Static task
static1
Behavioral task
behavioral1
Sample
dd0f16bc5e0135fd29881a69bf0227e982698676ee223ded3cd84386b6f0d2a5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
dd0f16bc5e0135fd29881a69bf0227e982698676ee223ded3cd84386b6f0d2a5.exe
Resource
win10v2004-20220812-en
General
-
Target
dd0f16bc5e0135fd29881a69bf0227e982698676ee223ded3cd84386b6f0d2a5
-
Size
85KB
-
MD5
2f3181861be2f36507b0cfa5f8de1ac0
-
SHA1
47314bd9aca78094f1b1e1ffa876259ec72e6f97
-
SHA256
dd0f16bc5e0135fd29881a69bf0227e982698676ee223ded3cd84386b6f0d2a5
-
SHA512
4494220992b63d93f5f276abd1c4ca4635827c4eccd32e693a6fced1756c1d4d362dad9a8a76ff7319160129f1054152b7d63c64ad5ef7124aa8efdb27cc2edf
-
SSDEEP
1536:nWwY5I+2HqfKqb+ZHfzG1qFApirlQJXtQr:nPx+kyKqbwziqFAppJ9
Malware Config
Signatures
Files
-
dd0f16bc5e0135fd29881a69bf0227e982698676ee223ded3cd84386b6f0d2a5.exe windows x86
29c62348034d79c9b244252c6f2cfdb5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSaveKeyW
GetTokenInformation
I_QueryTagInformation
kernel32
LocalAlloc
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetLastError
CompareStringOrdinal
GetModuleHandleW
FormatMessageW
lstrcmpiW
CloseHandle
GetCurrentProcess
DeleteFileW
FreeLibrary
LoadLibraryExW
lstrlenW
HeapSetInformation
GetFullPathNameW
GetTempPathW
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
LocalFree
RaiseException
LoadLibraryA
WriteConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
GetFileType
GetStdHandle
GetConsoleMode
SetThreadUILanguage
SetLastError
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocalTime
msvcrt
fprintf
fflush
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wcstoui64
_itow_s
_ui64tow_s
_wcsnicmp
_purecall
_CxxThrowException
_wtoi
memcpy
wcstoul
swprintf_s
wcscpy_s
wcscat_s
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
printf
memset
_vsnwprintf
__iob_func
wprintf
_memicmp
_get_osfhandle
_errno
_fileno
ntdll
RtlLoadString
RtlNtStatusToDosError
NtPowerInformation
user32
GetSystemMetrics
LoadStringW
SystemParametersInfoW
ws2_32
WSACleanup
shlwapi
PathIsDirectoryW
PathAppendW
SHDeleteKeyW
SHCopyKeyW
shell32
SHGetFolderPathAndSubDirW
rpcrt4
UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidEqual
powrprof
PowerWriteSettingAttributes
PowerWritePossibleValue
PowerReadSecurityDescriptor
PowerWriteDescription
PowerRemovePowerSetting
PowerWriteSecurityDescriptor
PowerReadPossibleValue
PowerRestoreIndividualDefaultPowerScheme
PowerRestoreDefaultPowerSchemes
GetActivePwrScheme
ReadPwrScheme
PowerPolicyToGUIDFormat
PowerWriteFriendlyName
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteValueIncrement
PowerWriteValueMax
PowerWriteValueMin
PowerDuplicateScheme
PowerReadSettingAttributes
PowerEnumerate
PowerReadValueMin
PowerReadValueMax
PowerReadValueIncrement
PowerReadValueUnitsSpecifier
PowerApplyPowerRequestOverride
GetPwrCapabilities
WriteGlobalPwrPolicy
WritePwrScheme
CallNtPowerInformation
EnumPwrSchemes
PowerGetActiveScheme
ReadGlobalPwrPolicy
DevicePowerEnumDevices
DevicePowerClose
DevicePowerOpen
DevicePowerSetDeviceState
PowerImportPowerScheme
PowerOpenUserPowerKey
PowerReadDCValueIndex
PowerReadACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerReplaceDefaultPowerSchemes
PowerReadFriendlyName
PowerReadPossibleFriendlyName
PowerDeleteScheme
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE