Static task
static1
Behavioral task
behavioral1
Sample
11a1647d9a8fba08d6a2709028b12671035e76888f1d50ce3290715198be503a.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
11a1647d9a8fba08d6a2709028b12671035e76888f1d50ce3290715198be503a.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
11a1647d9a8fba08d6a2709028b12671035e76888f1d50ce3290715198be503a
-
Size
487KB
-
MD5
ef37662f8eb13ef3e6cd03857957020a
-
SHA1
ec85644ec8eae8668c65a0c42e135a8edd24372d
-
SHA256
11a1647d9a8fba08d6a2709028b12671035e76888f1d50ce3290715198be503a
-
SHA512
cbab6fab70128ab195b024cf1cb80b9075e3999021a3285afbd920c2160541710a1976bff3fff02d1fc92dbf81f23de762b6b9de8cbf4af4682395fb4dc388ee
-
SSDEEP
12288:4E8lH/8o0YXsFY2nGRP3IuqkbKrANzgkCJsG2Pg/gbQVeH95:4YuqkW8zC2Pg/YQVk95
Malware Config
Signatures
Files
-
11a1647d9a8fba08d6a2709028b12671035e76888f1d50ce3290715198be503a.exe windows x86
abc15aa8a28837d464f618b1feb8c9dc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
oleacc
GetRoleTextW
mpr
WNetAddConnectionW
WNetGetUserW
WNetGetUniversalNameW
WNetCancelConnection2A
WNetAddConnectionA
WNetOpenEnumA
WNetAddConnection3A
shlwapi
PathAppendA
PathQuoteSpacesA
PathParseIconLocationA
SHGetValueA
PathBuildRootA
PathRemoveBlanksA
PathQuoteSpacesW
SHSetValueW
StrFormatByteSizeA
PathSkipRootA
PathFileExistsA
PathIsSystemFolderW
SHRegEnumUSValueW
SHEnumValueW
PathIsRelativeA
PathStripToRootW
PathGetDriveNumberW
PathIsDirectoryW
PathUnmakeSystemFolderW
PathCanonicalizeW
SHQueryValueExA
StrToIntExW
PathFindFileNameW
StrPBrkA
PathIsUNCServerShareA
PathIsUNCServerA
ChrCmpIW
PathIsUNCW
PathRemoveArgsA
PathBuildRootW
SHRegDeleteEmptyUSKeyW
PathRelativePathToW
PathSkipRootW
StrCSpnW
SHRegDeleteUSValueA
PathCanonicalizeA
SHQueryInfoKeyW
PathFindNextComponentA
PathSearchAndQualifyW
PathIsUNCA
PathRemoveBlanksW
SHRegDeleteEmptyUSKeyA
ChrCmpIA
SHRegGetBoolUSValueA
SHRegEnumUSKeyW
PathCombineW
PathFindOnPathA
SHRegQueryUSValueA
PathIsURLW
PathAddBackslashW
PathRelativePathToA
StrSpnW
PathCompactPathW
PathIsFileSpecW
PathAppendW
PathGetArgsA
PathStripToRootA
PathParseIconLocationW
PathAddExtensionA
PathIsUNCServerW
StrToIntW
PathMatchSpecA
SHRegQueryUSValueW
PathCompactPathExW
PathFindFileNameA
PathIsURLA
PathSetDlgItemPathA
PathRenameExtensionA
PathRemoveExtensionW
PathCombineA
SHRegWriteUSValueW
PathAddExtensionW
PathUnquoteSpacesW
StrFormatByteSizeW
SHRegQueryInfoUSKeyA
SHCreateShellPalette
PathIsContentTypeW
PathRemoveBackslashA
PathFileExistsW
SHRegEnumUSKeyA
PathSetDlgItemPathW
PathMatchSpecW
SHSetValueA
PathCommonPrefixW
PathCompactPathA
StrNCatW
PathFindOnPathW
PathIsSameRootW
StrTrimW
PathAddBackslashA
SHRegCloseUSKey
StrCSpnIW
SHEnumKeyExA
StrNCatA
SHDeleteKeyW
PathStripPathW
PathFindExtensionW
PathIsUNCServerShareW
PathIsDirectoryA
SHRegGetUSValueA
PathRenameExtensionW
StrCmpW
StrPBrkW
SHGetValueW
SHDeleteValueA
StrToIntExA
SHQueryValueExW
SHEnumKeyExW
rpcrt4
NdrConformantArrayMarshall
NdrConformantVaryingArrayFree
NdrServerInitializeMarshall
NdrVaryingArrayBufferSize
NDRSContextUnmarshallEx
RpcMgmtEpEltInqNextW
NdrConformantVaryingStructMarshall
NdrRpcSsDefaultFree
NdrOleAllocate
NdrVaryingArrayFree
NdrRpcSsDisableAllocate
DceErrorInqTextW
RpcEpRegisterW
RpcProtseqVectorFreeW
I_RpcFree
RpcBindingInqAuthInfoExW
NdrAsyncServerCall
NdrMapCommAndFaultStatus
double_from_ndr
RpcBindingFromStringBindingW
NdrUserMarshalSimpleTypeConvert
float_from_ndr
RpcImpersonateClient
NdrSendReceive
NdrClientContextMarshall
I_RpcSendReceive
NdrMesSimpleTypeAlignSize
RpcServerRegisterIfEx
RpcServerInqDefaultPrincNameA
RpcEpResolveBinding
NdrXmitOrRepAsFree
RpcSmSwapClientAllocFree
data_into_ndr
NdrServerContextUnmarshall
NDRCContextBinding
NdrVaryingArrayMemorySize
NdrPointerUnmarshall
I_RpcGetCurrentCallHandle
RpcSmSetThreadHandle
NdrConvert2
NdrStubCall
NdrClientContextUnmarshall
RpcStringFreeW
RpcStringFreeA
NdrInterfacePointerFree
RpcMgmtEpEltInqNextA
NdrConformantStructMarshall
NdrMesTypeDecode
NdrUserMarshalFree
NdrConformantStringUnmarshall
NdrRpcSsEnableAllocate
RpcBindingFromStringBindingA
RpcMgmtEpEltInqBegin
RpcServerUseProtseqA
NdrAllocate
RpcRevertToSelf
NdrConformantVaryingArrayUnmarshall
UuidEqual
I_RpcBindingIsClientLocal
RpcServerRegisterAuthInfoW
data_from_ndr
RpcServerUseAllProtseqsIfEx
RpcMgmtSetServerStackSize
RpcMgmtSetComTimeout
UuidCreateNil
RpcSmEnableAllocate
I_RpcPauseExecution
RpcStringBindingComposeW
NdrConformantArrayMemorySize
RpcSsDestroyClientContext
NdrNonEncapsulatedUnionBufferSize
NdrPointerMarshall
NdrFullPointerInsertRefId
RpcServerUseProtseqEpExA
NdrConformantVaryingArrayBufferSize
RpcSsEnableAllocate
double_array_from_ndr
short_from_ndr_temp
I_RpcBindingInqDynamicEndpointA
I_RpcMapWin32Status
NDRSContextMarshallEx
RpcStringBindingComposeA
MesEncodeFixedBufferHandleCreate
RpcNetworkInqProtseqsW
NdrInterfacePointerUnmarshall
RpcBindingReset
NdrVaryingArrayMarshall
I_UuidCreate
NdrConvert
RpcSmClientFree
MesIncrementalHandleReset
tree_size_ndr
RpcNsBindingInqEntryNameW
NdrEncapsulatedUnionBufferSize
RpcNetworkIsProtseqValidW
RpcServerListen
NdrSimpleStructUnmarshall
RpcBindingSetAuthInfoExA
NdrByteCountPointerBufferSize
IUnknown_QueryInterface_Proxy
I_RpcBindingInqDynamicEndpointW
NdrPointerFree
DceErrorInqTextA
RpcSmGetThreadHandle
NdrNonEncapsulatedUnionMarshall
RpcBindingSetObject
RpcSmSetClientAllocFree
RpcServerUseProtseqEpW
MesInqProcEncodingId
RpcServerUnregisterIf
NdrGetDcomProtocolVersion
RpcEpRegisterNoReplaceA
NdrConformantVaryingStructUnmarshall
NdrFullPointerXlatInit
NdrInterfacePointerMemorySize
NdrServerContextMarshall
RpcSsSwapClientAllocFree
tree_into_ndr
RpcEpRegisterA
long_array_from_ndr
UuidCreate
NdrSimpleStructBufferSize
NdrServerInitializeUnmarshall
NdrMesTypeEncode
RpcEpUnregister
NdrEncapsulatedUnionMarshall
NdrConformantArrayUnmarshall
MesEncodeIncrementalHandleCreate
NdrNonConformantStringBufferSize
RpcIfInqId
NdrComplexStructBufferSize
RpcSsAllocate
NDRcopy
NdrConformantVaryingStructFree
I_RpcGetBuffer
I_RpcConnectionSetSockBuffSize
RpcMgmtSetAuthorizationFn
NdrComplexStructMarshall
NdrServerCall
NdrComplexArrayBufferSize
RpcSsFree
I_RpcIfInqTransferSyntaxes
I_RpcNsBindingSetEntryNameW
NdrSimpleTypeMarshall
NDRSContextMarshall
NdrConformantArrayBufferSize
I_RpcAsyncSetHandle
RpcSsGetThreadHandle
RpcBindingInqObject
RpcMgmtInqDefaultProtectLevel
NdrClientInitialize
RpcBindingInqOption
NdrEncapsulatedUnionMemorySize
NdrServerCall2
RpcCancelThread
RpcBindingSetAuthInfoA
NdrFullPointerFree
I_RpcSsDontSerializeContext
NdrXmitOrRepAsMemorySize
NdrServerMarshall
NdrNonConformantStringUnmarshall
RpcServerUseProtseqEpExW
RpcMgmtInqServerPrincNameW
NdrNsGetBuffer
RpcMgmtEpUnregister
RpcBindingInqAuthInfoW
RpcServerRegisterIf
NdrConformantVaryingArrayMemorySize
NdrPointerMemorySize
MesBufferHandleReset
NdrSimpleStructMarshall
NdrFixedArrayMarshall
I_RpcBindingCopy
tree_peek_ndr
NdrNonConformantStringMemorySize
char_from_ndr
RpcServerTestCancel
NdrSimpleStructMemorySize
RpcMgmtInqServerPrincNameA
enum_from_ndr
NdrUserMarshalMarshall
RpcNsBindingInqEntryNameA
long_from_ndr
RpcStringBindingParseA
UuidHash
NdrInterfacePointerMarshall
RpcServerUseAllProtseqsEx
RpcAsyncRegisterInfo
NdrComplexArrayMarshall
UuidToStringA
short_array_from_ndr
I_RpcFreePipeBuffer
I_RpcClearMutex
NdrGetBuffer
NdrEncapsulatedUnionUnmarshall
NdrNonEncapsulatedUnionMemorySize
NdrNonEncapsulatedUnionUnmarshall
I_RpcDeleteMutex
RpcBindingSetOption
RpcMgmtInqComTimeout
RpcSmAllocate
NdrInterfacePointerBufferSize
RpcServerUseProtseqIfA
RpcSmFree
UuidCompare
RpcServerUseAllProtseqs
NdrByteCountPointerFree
IUnknown_AddRef_Proxy
NdrFixedArrayBufferSize
NdrNonConformantStringMarshall
RpcMgmtSetCancelTimeout
NdrServerInitializePartial
NdrComplexStructFree
NdrConformantStringMarshall
RpcStringBindingParseW
RpcEpRegisterNoReplaceW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcNetworkInqProtseqsA
RpcAsyncAbortCall
UuidToStringW
NdrClientInitializeNew
RpcAsyncCancelCall
I_RpcRequestMutex
NDRCContextMarshall
NdrContextHandleSize
NdrComplexArrayFree
RpcObjectSetType
char_array_from_ndr
NdrByteCountPointerUnmarshall
MesDecodeIncrementalHandleCreate
NdrConformantArrayFree
NdrComplexArrayUnmarshall
MesHandleFree
NdrComplexStructUnmarshall
NdrFixedArrayFree
UuidFromStringW
NdrFullPointerQueryRefId
NDRSContextUnmarshall
NdrFullPointerQueryPointer
NdrConformantVaryingStructBufferSize
NdrConformantStringMemorySize
RpcServerUseProtseqExW
NdrServerInitializeNew
NdrSimpleStructFree
RpcBindingFree
float_array_from_ndr
NdrConformantVaryingStructMemorySize
NdrConformantStructBufferSize
RpcBindingInqAuthInfoA
RpcServerUseProtseqIfExW
NDRCContextUnmarshall
NdrSimpleTypeUnmarshall
RpcSsSetClientAllocFree
MesDecodeBufferHandleCreate
RpcMgmtEnableIdleCleanup
RpcSsDisableAllocate
NdrUserMarshalBufferSize
I_RpcSend
RpcAsyncCompleteCall
RpcMgmtStatsVectorFree
RpcObjectSetInqFn
I_RpcAsyncAbortCall
NdrUserMarshalUnmarshall
NdrRpcSmClientFree
RpcServerInqIf
NdrFixedArrayUnmarshall
NdrRpcSmClientAllocate
RpcAsyncGetCallStatus
RpcNetworkIsProtseqValidA
MesEncodeDynBufferHandleCreate
I_RpcAllocate
RpcSsSetThreadHandle
NdrEncapsulatedUnionFree
RpcMgmtInqStats
RpcBindingInqAuthInfoExA
NdrConformantStructMemorySize
UuidIsNil
I_RpcFreeBuffer
RpcMgmtInqIfIds
NdrRpcSsDefaultAllocate
I_RpcNsBindingSetEntryNameA
NdrPointerBufferSize
I_RpcReceive
NdrNsSendReceive
RpcBindingInqAuthClientA
MIDL_wchar_strlen
RpcServerRegisterAuthInfoA
I_RpcServerRegisterForwardFunction
NdrMesTypeAlignSize
long_from_ndr_temp
NdrConformantStructFree
RpcBindingInqAuthClientW
NdrFullPointerXlatFree
NdrConformantStructUnmarshall
I_RpcServerInqTransportType
RpcSmDestroyClientContext
RpcServerInqDefaultPrincNameW
RpcProtseqVectorFreeA
RpcBindingCopy
NdrNonEncapsulatedUnionFree
data_size_ndr
IUnknown_Release_Proxy
RpcServerUseAllProtseqsIf
NdrStubCall2
RpcServerUseProtseqExA
RpcServerUseProtseqIfW
NdrFreeBuffer
RpcBindingSetAuthInfoW
RpcMgmtWaitServerListen
RpcSsDontSerializeContext
msvcrt
_setmbcp
??3@YAXPAX@Z
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
comdlg32
GetFileTitleA
advapi32
CopySid
MapGenericMask
LookupAccountNameW
RegOpenKeyA
LogonUserW
QueryServiceConfigA
AllocateAndInitializeSid
InitiateSystemShutdownA
GetFileSecurityW
GetSidIdentifierAuthority
CreatePrivateObjectSecurity
SetEntriesInAclA
RegCreateKeyExW
SetNamedSecurityInfoA
RegLoadKeyA
OpenBackupEventLogW
AccessCheck
SetTokenInformation
LsaQueryTrustedDomainInfo
DuplicateTokenEx
RegEnumKeyExW
LsaRetrievePrivateData
AccessCheckAndAuditAlarmA
RegConnectRegistryW
GetUserNameW
GetPrivateObjectSecurity
FreeSid
RegDeleteValueW
LookupPrivilegeDisplayNameW
LsaEnumerateAccountRights
LsaEnumerateTrustedDomainsEx
GetSidSubAuthorityCount
RegDeleteKeyA
RegReplaceKeyW
ReportEventW
MakeAbsoluteSD
RegQueryInfoKeyW
ImpersonateSelf
QueryServiceConfig2W
DeleteService
AdjustTokenPrivileges
RegQueryValueW
PrivilegedServiceAuditAlarmW
OpenServiceW
BuildExplicitAccessWithNameA
LookupPrivilegeValueW
BuildTrusteeWithSidA
LsaSetInformationPolicy
GetExplicitEntriesFromAclA
RegGetKeySecurity
SetPrivateObjectSecurity
RegCreateKeyExA
MakeSelfRelativeSD
GetSecurityInfo
BuildExplicitAccessWithNameW
RegQueryValueExA
BuildImpersonateExplicitAccessWithNameA
IsValidSid
RevertToSelf
GetSidSubAuthority
AbortSystemShutdownW
GetSecurityDescriptorSacl
IsTokenRestricted
RegUnLoadKeyA
SetSecurityInfo
GetAce
RegSetValueExW
LockServiceDatabase
LsaAddAccountRights
GetLengthSid
AllocateLocallyUniqueId
RegCreateKeyA
NotifyChangeEventLog
ReadEventLogW
BuildTrusteeWithNameA
ObjectDeleteAuditAlarmW
BackupEventLogW
DecryptFileW
LookupPrivilegeNameA
BuildSecurityDescriptorW
SetSecurityDescriptorSacl
EnumDependentServicesW
LsaQueryInformationPolicy
BuildImpersonateTrusteeA
GetServiceKeyNameA
OpenSCManagerW
RegUnLoadKeyW
LookupPrivilegeDisplayNameA
RegOverridePredefKey
SetNamedSecurityInfoW
GetAuditedPermissionsFromAclW
GetTrusteeFormA
GetExplicitEntriesFromAclW
GetNumberOfEventLogRecords
GetSidLengthRequired
RegDeleteKeyW
LookupAccountNameA
GetSecurityDescriptorOwner
BuildTrusteeWithNameW
LsaCreateTrustedDomainEx
UnlockServiceDatabase
RegOpenKeyW
SetSecurityDescriptorDacl
LookupPrivilegeNameW
RegReplaceKeyA
RegOpenKeyExW
EqualSid
GetServiceDisplayNameW
RegisterEventSourceW
RegisterEventSourceA
QueryServiceConfig2A
AddAccessAllowedAce
LogonUserA
CreateServiceA
CreateRestrictedToken
ReportEventA
OpenServiceA
LsaNtStatusToWinError
QueryServiceLockStatusW
LsaSetDomainInformationPolicy
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
RegEnumValueA
AddAccessDeniedAce
ControlService
EncryptFileA
GetTokenInformation
SetThreadToken
SetServiceStatus
RegQueryValueExW
RegSetValueExA
RegLoadKeyW
RegSaveKeyA
QueryServiceStatus
GetEffectiveRightsFromAclA
GetSecurityDescriptorLength
RegSetKeySecurity
ObjectCloseAuditAlarmA
LsaClose
BackupEventLogA
StartServiceCtrlDispatcherA
ObjectCloseAuditAlarmW
RegEnumKeyA
RegSetValueA
ChangeServiceConfigW
LsaEnumerateAccountsWithUserRight
CloseEventLog
LsaFreeMemory
AddAuditAccessAce
QueryServiceLockStatusA
RegQueryMultipleValuesW
CloseServiceHandle
AddAce
LsaDeleteTrustedDomain
LsaSetTrustedDomainInformation
SetFileSecurityW
GetKernelObjectSecurity
GetOldestEventLogRecord
StartServiceCtrlDispatcherW
StartServiceA
RegQueryValueA
RegisterServiceCtrlHandlerA
QueryServiceObjectSecurity
ObjectPrivilegeAuditAlarmA
ChangeServiceConfig2A
LookupPrivilegeValueA
InitiateSystemShutdownW
LsaQueryTrustedDomainInfoByName
RegCreateKeyW
RegRestoreKeyW
SetSecurityDescriptorGroup
RegDeleteValueA
LsaSetTrustedDomainInfoByName
OpenBackupEventLogA
CreateProcessAsUserA
GetTrusteeNameW
EncryptFileW
RegCloseKey
ChangeServiceConfigA
IsValidAcl
OpenEventLogA
EqualPrefixSid
RegConnectRegistryA
DeregisterEventSource
AdjustTokenGroups
LsaOpenPolicy
GetServiceKeyNameW
GetTrusteeFormW
EnumServicesStatusA
LsaEnumerateTrustedDomains
RegOpenKeyExA
GetFileSecurityA
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetAclInformation
DuplicateToken
RegEnumValueW
AreAnyAccessesGranted
FindFirstFreeAce
SetFileSecurityA
SetAclInformation
OpenProcessToken
imm32
ImmUnregisterWordA
kernel32
GlobalFree
GetExitCodeThread
FindAtomW
CreateSemaphoreW
FillConsoleOutputAttribute
GetUserDefaultLangID
FillConsoleOutputCharacterA
GetModuleHandleA
GetStartupInfoA
oleaut32
VarR4FromI4
VarR8FromR4
VarI2FromR4
LHashValOfNameSysA
SysAllocStringLen
VarUI4FromR4
VarNumFromParseNum
LPSAFEARRAY_UserMarshal
VarDateFromR8
VarCyFromStr
CreateDispTypeInfo
VarAdd
VarBstrFromCy
VarUI2FromBool
VarDateFromUI2
VariantClear
VarI4FromUI2
VarDateFromUdate
VarI1FromDisp
VarUI4FromUI1
VarDecFromDate
OleLoadPictureFile
VarCyCmp
VarR8FromUI2
VarBoolFromI2
VarR8FromDec
SafeArrayPutElement
VarDecFromR8
SysReAllocString
VarBoolFromUI2
VarI1FromDate
DispGetIDsOfNames
SafeArrayAllocData
VarR4CmpR8
VarDateFromI1
VarCyInt
VarBstrFromBool
VarCyAbs
VarDecFromI1
BstrFromVector
SafeArrayDestroy
VarUI1FromR8
SafeArrayDestroyDescriptor
VarDecCmpR8
VarCyFromBool
QueryPathOfRegTypeLi
SafeArraySetRecordInfo
SafeArrayGetDim
SafeArrayGetUBound
VariantTimeToDosDateTime
user32
IsIconic
EnableWindow
mfc42
ord4673
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord2514
ord641
ord4234
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord1576
ord1168
Sections
.text Size: 180KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ