Static task
static1
Behavioral task
behavioral1
Sample
cb41812f53ee8bee9c34163f3f0afb1f1582851a791ea76ffcaf1dbce0e70855.exe
Resource
win7-20220812-en
General
-
Target
cb41812f53ee8bee9c34163f3f0afb1f1582851a791ea76ffcaf1dbce0e70855
-
Size
502KB
-
MD5
48bc4417944fb1d7d4c06e584522c351
-
SHA1
3cc037607d1623521b4abca89a89766b98e37f47
-
SHA256
cb41812f53ee8bee9c34163f3f0afb1f1582851a791ea76ffcaf1dbce0e70855
-
SHA512
be1cffaf5a205940255286cfdefde421e6113445a11fda62af84c30db2136473d1712bb67a8eee5cfb31cdc228f90a29669e87e474452c784a8bb510d0ded61f
-
SSDEEP
12288:WtIZm20uiIK9Q2qjQxUqKeuBu9+CNwFdJzvfNf1R:WWZm2dDKK2KiUjeuM9+XhbfNf1
Malware Config
Signatures
Files
-
cb41812f53ee8bee9c34163f3f0afb1f1582851a791ea76ffcaf1dbce0e70855.exe windows x86
2b5598c46bacc1d6fab5f0115134da9e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_CxxThrowException
swscanf
_CIfmod
_ftol2_sse
_CIsqrt
_CIatan2
_ftol2
_wcsicmp
_CIpow
fclose
fputws
_wfopen
_beginthreadex
_isnan
wcsstr
wcschr
malloc
_wcsnicmp
_wcstoi64
_itow
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_vsnwprintf
memcpy
_purecall
free
wcsrchr
__CxxFrameHandler3
??2@YAPAXI@Z
realloc
memmove
memset
_wtol
_wcsdup
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_controlfp
??1type_info@@UAE@XZ
_onexit
??3@YAXPAX@Z
ntdll
EtwTraceMessage
EtwEventWrite
WinSqmSetDWORD
WinSqmIsOptedIn
EtwLogTraceEvent
WinSqmIncrementDWORD
WinSqmAddToStream
WinSqmAddToStreamEx
WinSqmAddToAverageDWORD
NtQuerySystemInformation
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
user32
SetWinEventHook
GetMessageW
UnhookWinEvent
CharPrevW
OpenDesktopW
SetThreadDesktop
OpenInputDesktop
CallWindowProcW
ord2002
DefWindowProcW
ord2500
GetForegroundWindow
GetGUIThreadInfo
GetWindowRect
IsChild
ChildWindowFromPointEx
ScreenToClient
PtInRect
GetUserObjectInformationW
CloseDesktop
CharNextW
MonitorFromWindow
GetCursorPos
ChangeWindowMessageFilterEx
SetWindowsHookExW
CallNextHookEx
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
SetWindowLongW
GetGestureConfig
GetPropW
GetClassInfoExW
LoadCursorW
wsprintfW
SetRect
RegisterClassExW
DestroyWindow
SendMessageTimeoutW
UnhookWindowsHookEx
RegisterDeviceNotificationW
PostThreadMessageW
UnregisterDeviceNotification
CreateWindowExW
ReleaseDC
GetDesktopWindow
GetDC
SystemParametersInfoW
WindowFromPhysicalPoint
EnumDisplaySettingsExW
GetSystemMetrics
LoadStringW
GetRawInputDeviceList
GetRawInputDeviceInfoW
IsTouchWindow
SetRectEmpty
SetPhysicalCursorPos
SendInput
LogicalToPhysicalPoint
GetDoubleClickTime
SetDoubleClickTime
PostMessageW
IsWindow
GetWindowLongW
GetAncestor
EqualRect
GetClientRect
MapWindowPoints
GetClassNameW
GetWindowThreadProcessId
CharLowerW
InflateRect
ole32
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoInitializeSecurity
oleaut32
VariantClear
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
VarUI4FromStr
hid
HidP_GetLinkCollectionNodes
HidD_GetFeature
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidP_MaxUsageListLength
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetUsages
HidD_GetHidGuid
HidP_GetSpecificValueCaps
HidD_GetProductString
HidP_GetUsageValue
HidD_FlushQueue
HidD_FreePreparsedData
setupapi
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
wtsapi32
WTSRegisterSessionNotification
advapi32
RegOpenKeyExA
MakeAbsoluteSD
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegGetValueW
RegOpenKeyW
WmiDevInstToInstanceNameW
WmiQuerySingleInstanceW
WmiCloseBlock
WmiOpenBlock
IsWellKnownSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueW
RegDeleteKeyExW
RegCloseKey
slc
SLGetWindowsInformationDWORD
gdi32
GetDeviceCaps
kernel32
LocalAlloc
UnhandledExceptionFilter
FlushInstructionCache
OpenEventW
CloseHandle
GetTickCount64
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
VirtualFree
LoadLibraryA
HeapAlloc
CreateWaitableTimerW
QueryPerformanceFrequency
GetCurrentThread
SetThreadPriority
GetOverlappedResult
GetCurrentThreadId
CancelIo
WaitForMultipleObjects
ReadFile
DeviceIoControl
CancelWaitableTimer
SetWaitableTimer
InterlockedDecrement
InterlockedIncrement
CreateFileMappingW
MapViewOfFile
CreateEventW
CreateMutexW
LocalFree
ResetEvent
SetEvent
UnmapViewOfFile
QueryPerformanceCounter
GetCurrentProcess
DuplicateHandle
QueueUserAPC
OpenProcess
GetTickCount
CreateFileW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
RaiseException
InitializeCriticalSection
InterlockedCompareExchange
SignalObjectAndWait
FreeLibrary
GetProcAddress
GlobalAddAtomW
WaitForMultipleObjectsEx
SetLastError
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
LoadLibraryW
GetModuleHandleW
lstrcmpiW
lstrcpynW
GetModuleFileNameW
GetWindowsDirectoryW
lstrcatW
OpenMutexW
SetProcessShutdownParameters
SetPriorityClass
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
HeapSetInformation
SetThreadExecutionState
MulDiv
GetStartupInfoW
CompareStringW
GetCommandLineW
ReleaseMutex
WerSetFlags
HeapFree
GetProcessHeap
InterlockedExchange
magnification
MagInitialize
MagUninitialize
imm32
ImmDisableIME
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
oleacc
AccessibleObjectFromEvent
Sections
.text Size: 281KB - Virtual size: 280KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.vmp0 Size: 176KB - Virtual size: 472KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE