Behavioral task
behavioral1
Sample
b6231476851b6f563e36a057f53405936f0aeaa662d6ad38e1bcd71ca13a56ef.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b6231476851b6f563e36a057f53405936f0aeaa662d6ad38e1bcd71ca13a56ef.exe
Resource
win10v2004-20220812-en
General
-
Target
b6231476851b6f563e36a057f53405936f0aeaa662d6ad38e1bcd71ca13a56ef
-
Size
246KB
-
MD5
6b660045054172d1bdadda2edf7af938
-
SHA1
9b4ea786399ac683069b36d014d7dd11056482ba
-
SHA256
b6231476851b6f563e36a057f53405936f0aeaa662d6ad38e1bcd71ca13a56ef
-
SHA512
8d69bdec2389f73cf6fb032c43a59a7f072f3570aa42e68438390472931c44d31459843d8ff80b154405e562688e4c769af5ea4f92754be50238f778ac301a63
-
SSDEEP
3072:L1NszE3sJp5xLJOVRQtUUZiCDxXXCpHQZf5GtcEux0p7UFq4xpfT832hUsnhjYj9:DbctZTiCDxiQGtcEu+xUFamh+BmZPtW
Malware Config
Signatures
-
resource yara_rule sample upx
Files
-
b6231476851b6f563e36a057f53405936f0aeaa662d6ad38e1bcd71ca13a56ef.exe windows x86
6aa1757c81aed796b09de5419cd6a3e2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_wcsicmp
wcsncpy
fflush
fputws
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcslen
__CxxFrameHandler
_CxxThrowException
_initterm
_wsplitpath
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
??3@YAXPAX@Z
_beginthreadex
wcschr
time
mktime
??2@YAPAXI@Z
wcscmp
_except_handler3
__setusermatherr
_snwprintf
_close
_write
_wopen
vswprintf
_purecall
_wfopen
fclose
realloc
free
malloc
_endthreadex
swprintf
_vsnwprintf
msvcp60
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
advapi32
OpenProcessToken
LsaStorePrivateData
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaFreeMemory
ConvertStringSidToSidW
LsaOpenPolicy
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LogonUserW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
LookupAccountSidW
OpenThreadToken
RegEnumKeyExW
RegNotifyChangeKeyValue
GetAclInformation
GetAce
AddAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
RegEnumValueW
RegQueryInfoKeyW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegSetKeySecurity
RegSetValueExW
RegDeleteValueW
RegCloseKey
IsValidSid
LookupAccountNameW
LsaClose
LsaRemoveAccountRights
LsaAddAccountRights
EqualSid
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
SetServiceStatus
RegDeleteKeyW
FreeSid
kernel32
WaitForSingleObject
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetEvent
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
CreateEventW
GetShortPathNameW
ExitThread
LoadLibraryA
GetComputerNameExW
CreateThread
OutputDebugStringA
ReleaseMutex
CreateMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
lstrcpynW
SetLastError
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LocalFree
LocalAlloc
GetLastError
CloseHandle
UnregisterWait
InterlockedDecrement
RegisterWaitForSingleObject
OpenProcess
Sleep
InterlockedIncrement
FileTimeToSystemTime
InterlockedExchange
lstrlenW
lstrcpyW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetComputerNameW
GetSystemTimeAsFileTime
OutputDebugStringW
GetModuleFileNameW
ResetEvent
lstrcmpiW
lstrcatW
GetWindowsDirectoryW
user32
CharNextW
PostThreadMessageW
LoadStringW
wsprintfA
GetMessageW
wsprintfW
DispatchMessageW
mstlsapi
ord35
ord29
ord38
ord31
netapi32
NetUserSetInfo
NetUserGetInfo
NetApiBufferFree
NetUserAdd
NetUserDel
rpcrt4
UuidToStringW
UuidCreate
RpcStringFreeW
oleaut32
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SafeArrayGetDim
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
VariantClear
SafeArrayDestroy
SafeArrayCreate
SysAllocStringLen
SysFreeString
VariantInit
SafeArrayGetVartype
ole32
CoInitialize
CoTaskMemFree
CoRevokeClassObject
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoRevertToSelf
CoImpersonateClient
CoRegisterClassObject
CoCreateInstance
ntdll
_wtoi
wcscpy
wcscat
crypt32
CryptBinaryToStringW
ws2_32
getsockname
socket
setsockopt
bind
closesocket
select
recvfrom
WSAGetLastError
sendto
ntohs
inet_addr
htons
htonl
WSAStartup
WSACleanup
inet_ntoa
winmm
timeGetTime
iphlpapi
GetIpAddrTable
GetAdaptersInfo
regapi
RegIsMachinePolicyAllowHelp
RegWinStationQueryW
RegWinStationQuerySecurityW
winsta
WinStationCloseServer
WinStationEnumerateW
WinStationOpenServerW
WinStationQueryInformationW
WinStationSetInformationW
WinStationReset
WinStationFreeMemory
shlwapi
SHDeleteKeyW
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.UPX0 Size: 108KB - Virtual size: 260KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE