Static task
static1
Behavioral task
behavioral1
Sample
d1dc96215c506e49253b682cdcd3fd2189a1de01c4b5fc943bea602471c60422.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
d1dc96215c506e49253b682cdcd3fd2189a1de01c4b5fc943bea602471c60422.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
d1dc96215c506e49253b682cdcd3fd2189a1de01c4b5fc943bea602471c60422
-
Size
837KB
-
MD5
65bb28de975abc2cdc9ffacb99e727f0
-
SHA1
4e08441579ad17b12ab0274888236f0572465868
-
SHA256
d1dc96215c506e49253b682cdcd3fd2189a1de01c4b5fc943bea602471c60422
-
SHA512
5630a7d54519751549dd481465058f658d813f67943e5250712a76202008558d92af810896e182151e5f3a9b089f2807a514bd6accfc8068b36a962f4f1ea98f
-
SSDEEP
24576:DcuBTceFZwkvuSkXdq3lfYqeqXLoIEKRt1Bet0d:D5tcWZFGU3Fg0d
Malware Config
Signatures
Files
-
d1dc96215c506e49253b682cdcd3fd2189a1de01c4b5fc943bea602471c60422.exe windows x86
ee40e33c7795b846cae154d8c478d5bb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord17
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
FindResourceW
LoadLibraryW
GetProcAddress
FindFirstFileW
FindClose
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLangID
FindResourceExW
CompareStringW
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
FindNextFileW
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
lstrcpynW
user32
MessageBoxW
PostQuitMessage
LoadIconW
CharNextW
ExitWindowsEx
GetKeyState
wsprintfW
WaitForInputIdle
advapi32
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
EqualSid
ole32
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
oleaut32
VarUI4FromStr
stl82
??1?$allocator@PAU_Slist_node_base@priv@stlp_std@@@stlp_std@@QAE@XZ
??1?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@XZ
?compare@?$char_traits@_W@stlp_std@@SAHPB_W0I@Z
?allocate@?$allocator@D@stlp_std@@QAEPADIPBX@Z
?__stl_throw_length_error@stlp_std@@YAXPBD@Z
?__stl_throw_out_of_range@stlp_std@@YAXPBD@Z
?move@?$char_traits@_W@stlp_std@@SAPA_WPA_WPB_WI@Z
??1?$allocator@D@stlp_std@@QAE@XZ
?allocate@?$allocator@_W@stlp_std@@QAEPA_WIPBX@Z
?copy@?$char_traits@_W@stlp_std@@SAPA_WPA_WPB_WI@Z
?_M_increment@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?__stl_new@stlp_std@@YAPAXI@Z
??1?$allocator@_W@stlp_std@@QAE@XZ
?__stl_delete@stlp_std@@YAXPAX@Z
?resize@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXIABQAU_Slist_node_base@priv@2@@Z
?_M_decrement@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z
?reserve@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXI@Z
?assign@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXIABQAU_Slist_node_base@priv@2@@Z
?_Rebalance_for_erase@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@AAPAU423@11@Z
?size@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBEIXZ
?__splice_after@?$_Sl_global@_N@priv@stlp_std@@SAXPAU_Slist_node_base@23@00@Z
?__previous@?$_Sl_global@_N@priv@stlp_std@@SAPAU_Slist_node_base@23@PAU423@PBU423@@Z
?swap@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAEXAAV12@@Z
??0?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QAE@IABQAU_Slist_node_base@priv@1@ABV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@1@@Z
?get_allocator@?$vector@PAU_Slist_node_base@priv@stlp_std@@V?$allocator@PAU_Slist_node_base@priv@stlp_std@@@3@@stlp_std@@QBE?AV?$allocator@PAU_Slist_node_base@priv@stlp_std@@@2@XZ
?__stl_throw_overflow_error@stlp_std@@YAXPBD@Z
?_Transfer@?$_List_global@_N@priv@stlp_std@@SAXPAU_List_node_base@23@00@Z
?assign@?$char_traits@_W@stlp_std@@SAPA_WPA_WI_W@Z
?_Rebalance@?$_Rb_global@_N@priv@stlp_std@@SAXPAU_Rb_tree_node_base@23@AAPAU423@@Z
mpr
WNetGetUniversalNameW
core82
?is_win_nt@core@@YA_NXZ
?get_exit_code@core@@YAHXZ
?widen@core@@YA?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PBD@Z
?open@StringOutputStream@core@@QAEXPAVIStringBuffer@2@@Z
?kDefaultLineSeparator@core@@3_WB
?close@StringOutputStream@core@@QAE?AV?$InterfacePtr@VIStringBuffer@core@@@2@XZ
??1Type@core@@QAE@XZ
?string_toui@core@@YAIPB_WPAPA_W@Z
??0Value@core@@QAE@XZ
?getIValue@Value@core@@UBE?AV?$InterfacePtr@VIValue@core@@@2@XZ
?type@Value@core@@QBE?AVType@2@XZ
??0Exception@core@@IAE@ABU_GUID@@PB_WPAVIExceptionObject@1@@Z
??0URL@core@@QAE@ABV01@@Z
?toString@Numeric@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@XZ
??0Numeric@core@@QAE@I@Z
??BNumeric@core@@QBE_JXZ
?name@Locale@core@@QBEPB_WXZ
??0Value@core@@QAE@ABV01@@Z
??4Value@core@@QAEAAV01@ABV01@@Z
??1TypeDomainPattern@core@@QAE@XZ
??0LocalWString@core@@QAE@XZ
??1LocalWString@core@@QAE@XZ
?getCurrentDate@Date@core@@SA?AV12@XZ
??0FileException@core@@QAE@W4Error@01@ABVURL@1@PAVIExceptionObject@1@@Z
??0URL@core@@QAE@PB_W_N@Z
??0Thread@core@@QAE@W4ReuseMode@01@@Z
?getRelativeURL@URL@core@@QBE?AV12@ABV12@@Z
??0LocalWString@core@@QAE@ABV01@@Z
?content@LocalWString@core@@QBE?AV?$vector@VLocalWStringItem@core@@V?$allocator@VLocalWStringItem@core@@@stlp_std@@@stlp_std@@XZ
?open@InputFileStream@core@@QAEXABVURL@2@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@_NPB_W@Z
?kWindowsLineSeparator@core@@3QB_WB
?kUTF8Encoding@core@@3QB_WB
?empty@LocalWString@core@@QBE_NXZ
?setString@LocalWString@core@@QAEXABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@0@Z
??4LocalWString@core@@QAEAAV01@ABV01@@Z
?open@StringInputStream@core@@QAEXABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
??0ListInStream@core@@QAE@PAVIReader@1@@Z
??0ListOutStream@core@@QAE@PAVIWriter@1@@Z
?fromString@Date@core@@QAEAAV12@PB_WPAPA_W@Z
?deserialize@LocalWString@core@@QAEXAAVListInStream@2@@Z
?toString@Date@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@XZ
?serialize@LocalWString@core@@QBEXAAVListOutStream@2@@Z
?addType@TypeDomainPattern@core@@QAEXABU_GUID@@@Z
??0Value@core@@QAE@I@Z
??0Value@core@@QAE@H@Z
??0Value@core@@QAE@PAUIUnknown@@@Z
?getString@LocalWString@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@ABV34@@Z
?getString@LocalWString@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PB_W@Z
?prepareURL@URL@core@@SA?AV12@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@_N@Z
?string_cpy@core@@YAPA_WPA_WPB_W@Z
?cleanup@SCOM_ResourceBundle@core@@QAEXXZ
?displayName@Locale@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@ABV12@@Z
?value_list_item@core@@YA?AV?$InterfacePtr@VIValueListItem@core@@@1@ABVValue@1@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@W4CheckState@1@ABVV8Picture@1@J@Z
??0V8Picture@core@@QAE@XZ
?offset@Rect@core@@QAEAAU12@HH@Z
??0ShortCut@core@@QAE@GE@Z
??1ShortCut@core@@QAE@XZ
??0Value@core@@QAE@ABVNumeric@1@@Z
??0Numeric@core@@QAE@H@Z
??4Numeric@core@@QAEAAV01@ABV01@@Z
?assign@GenericValue@core@@QAEX_N@Z
?compare@Numeric@core@@QBEHABV12@@Z
?is_digit@core@@YA_N_W@Z
?name@Converter@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@XZ
?close@InputFileStream@core@@QAEXXZ
?param@ParamsWString@core@@QBE_NPB_WAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
?string_toi@core@@YAHPB_WPAPA_W@Z
?string_ito@core@@YAAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@HAAV23@H@Z
?string_uito@core@@YAAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@IAAV23@H@Z
?kV8ResScheme@core@@3QB_WB
?compare_nocase@core@@YAHPB_W0@Z
?string_tokenize@core@@YA?AV?$vector@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@V?$allocator@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@2@@stlp_std@@PB_W000@Z
?equal_nocase@core@@YA_NABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@0@Z
?to_string@core@@YA?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@ABU_GUID@@@Z
??0Numeric@core@@QAE@N@Z
?from_string@core@@YA_NABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@AAU_GUID@@@Z
??BNumeric@core@@QBENXZ
??4TypeDomainPattern@core@@QAEAAV01@ABV01@@Z
??0TypeDomainPattern@core@@QAE@ABU_GUID@@@Z
??0Exception@core@@QAE@PB_WPAVIExceptionObject@1@@Z
?kPropDirAppData@core@@3QB_WB
?equal@URL@core@@IBE_NABV12@_N@Z
?open@InputFileStream@core@@QAEXPAVIFile@2@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@_NPB_W@Z
?fromString@Numeric@core@@QAEAAV12@PB_WPAPA_W@Z
?open@OutputFileStream@core@@QAEXPAVIFile@2@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@_NPB_W@Z
?to_stream@core@@YAXPAVIWriter@1@I@Z
?close@OutputFileStream@core@@QAEXXZ
?kPropDirLocalAppData@core@@3QB_WB
?hash_nocase@core@@YAJABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
?toString@GenericValue@core@@QBEXAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
?string_printf@core@@YAHAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PB_WZZ
?name@SCOM_ResourceBundle@core@@QBEPBDXZ
?kEmptySize@core@@3USize@1@B
??0Value@core@@QAE@PB_W@Z
?setStringQualifiers@TypeDomainPattern@core@@QAEXABVStringQualifiers@2@@Z
?cleanup@SCOM_Module@core@@QAEXXZ
?initialize@SCOM_Module@core@@QAEXXZ
?availableLocales@Locale@core@@SA?AV?$vector@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@V?$allocator@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@2@@stlp_std@@XZ
??1Thread@core@@UAE@XZ
?run@Thread@core@@UAEXXZ
?wait@Thread@core@@MAEXPAV12@@Z
?doStart@Process@core@@MAEXXZ
?doStartTimer@Thread@core@@MAEXXZ
?isProcess@Process@core@@UAE_NXZ
?construct@Process@core@@AAEXPAVSCOM_Module@2@@Z
??1SCOM_ResourceBundle@core@@QAE@XZ
??0SCOM_ResourceBundle@core@@QAE@PBD@Z
?create_UUID@core@@YA?AU_GUID@@XZ
?kFileScheme@core@@3QB_WB
??0URL@core@@QAE@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@0_N@Z
??0Date@core@@QAE@HHHHHH@Z
?widen@Converter@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PBD@Z
?part@URL@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@HH@Z
?compare_nocase@core@@YAHABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PB_W@Z
??0URL@core@@QAE@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@_N@Z
??0URL@core@@QAE@XZ
?string_len@core@@YAIPB_W@Z
?current_process@core@@YAPAVSCOM_Process@1@XZ
??0Locale@core@@QAE@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
??0BoolFormat@core@@QAE@ABVLocale@1@@Z
?object@Exception@core@@QBE?AV?$InterfacePtr@VIExceptionObject@core@@@2@XZ
?compare_nocase@core@@YAHABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@0@Z
?load_wstring@core@@YA?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PAVSCOM_ResourceBundle@1@PBD@Z
??0Value@core@@QAE@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
?is_space@core@@YA_N_W@Z
??1Value@core@@QAE@XZ
??0Rect@core@@QAE@HHHH@Z
?kUUIDNull@core@@3U_GUID@@B
?clear_long_time_callback@core@@YAXPAVILongTimeCallback@1@@Z
?set_long_time_callback@core@@YAXPAVILongTimeCallback@1@@Z
?implementCombine@URL@core@@IBE?AV12@ABV12@_N@Z
?start@Thread@core@@QAEXXZ
?kPropMCClientConnectionSpeed@core@@3QB_WB
?replace_all@core@@YAIAAV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@ABV23@1@Z
?param@ParamsWString@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@ABV34@@Z
?names@ParamsWString@core@@QBEXAAV?$vector@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@V?$allocator@V?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@2@@stlp_std@@@Z
??1ParamsWString@core@@UAE@XZ
??0ParamsWString@core@@QAE@ABV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@@Z
?kEmptyRect@core@@3URect@1@B
??0Value@core@@QAE@_N@Z
?kProfileSrcNull@core@@3U_GUID@@B
?system@Converter@core@@SAABV12@XZ
?param@ParamsWString@core@@QBE?AV?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@PB_W@Z
??1Process@core@@UAE@XZ
?normalize@URL@core@@QBE?AV12@XZ
wbase82
?isCtrlPressed@wbase@@YA_NXZ
?isAltPressed@wbase@@YA_NXZ
msvcr90
__CxxFrameHandler3
_crt_debugger_hook
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_except_handler3
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
wcstok
wcsrchr
fputc
fprintf
fputwc
_XcptFilter
memcpy
fwprintf
ftell
fopen
fputws
fread
_itow
wcstol
_wmkdir
_wgetenv_s
wcsncpy
_wmakepath
_wsplitpath
fgetwc
_wfopen
iswdigit
towupper
iswalnum
iswalpha
iswspace
fclose
_purecall
_recalloc
wcsstr
memcpy_s
free
malloc
wcsncpy_s
memmove
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
Sections
.text Size: 390KB - Virtual size: 390KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 158KB - Virtual size: 157KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 164KB - Virtual size: 428KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE