Static task
static1
Behavioral task
behavioral1
Sample
4b118ad27bfc8c10fca828d9fbeb891fb8a73af999616c45e2b97b6650789ada.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4b118ad27bfc8c10fca828d9fbeb891fb8a73af999616c45e2b97b6650789ada.exe
Resource
win10v2004-20220812-en
General
-
Target
4b118ad27bfc8c10fca828d9fbeb891fb8a73af999616c45e2b97b6650789ada
-
Size
625KB
-
MD5
6d2b8f9bfebe5e9d2c53831b15104008
-
SHA1
1728e78b2abe62682f395729ccc27874d209a4d4
-
SHA256
4b118ad27bfc8c10fca828d9fbeb891fb8a73af999616c45e2b97b6650789ada
-
SHA512
b77a7de003970b389c7f34ee4016f6cdfd0400198d4d15a1f4176e7e741eabf3af7369e03ce94b110979c1eb9bff8385bb15303051e3e1572c21b9e6d3b18414
-
SSDEEP
12288:kj4jBdKNYDrQcMOxfdv0eCfYdQKv7aGmwF5K2hQKmeCfYdQKv7aGmwF5K2hQK1:kj4jBiY7MOxVv0erbDP/VQKmerbDP/VP
Malware Config
Signatures
Files
-
4b118ad27bfc8c10fca828d9fbeb891fb8a73af999616c45e2b97b6650789ada.exe windows x86
0ab85e8769c9a6e264ba4880b5c9b050
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
iaspolcy
DllUnregisterServer
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
devenum
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
DllGetClassObject
efsadu
EfsDetail
dbghelp
SymGetLinePrev
SymGetLineFromAddr
SymEnumerateSymbolsW64
ImageRvaToVa
sym
MapDebugInformation
SymGetSymFromName64
SymGetSymFromAddr64
SymSetSearchPath
SymGetModuleInfo
SymGetSymFromName
SymGetLinePrev64
SymFunctionTableAccess64
SymRegisterFunctionEntryCallback
UnmapDebugInformation
SymLoadModule64
ImageRvaToSection
SymGetLineNext
FindDebugInfoFileEx
ImageDirectoryEntryToDataEx
ImagehlpApiVersion
SymFunctionTableAccess
SymGetModuleBase64
SymUnloadModule
SymGetSymNext
SymGetLineFromName64
SymRegisterFunctionEntryCallback64
SymSetOptions
SymEnumerateSymbolsW
SymGetLineNext64
UnDecorateSymbolName
SymEnumerateSymbols64
EnumerateLoadedModules
ExtensionApiVersion
GetTimestampForLoadedLibrary
FindExecutableImage
SearchTreeForFile
SymEnumerateModules64
FindFileInSearchPath
ImageDirectoryEntryToData
ImagehlpApiVersionEx
SymGetModuleInfo64
ImageNtHeader
SymGetSymPrev64
SymRegisterCallback
msvcp60
wctrans
wcrtomb
_LDscale
_FXbig
_Cosh
_LXbig
_FCosh
_Exp
_LDenorm
_FDnorm
_LRteps
_FRteps
_Stod
_LDtest
_Getctype
_Strxfrm
_LEps
_Toupper
towctrans
_Sinh
_FDenorm
_Xbig
_Denorm
_Rteps
_LExp
_Dnorm
_FInf
_Tolower
_Eps
wcsrtombs
_LInf
_FNan
_LCosh
mbrtowc
wctype
_Getcvt
_Hugeval
_Getcoll
_Wcrtomb
_FDscale
btowc
_Dscale
_FEps
_Inf
_Poly
_Mbrtowc
_Snan
_FExp
mbrlen
_LSinh
kernel32
VirtualAlloc
GetLastError
WriteProcessMemory
MoveFileA
ReadConsoleOutputAttribute
GetPrivateProfileStructA
olepro32
DllRegisterServer
OleIconToCursor
OleLoadPicture
OleCreateFontIndirect
DllCanUnloadNow
OleTranslateColor
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
DllGetClassObject
OleCreatePictureIndirect
DllUnregisterServer
msexcl40
DllRegisterServer
DllUnregisterServer
mfc42
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
DllGetClassObject
browseui
DllGetVersion
bitsprx3
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
gptext
DllUnregisterServer
DllRegisterServer
glmf32
glsNums
glsGetConstubz
glsULongLow
glsGetStreamSize
glsGetCaptureExecTable
secur32
LsaGetLogonSessionData
ApplyControlToken
TranslateNameA
QuerySecurityPackageInfoA
QueryCredentialsAttributesA
EnumerateSecurityPackagesW
ExportSecurityContext
RevertSecurityContext
FreeContextBuffer
GetUserNameExW
LsaEnumerateLogonSessions
AddCredentialsA
ImpersonateSecurityContext
AddSecurityPackageW
LsaRegisterPolicyChangeNotification
EnumerateSecurityPackagesA
VerifySignature
SaslEnumerateProfilesA
SaslInitializeSecurityContextA
SecpTranslateNameEx
MakeSignature
GetComputerObjectNameW
UnsealMessage
InitializeSecurityContextA
SaslIdentifyPackageW
TranslateNameW
LsaDeregisterLogonProcess
CompleteAuthToken
LsaUnregisterPolicyChangeNotification
QuerySecurityContextToken
AddCredentialsW
SaslGetProfilePackageW
GetSecurityUserInfo
LsaRegisterLogonProcess
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 186KB - Virtual size: 185KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 489KB - Virtual size: 488KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 14.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE