Static task
static1
Behavioral task
behavioral1
Sample
9463d736efc906f4d87bc7e15bfba7eb9c448b171371f570a4e489e4241609ad.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
9463d736efc906f4d87bc7e15bfba7eb9c448b171371f570a4e489e4241609ad.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
9463d736efc906f4d87bc7e15bfba7eb9c448b171371f570a4e489e4241609ad
-
Size
648KB
-
MD5
65840b192c5d33a0f25669999e64b790
-
SHA1
a212d86b84e44c937a3e00e06eddba85e28f6f9f
-
SHA256
9463d736efc906f4d87bc7e15bfba7eb9c448b171371f570a4e489e4241609ad
-
SHA512
98023757b9d3bde9d9297fb7ee7e0573076c20a889ff258d557f165cf48e70c88a4d3fea41739c37f43c1c542ae22d1f6ff2d6d1d0cad7d7b625e41de0316bab
-
SSDEEP
12288:3nHs4dW0Fw5anP7JPAsqYyE2tGOm155jAKYghKtN/:3nMoW0FIiDajYyTGOm159YOKz
Malware Config
Signatures
Files
-
9463d736efc906f4d87bc7e15bfba7eb9c448b171371f570a4e489e4241609ad.exe windows x86
5631cd4ca0d32fca064c398b173d248f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
Imports
advapi32
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
kernel32
CreateFileW
WriteFile
InterlockedDecrement
SetEvent
CreateThread
SetLastError
FormatMessageW
CreateEventW
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleW
GetUserDefaultUILanguage
GetLocaleInfoW
Beep
GetLastError
CreateMutexW
InterlockedIncrement
GetTimeFormatW
GetDateFormatW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
Sleep
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
gdi32
SelectObject
DeleteDC
GetStockObject
CreateDCW
CreateFontW
DeleteObject
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
user32
GetAsyncKeyState
UpdateWindow
GetParent
MessageBoxW
RedrawWindow
ClientToScreen
IsIconic
PostMessageW
DrawIcon
GetSysColorBrush
GetSysColor
LoadStringW
DrawIconEx
DispatchMessageW
FindWindowW
ShowWindow
GetIconInfo
ScreenToClient
GetClientRect
GetWindowRect
OffsetRect
CopyRect
EnableWindow
LoadIconW
SendMessageW
InvalidateRect
BringWindowToTop
TranslateMessage
PeekMessageW
PostQuitMessage
GetSystemMetrics
SystemParametersInfoW
FillRect
SetForegroundWindow
mfc42u
ord823
ord2371
ord2078
ord1143
ord1565
ord4029
ord641
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord326
ord567
ord4418
ord3397
ord5286
ord1768
ord6051
ord2127
ord818
ord1941
ord4229
ord2294
ord6211
ord6195
ord6928
ord1184
ord2855
ord3133
ord561
ord3733
ord4616
ord3396
ord5710
ord5285
ord5303
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord715
ord1081
ord415
ord5819
ord1262
ord1258
ord1131
ord3948
ord6193
ord3087
ord5593
ord6665
ord3716
ord795
ord1808
ord4294
ord5977
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord1662
ord2644
ord755
ord470
ord5871
ord3084
ord4470
ord2634
ord3870
ord668
ord3005
ord800
ord3176
ord4053
ord2773
ord2762
ord356
ord2478
ord6510
ord1113
ord3232
ord6734
ord4426
ord6704
ord6683
ord6606
ord5256
ord1718
ord3743
ord5236
ord6050
ord4103
ord4954
ord4957
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4883
ord4714
ord4341
ord4334
ord5070
ord6808
ord4886
ord4364
ord4893
ord4582
ord4583
ord6826
ord6799
ord6847
ord6836
ord6803
ord6806
ord6807
ord6849
ord6837
ord6830
ord6838
ord6858
ord6850
ord6823
ord6846
ord6814
ord6848
ord6798
ord6583
ord6642
ord3000
ord1112
ord6691
ord6805
ord6794
ord2615
ord6475
ord465
ord3728
ord3393
ord810
ord3995
ord3635
ord3365
ord4396
ord2574
ord693
ord6003
ord3993
ord3991
ord6898
ord4262
ord3724
ord3389
ord4400
ord2579
ord804
ord1644
ord6778
ord6316
ord2859
ord268
ord2385
ord1165
ord3658
ord1560
ord825
ord1569
ord4692
ord3659
msvcrt
_wcsnicmp
memmove
fclose
_CxxThrowException
_wcsicmp
_set_error_mode
swprintf_s
fwprintf
fwrite
_wfopen_s
malloc
calloc
__RTDynamicCast
free
_wtoi
_resetstkoflw
realloc
swscanf_s
_snwprintf_s
wcsrchr
wcscat_s
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
?name@type_info@@QBEPBDXZ
_purecall
wcscpy_s
memset
_ftol2
__CxxFrameHandler3
memmove_s
shell32
SHGetSpecialFolderPathW
ShellExecuteW
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipFree
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
comctl32
InitCommonControlsEx
oleaut32
SysFreeString
SysAllocString
VariantClear
comdlg32
GetSaveFileNameW
wdscore
ConstructPartialMsgVW
WdsGenericSetupLogInit
CurrentIP
WdsSetupLogMessageW
WdsSetupLogDestroy
WdsTerminate
unbcl
??1ISerializable@UnBCL@@UAE@XZ
??5SerializationStream@UnBCL@@QAEAAV01@AAPAVString@1@@Z
??5SerializationStream@UnBCL@@QAEAAV01@AA_J@Z
??5SerializationStream@UnBCL@@QAEAAV01@AAH@Z
?DecRef@Object@UnBCL@@QAEHXZ
?AddRef@Object@UnBCL@@QAEXXZ
??6SerializationStream@UnBCL@@QAEAAV01@PBUISerializable@1@@Z
?AddStackTrace@Exception@UnBCL@@QAEXPBD@Z
??0InvalidCastException@UnBCL@@QAE@XZ
?ToString@Exception@UnBCL@@UBEPAVString@2@XZ
?get_InnerException@Exception@UnBCL@@UBEPBV12@XZ
?get_Message@Exception@UnBCL@@UBEPBVString@2@XZ
?get_Source@Exception@UnBCL@@UBEPBVString@2@XZ
?set_Source@Exception@UnBCL@@UAEXPBVString@2@@Z
?GetBaseException@Exception@UnBCL@@UBEPBV12@XZ
?get_HResult@Exception@UnBCL@@UBEJXZ
?set_HResult@Exception@UnBCL@@MAEXJ@Z
?SetMessage@Exception@UnBCL@@MAEXPAVString@2@@Z
??1Exception@UnBCL@@UAE@XZ
?WriteBytes@SerializationStream@UnBCL@@QAEXPBEH@Z
??6SerializationStream@UnBCL@@QAEAAV01@H@Z
?ReadBytes@SerializationStream@UnBCL@@QAEXPAEH@Z
?MemAllocFailed@Allocator@UnBCL@@SGHXZ
??0ArgumentOutOfRangeException@UnBCL@@QAE@PBG@Z
??0ArgumentException@UnBCL@@QAE@PBG@Z
??0ArgumentNullException@UnBCL@@QAE@PBG@Z
??0InvalidOperationException@UnBCL@@QAE@PBG@Z
??0Exception@UnBCL@@QAE@PBG@Z
?EnqueueSbRegistration@SbRegistrationList@UnBCL@@SGXPBDHPAUHINSTANCE__@@PAUIInstanceFactory@2@@Z
?RegisterType@SerializationStream@UnBCL@@SGXPBVString@2@HPAUHINSTANCE__@@PAUIInstanceFactory@2@@Z
?SetLiteralStorage@_@UnBCL@@YGXPAPBVString@2@PBG@Z
??0NotSupportedException@UnBCL@@QAE@PBG@Z
??0InvalidOperationException@UnBCL@@QAE@PBVString@1@@Z
??5SerializationStream@UnBCL@@QAEAAV01@AAPAUISerializable@1@@Z
??0InvalidOperationException@UnBCL@@QAE@PBVString@1@PAVException@1@@Z
??6SerializationStream@UnBCL@@QAEAAV01@PBVString@1@@Z
??6SerializationStream@UnBCL@@QAEAAV01@_J@Z
??0Object@UnBCL@@QAE@ABV01@@Z
?Steal@?$SmartPtr@VString@UnBCL@@@UnBCL@@QAEPAVString@2@XZ
?Format@String@UnBCL@@SAPAV12@PBGZZ
?Replace@String@UnBCL@@QBEPAV12@PBG0W4StringCasing@12@@Z
?IndexOf@String@UnBCL@@QBEHPBGH@Z
?Remove@String@UnBCL@@QBEPAV12@HH@Z
?get_Length@String@UnBCL@@QBEHXZ
?Copy@File@UnBCL@@SGPAVString@2@PBV32@0H@Z
?GetTempPathName@Directory@UnBCL@@SGPAVString@2@XZ
?Concat@String@UnBCL@@SGPAV12@PBG0@Z
?CompareTo@String@UnBCL@@QBEHPBGH@Z
?get_NextSibling@XmlNode@UnBCL@@QAEPAV12@XZ
?Compare@String@UnBCL@@SGHPBG0H@Z
?get_Name@XmlNode@UnBCL@@QAEPAVString@2@XZ
?get_InnerText@XmlNode@UnBCL@@QAEPAVString@2@XZ
?get_Attributes@XmlNode@UnBCL@@QAEPAVXmlAttributeCollection@2@XZ
?get_Item@XmlAttributeCollection@UnBCL@@QAEPAVXmlAttribute@2@PAVString@2@@Z
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QBEPAVString@1@XZ
?get_Item@XmlNodeList@UnBCL@@QAEPAVXmlNode@2@H@Z
?SelectNodes@XmlNode@UnBCL@@QAEPAVXmlNodeList@2@PAVString@2@@Z
?Load@XmlDocument@UnBCL@@QAEXPAVString@2@@Z
?GetApplicationStartDir@Directory@UnBCL@@SGPAVString@2@XZ
??0XmlDocument@UnBCL@@QAE@XZ
??1XmlDocument@UnBCL@@UAE@XZ
?GetFileName@Path@UnBCL@@SGPAVString@2@PBV32@@Z
?Exists@File@UnBCL@@SGHPBVString@2@@Z
?Exists@Directory@UnBCL@@SGHPBVString@2@@Z
??0String@UnBCL@@QAE@XZ
?Compare@String@UnBCL@@SGHPBV12@PBGH@Z
?GetBuffer@StringBuilder@UnBCL@@QAEPAGH@Z
?Append@StringBuilder@UnBCL@@QAEPAV12@PBG@Z
??0StringBuilder@UnBCL@@QAE@XZ
?Append@StringBuilder@UnBCL@@QAEPAV12@PBVString@2@@Z
?ToString@StringBuilder@UnBCL@@UBEPAVString@2@XZ
??1StringBuilder@UnBCL@@UAE@XZ
?Compare@String@UnBCL@@SGHPBV12@0H@Z
?get_Length@StringBuilder@UnBCL@@QBEHXZ
?get_CString@String@UnBCL@@QBEPBGXZ
??0String@UnBCL@@QAE@PBG@Z
?GetEnvironmentVar@Environment@UnBCL@@SGPAVString@2@PBV32@@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QAE@XZ
??0?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@QAE@XZ
??2Object@UnBCL@@SGPAXI@Z
?ToLower@String@UnBCL@@QBEPAV12@XZ
?Trim@String@UnBCL@@QBEPAV12@XZ
?get_IsEmpty@String@UnBCL@@QBEHXZ
?Split@String@UnBCL@@QBEPAV?$ArrayList@PAVString@UnBCL@@@2@PBG@Z
??0?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@QAE@PAV?$ArrayList@PAVString@UnBCL@@@1@@Z
??4?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@QAEAAV01@ABV01@@Z
??1?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@UAE@XZ
??C?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@QBEPAV?$ArrayList@PAVString@UnBCL@@@1@XZ
?IndexOf@String@UnBCL@@QBEHPBG@Z
??0String@UnBCL@@QAE@PBV01@@Z
?Combine@Path@UnBCL@@SGPAVString@2@PBV32@0@Z
?GetParentPath@Path@UnBCL@@SGPAVString@2@PBV32@@Z
?CreateDir@Directory@UnBCL@@SGPAVDirectoryInfo@2@PBVString@2@@Z
?CanRegister@SerializationStream@UnBCL@@SGHXZ
?GetCallingModule@SerializationStream@UnBCL@@SGPAUHINSTANCE__@@XZ
?UnregisterType@SerializationStream@UnBCL@@SGXPBVString@2@HPAUHINSTANCE__@@@Z
??1String@UnBCL@@UAE@XZ
??3Object@UnBCL@@SGXPAX@Z
?Clone@String@UnBCL@@UBEPAVObject@2@XZ
?CompareTo@String@UnBCL@@UBEHPBVObject@2@@Z
?ToString@String@UnBCL@@UBEPAV12@XZ
?GetHashCode@String@UnBCL@@UBEHXZ
?Equals@String@UnBCL@@UBEHPBVObject@2@@Z
?FromASCII@String@UnBCL@@SGPAV12@PBD@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QAE@PAVString@1@@Z
??D?$SmartPtr@VString@UnBCL@@@UnBCL@@QBEAAVString@1@XZ
?SanitizeTypeName@SerializationStream@UnBCL@@SGPAVString@2@ABV32@@Z
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QAEAAV01@ABV01@@Z
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UAE@XZ
??2Object@UnBCL@@SGPAXII@Z
??0String@UnBCL@@QAE@ABV01@@Z
?Clone@Object@UnBCL@@UBEPAV12@XZ
?CompareTo@Object@UnBCL@@UBEHPBV12@@Z
?GetObjectID@Object@UnBCL@@UBEIXZ
?ToString@Object@UnBCL@@UBEPAVString@2@XZ
?GetType@Object@UnBCL@@UBEPAVType@2@XZ
?GetHashCode@Object@UnBCL@@UBEHXZ
?Equals@Object@UnBCL@@UBEHPBV12@@Z
??1Object@UnBCL@@UAE@XZ
??0Object@UnBCL@@QAE@XZ
?get_P@?$SmartPtr@V?$ArrayList@PAVString@UnBCL@@@UnBCL@@@UnBCL@@QBEPAV?$ArrayList@PAVString@UnBCL@@@2@XZ
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QBEPAVString@2@XZ
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBG@Z
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXPBGZZ
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABV?$CSimpleStringT@G$0A@@1@@Z
?Find@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@ABV01@@Z
?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?Trim@String@UnBCL@@QBEPAV12@PBG@Z
?CompareNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?Tokenize@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@PBGAAH@Z
?TrimEnd@String@UnBCL@@QBEPAV12@PBG@Z
?Substring@String@UnBCL@@QBEPAV12@H@Z
?IndexOf@String@UnBCL@@QBEHG@Z
?StartsWith@String@UnBCL@@QBEHPBGH@Z
?Concat@String@UnBCL@@SGPAV12@PBG00@Z
?CreateTemporaryDirectory@Directory@UnBCL@@SGPAVString@2@XZ
?get_Count@XmlNodeList@UnBCL@@QAEHXZ
??0Win32Exception@UnBCL@@QAE@K@Z
??C?$SmartPtr@VStream@UnBCL@@@UnBCL@@QBEPAVStream@1@XZ
??1?$SmartPtr@VStream@UnBCL@@@UnBCL@@UAE@XZ
??4?$SmartPtr@VStream@UnBCL@@@UnBCL@@QAEAAV01@ABV01@@Z
??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QAE@PAVStream@1@@Z
??0FileStream@UnBCL@@QAE@PBVString@1@W4FileMode@1@W4FileAccess@1@W4FileShare@1@K@Z
??0?$SmartPtr@VStream@UnBCL@@@UnBCL@@QAE@XZ
??1FileStream@UnBCL@@UAE@XZ
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBG@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@G@Z
?Find@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBGH@Z
?Right@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
?ReverseFind@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHG@Z
?Left@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
?Mid@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABV01@@Z
??A?$CSimpleStringT@G$0A@@ATL@@QBEGH@Z
?GetManager@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEPAUIAtlStringMgr@2@XZ
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PAUIAtlStringMgr@1@@Z
?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAAV12@PBGH1H@Z
?Empty@?$CSimpleStringT@G$0A@@ATL@@QAEXXZ
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@XZ
?get_FirstChild@XmlNode@UnBCL@@QAEPAV12@XZ
msi
ord113
ord45
ord70
shlwapi
PathFindExtensionW
Sections
.text Size: 342KB - Virtual size: 341KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 16KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 224KB - Virtual size: 224KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE