709cb1df9502.exe
Resource
win10v2004-20220812-en
General
-
Target
7aeb7398638de4d1a43234516a3e555e2f9f55b50903af1aaf03709cb1df9502
-
Size
255KB
-
MD5
532192f1c35244fd20225cea53696970
-
SHA1
a098661aaa08880ae71bb346c0b636c63775bc82
-
SHA256
7aeb7398638de4d1a43234516a3e555e2f9f55b50903af1aaf03709cb1df9502
-
SHA512
1adf79ed96e6907e7dc903dfc75076b9873a73b146b172a0367d7be4752d4d7c714d61d0abbd06d8105d3581b667a6998bd7e3a6938700b91aa86b4799f56877
-
SSDEEP
6144:xHU9RQx48WDcjg6Qrld11Rx24MGRY/ih6I1UwgDEr+mwDyi/8CHp7U:xUQngPdJM4WiLUwlVI8a
Malware Config
Signatures
Files
-
7aeb7398638de4d1a43234516a3e555e2f9f55b50903af1aaf03709cb1df9502.exe windows x86
6ce55ab13005b9b0e12ed74a434064e0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExA
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegEnumValueW
SetSecurityDescriptorDacl
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyExA
GetTokenInformation
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW
RegSetValueExA
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegOpenKeyExW
GetLengthSid
AdjustTokenPrivileges
OpenThreadToken
RegCreateKeyExW
OpenThreadToken
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegOpenKeyExW
RegSetValueExA
InitializeAcl
SetSecurityDescriptorDacl
RegQueryValueExW
AddAccessAllowedAce
RegOpenKeyExA
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExA
RegQueryValueExW
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegCloseKey
GetLengthSid
RegOpenKeyW
RegEnumKeyExW
InitializeAcl
RegQueryValueExA
RegOpenKeyW
GetTokenInformation
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
OpenThreadToken
RegSetValueExA
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExW
CloseServiceHandle
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
RegQueryValueExA
AddAccessAllowedAce
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
InitializeAcl
OpenThreadToken
RegDeleteKeyW
InitializeSecurityDescriptor
CloseServiceHandle
RegSetValueExW
RegOpenKeyExA
AddAccessAllowedAce
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegCloseKey
GetLengthSid
FreeSid
SetSecurityDescriptorDacl
SetSecurityDescriptorDacl
OpenThreadToken
RegSetValueExW
OpenProcessToken
InitializeAcl
RegOpenKeyExW
OpenProcessToken
RegEnumValueW
InitializeSecurityDescriptor
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegSetValueExW
FreeSid
AllocateAndInitializeSid
RegEnumKeyExW
RegEnumKeyExW
FreeSid
RegQueryValueExW
RegOpenKeyW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExA
SetSecurityDescriptorDacl
CloseServiceHandle
AllocateAndInitializeSid
FreeSid
GetLengthSid
RegQueryValueExA
RegDeleteKeyW
CloseServiceHandle
RegDeleteValueW
RegQueryInfoKeyW
AllocateAndInitializeSid
FreeSid
GetTokenInformation
FreeSid
OpenThreadToken
OpenThreadToken
RegCreateKeyExA
GetTokenInformation
RegEnumValueW
RegCloseKey
AdjustTokenPrivileges
SetSecurityDescriptorDacl
RegEnumValueW
RegQueryValueExW
CloseServiceHandle
RegOpenKeyExW
AdjustTokenPrivileges
RegEnumValueW
FreeSid
RegCreateKeyExW
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW
InitializeAcl
InitializeAcl
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
InitializeAcl
SetSecurityDescriptorDacl
GetTokenInformation
RegDeleteValueW
GetLengthSid
RegEnumValueW
RegCreateKeyExA
RegEnumKeyExW
InitializeAcl
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegSetValueExW
RegSetValueExA
RegSetValueExA
AllocateAndInitializeSid
OpenProcessToken
FreeSid
RegEnumKeyExW
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegSetValueExA
SetSecurityDescriptorDacl
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
OpenProcessToken
RegCreateKeyExW
SetSecurityDescriptorDacl
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
CloseServiceHandle
RegOpenKeyW
RegDeleteValueW
RegOpenKeyExA
AdjustTokenPrivileges
AdjustTokenPrivileges
RegCloseKey
AdjustTokenPrivileges
CloseServiceHandle
RegCreateKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
OpenThreadToken
RegOpenKeyW
SetSecurityDescriptorDacl
RegOpenKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExA
RegCreateKeyExW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExA
RegEnumKeyExW
CloseServiceHandle
AdjustTokenPrivileges
RegEnumValueW
GetLengthSid
AdjustTokenPrivileges
InitializeAcl
InitializeAcl
RegDeleteKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
AdjustTokenPrivileges
RegCloseKey
SetSecurityDescriptorDacl
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
OpenProcessToken
CloseServiceHandle
AllocateAndInitializeSid
AllocateAndInitializeSid
RegEnumValueW
RegSetValueExW
InitializeAcl
OpenProcessToken
kernel32
WriteProfileStringA
ReadConsoleOutputCharacterA
QueryPerformanceFrequency
GetLastError
QueryPerformanceFrequency
WriteProfileStringA
IsProcessorFeaturePresent
IsBadReadPtr
QueryPerformanceFrequency
RaiseException
_lclose
RaiseException
Process32Next
WriteProfileStringA
IsBadReadPtr
RemoveDirectoryA
IsProcessorFeaturePresent
CreateHardLinkW
_lclose
EnumSystemCodePagesW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
QueryPerformanceFrequency
EnumSystemCodePagesW
ReadConsoleOutputCharacterA
Process32Next
GetTapeStatus
GlobalMemoryStatus
Beep
GetWindowsDirectoryW
QueryPerformanceCounter
WriteProfileStringA
WriteProfileStringA
InitAtomTable
CreateHardLinkW
QueryPerformanceCounter
GlobalMemoryStatus
FatalAppExitA
GetCurrentDirectoryW
GlobalFree
RaiseException
LocalUnlock
user32
IsZoomed
WINNLSEnableIME
BeginPaint
PostThreadMessageA
CallNextHookEx
SetWindowsHookW
PostThreadMessageA
PtInRect
EnumDisplaySettingsExW
GetTitleBarInfo
IsZoomed
SendMessageCallbackW
TranslateAcceleratorA
GetMessageW
SendMessageW
UnhookWindowsHookEx
PostThreadMessageA
SetWindowTextA
FindWindowA
TranslateAcceleratorA
SetWindowTextA
CharPrevW
WINNLSEnableIME
AdjustWindowRect
SendMessageW
SetWindowsHookW
TileWindows
PostThreadMessageA
PackDDElParam
EnumDisplaySettingsA
EnumDisplaySettingsA
UnhookWindowsHookEx
TranslateAcceleratorA
TileWindows
BeginPaint
TranslateAcceleratorA
AdjustWindowRect
TranslateAcceleratorA
CharPrevW
EnumDisplaySettingsA
TranslateAcceleratorA
PostThreadMessageA
DrawFrameControl
AdjustWindowRect
GetTitleBarInfo
SendMessageW
UnhookWindowsHookEx
EndPaint
SendMessageCallbackW
SetWindowTextA
PackDDElParam
BeginPaint
TileWindows
TranslateAcceleratorA
GetMessageW
LoadMenuW
PackDDElParam
EnumDisplaySettingsA
PostThreadMessageA
GetMessageW
SetWindowTextA
GetTitleBarInfo
PackDDElParam
DrawFrameControl
GetWindowRgn
TranslateAcceleratorA
DrawFrameControl
AdjustWindowRect
MonitorFromPoint
PtInRect
SetWindowTextA
GetMessageW
DrawMenuBar
GetMessageW
SendMessageCallbackW
SetWindowsHookW
CharPrevW
CharPrevW
SetWindowTextA
SetWindowsHookW
TranslateAcceleratorA
LoadStringA
FindWindowA
FindWindowA
AdjustWindowRect
FindWindowA
SetWindowTextA
DdeCmpStringHandles
SendMessageW
EndPaint
SetWindowTextA
GetTitleBarInfo
TileWindows
EnumDisplaySettingsA
FindWindowA
WINNLSEnableIME
LoadStringA
SetWindowsHookW
LoadStringA
AdjustWindowRect
TranslateAcceleratorA
SetWindowsHookW
EnumDisplaySettingsA
PtInRect
SetWindowsHookW
LoadMenuW
DrawMenuBar
EndPaint
DrawFrameControl
WINNLSGetEnableStatus
LoadStringA
IsZoomed
TileWindows
TileWindows
CreateDesktopW
SetWindowTextA
AdjustWindowRect
DrawMenuBar
DdeCmpStringHandles
SetWindowsHookW
GetMessageW
SendMessageW
IsZoomed
GetTitleBarInfo
CharPrevW
SetWindowTextA
IsZoomed
BeginPaint
DrawFrameControl
WINNLSEnableIME
TranslateAcceleratorA
EnumDisplaySettingsA
SetWindowTextA
GetMessageW
SetWindowTextA
DrawFrameControl
SetWindowTextA
EnumDisplaySettingsA
WindowFromPoint
SetWindowTextA
SetWindowTextA
TranslateAcceleratorA
DdeCmpStringHandles
DrawFrameControl
SendMessageW
LoadStringA
PostThreadMessageA
EndPaint
PtInRect
IsZoomed
WindowFromPoint
EndPaint
WindowFromPoint
WINNLSEnableIME
DrawMenuBar
UnhookWindowsHookEx
TranslateAcceleratorA
UnhookWindowsHookEx
CharPrevW
GetTitleBarInfo
SetWindowsHookW
FindWindowA
EnumDisplaySettingsA
WindowFromPoint
AdjustWindowRect
DdeCmpStringHandles
AdjustWindowRect
LoadStringA
SendMessageW
LoadMenuW
DrawMenuBar
WindowFromPoint
EnumDisplaySettingsA
SendMessageCallbackW
CreateDesktopW
GetMessageW
WINNLSEnableIME
SetWindowsHookW
SendMessageCallbackW
DrawMenuBar
FindWindowExA
UnhookWindowsHookEx
DrawMenuBar
FindWindowExA
CharPrevW
PostThreadMessageA
TranslateAcceleratorA
TranslateAcceleratorA
CreateDesktopW
PostThreadMessageA
PostThreadMessageA
GetTitleBarInfo
TileWindows
WINNLSEnableIME
TranslateAcceleratorA
EndPaint
FindWindowA
DrawFrameControl
GetMessageW
FindWindowA
TranslateAcceleratorA
LoadMenuW
CharPrevW
SetWindowTextA
FindWindowA
CharPrevW
SetWindowTextA
WindowFromPoint
SetWindowsHookW
UnhookWindowsHookEx
DrawMenuBar
TranslateAcceleratorA
SetWindowTextA
TranslateAcceleratorA
SendMessageCallbackW
DdeCmpStringHandles
PackDDElParam
TranslateAcceleratorA
GetMessageW
UnhookWindowsHookEx
DdeCmpStringHandles
AdjustWindowRect
SendMessageW
WINNLSEnableIME
CharPrevW
UnhookWindowsHookEx
GetTitleBarInfo
CharPrevW
DrawMenuBar
BeginPaint
PackDDElParam
GetMessageW
GetMessageW
BeginPaint
TranslateAcceleratorA
PackDDElParam
IsZoomed
GetTitleBarInfo
CharPrevW
BeginPaint
CreateDesktopW
EnumDisplaySettingsA
DdeCmpStringHandles
FindWindowA
Sections
.text Size: 211KB - Virtual size: 312KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 8KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 8KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 25KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE