Static task
static1
Behavioral task
behavioral1
Sample
1721ab2e73f13a9bbd9845f87af72c1005b5bda7baf4881b12c21543ef8aaed3.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
1721ab2e73f13a9bbd9845f87af72c1005b5bda7baf4881b12c21543ef8aaed3.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
1721ab2e73f13a9bbd9845f87af72c1005b5bda7baf4881b12c21543ef8aaed3
-
Size
324KB
-
MD5
64d0e257acb882b44d08aabae3d12cd0
-
SHA1
90765277e45b1b2c0f38fae1857ce30c174a966d
-
SHA256
1721ab2e73f13a9bbd9845f87af72c1005b5bda7baf4881b12c21543ef8aaed3
-
SHA512
129af712dbca5f4e9c1fcdf495c0894a9bff1897545a609a126ad6e69e9dd88f0c9c675917f860c89be4035b0a154d5f24fd4e944e02a5df01f22d34c26d8717
-
SSDEEP
6144:TqgeC8DG8/r//Ym5r8cLdeB7iVk3IkLMVaAjYPQV:TGDfz/gm5Acwli6WV/8
Malware Config
Signatures
Files
-
1721ab2e73f13a9bbd9845f87af72c1005b5bda7baf4881b12c21543ef8aaed3.exe windows x86
5dd55a5a1904a87db6b019e375a95adf
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
duilib
?GetPaintWindow@CPaintManagerUI@DuiLib@@QBEPAUHWND__@@XZ
?SetTextColor@CLabelUI@DuiLib@@QAEXK@Z
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PBG@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetResourceID@WindowImplBase@DuiLib@@UBEPBGXZ
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPBGXZ
??1WindowImplBase@DuiLib@@UAE@XZ
??0WindowImplBase@DuiLib@@QAE@XZ
?SendMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PBGKKHHHHPAUHMENU__@@@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z
?messageMap@WindowImplBase@DuiLib@@1UDUI_MSGMAP@2@B
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PBG@Z
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
??0CDuiString@DuiLib@@QAE@PBGH@Z
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
??1CDuiString@DuiLib@@QAE@XZ
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
kernel32
Sleep
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetLastError
SleepEx
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
DeleteFileA
CreateDirectoryW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetTickCount
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Module32NextW
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FormatMessageA
WaitForSingleObject
Process32FirstW
user32
MessageBoxW
IsZoomed
PostQuitMessage
PtInRect
GetForegroundWindow
ScreenToClient
SetForegroundWindow
FindWindowW
ShowWindow
shell32
ShellExecuteExA
ShellExecuteW
ShellExecuteExW
ole32
CoInitialize
CoUninitialize
msvcp71
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?good@ios_base@std@@QBE_NXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0locale@std@@QAE@PBDH@Z
?global@locale@std@@SA?AV12@ABV12@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?uncaught_exception@std@@YA_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?_Nomemory@std@@YAXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?width@ios_base@std@@QBEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
foundationkit_vc71
??4UnicodeString@VCF@@QAEAAV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?empty@UnicodeString@VCF@@QBE_NXZ
??BUnicodeString@VCF@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?exists@File@VCF@@SA_NABVUnicodeString@2@@Z
??0File@VCF@@QAE@ABVUnicodeString@1@@Z
?getSize@File@VCF@@QAE_KXZ
?close@File@VCF@@QAEXXZ
??1File@VCF@@UAE@XZ
??0UnicodeString@VCF@@QAE@PBG@Z
?setValue@Registry@VCF@@QAE_NABVUnicodeString@2@0@Z
??0Registry@VCF@@QAE@XZ
?setRoot@Registry@VCF@@QAEXABW4RegistryKeyType@2@@Z
?openKey@Registry@VCF@@QAE_NABVUnicodeString@2@AB_N@Z
?getStringValue@Registry@VCF@@QAE?AVUnicodeString@2@ABV32@@Z
??1Registry@VCF@@UAE@XZ
??0TextOutputStream@VCF@@QAE@XZ
?toString@TextOutputStream@VCF@@UBE?AVUnicodeString@2@XZ
??0UnicodeString@VCF@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4LanguageEncoding@01@@Z
??_DTextOutputStream@VCF@@QAEXXZ
??4UnicodeString@VCF@@QAEAAV01@PBG@Z
?sizeOf@Object@VCF@@UBE_KXZ
?hash@Object@VCF@@UBEIXZ
?clone@Object@VCF@@UBEPAV12@_N@Z
?copy@Object@VCF@@UAEXPAV12@@Z
?isEqual@Object@VCF@@UBE_NPAV12@@Z
?setFromString@Object@VCF@@UAEXABVUnicodeString@2@@Z
?toString@Object@VCF@@UBE?AVUnicodeString@2@XZ
??1Object@VCF@@UAE@XZ
??0Object@VCF@@QAE@XZ
?fromStringAsInt@StringUtils@VCF@@SAHABVUnicodeString@2@@Z
?find_last_of@UnicodeString@VCF@@QBEIABV12@I@Z
?find@UnicodeString@VCF@@QBEIGI@Z
?append@UnicodeString@VCF@@QAEAAV12@PBGI@Z
?find_first_of@UnicodeString@VCF@@QBEIABV12@I@Z
?init@FoundationKit@VCF@@SAXHPAPAD@Z
?terminate@FoundationKit@VCF@@SAXXZ
?convertFormatString@StringUtils@VCF@@SA?AVUnicodeString@2@ABV32@@Z
??4UnicodeString@VCF@@QAEAAV01@ABV01@@Z
?c_str@UnicodeString@VCF@@QBEPBGXZ
?assign@UnicodeString@VCF@@QAEAAV12@PBGI@Z
?ansi_c_str@UnicodeString@VCF@@QBEPBDW4LanguageEncoding@12@@Z
?trace@StringUtils@VCF@@SAXABVUnicodeString@2@@Z
??YUnicodeString@VCF@@QAEAAV01@PBD@Z
??0UnicodeString@VCF@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?find@UnicodeString@VCF@@QBEIPBDI@Z
?substr@UnicodeString@VCF@@QBE?AV12@II@Z
?find_first_not_of@UnicodeString@VCF@@QBEIABV12@I@Z
??0UnicodeString@VCF@@QAE@PBDW4LanguageEncoding@01@@Z
?find@UnicodeString@VCF@@QBEIABV12@I@Z
?size@UnicodeString@VCF@@QBEIXZ
??AUnicodeString@VCF@@QBEABGI@Z
?toString@StringUtils@VCF@@SA?AVUnicodeString@2@ABH@Z
??0UnicodeString@VCF@@QAE@XZ
??BUnicodeString@VCF@@QAEAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?transformAnsiToUnicode@UnicodeString@VCF@@SAXPBDIAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4LanguageEncoding@12@@Z
??YUnicodeString@VCF@@QAEAAV01@PBG@Z
??0UnicodeString@VCF@@QAE@ABV01@@Z
??YUnicodeString@VCF@@QAEAAV01@ABV01@@Z
??1UnicodeString@VCF@@QAE@XZ
internetkit_vc71
?downloadToFile@URL@VCF@@QAEXABVUnicodeString@2@@Z
??0URL@VCF@@QAE@ABVUnicodeString@1@@Z
?download@URL@VCF@@QAEXAAVOutputStream@2@@Z
??1URL@VCF@@UAE@XZ
?terminate@InternetKit@VCF@@SAXXZ
?init@InternetKit@VCF@@SAXHPAPAD@Z
remotelib
?RemoteLoadLibraryNTW@@YAPAUHINSTANCE__@@KPBG@Z
?RemoteFreeLibraryNT@@YAHKPAUHINSTANCE__@@@Z
msvcr71
strncmp
_strtoi64
fseek
strrchr
strncpy
tolower
strtoul
_iob
calloc
memset
strstr
atoi
fgets
qsort
fputs
isdigit
strtol
fputc
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
isxdigit
isalnum
isspace
fopen
fread
sprintf
fclose
fwrite
sscanf
realloc
printf
exit
_purecall
rand
srand
strchr
wcscpy
_wcslwr
wcsstr
wcsftime
_time64
_beginthread
memmove
wcslen
ceil
_localtime64
_except_handler3
free
_callnewh
malloc
fflush
getenv
strerror
_sys_nerr
isalpha
_beginthreadex
_stati64
__security_error_handler
wcsrchr
_snprintf
??_V@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_strdup
_stricmp
??3@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__CxxFrameHandler
_errno
gmtime
memchr
time
advapi32
RegCloseKey
RegOpenKeyExW
oleaut32
VarUdateFromDate
VarDateFromStr
SystemTimeToVariantTime
ws2_32
send
WSAGetLastError
closesocket
WSAStartup
WSACleanup
getsockname
ntohs
bind
htons
getsockopt
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
recv
urlmon
URLDownloadToCacheFileA
URLDownloadToCacheFileW
Sections
.text Size: 172KB - Virtual size: 168KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yrnpzlb Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE