Static task
static1
Behavioral task
behavioral1
Sample
3a7023c4354aaa4494323b9cb1e511f7aedcfe00486a8351603f52a478b552bf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3a7023c4354aaa4494323b9cb1e511f7aedcfe00486a8351603f52a478b552bf.exe
Resource
win10v2004-20220901-en
General
-
Target
3a7023c4354aaa4494323b9cb1e511f7aedcfe00486a8351603f52a478b552bf
-
Size
336KB
-
MD5
6bd2b1a9b58f166246457edeb5e09740
-
SHA1
54e6df9f6a1954a0fb686c6afff502d0bc564adb
-
SHA256
3a7023c4354aaa4494323b9cb1e511f7aedcfe00486a8351603f52a478b552bf
-
SHA512
4a554cbb55fd0c942db6e9e5da22e17ba8973c4425ea4eb264ed0b3e7eba2c83e6b214342c172a75229faa0820a3cada5a105d08bab25b4568d65e96b371e794
-
SSDEEP
6144:7iP+GDlNbE1pUnFU/jJKOmWpKNPLJLsRnfgNkosD:7iP+GZNbE1wUUxYYP
Malware Config
Signatures
Files
-
3a7023c4354aaa4494323b9cb1e511f7aedcfe00486a8351603f52a478b552bf.exe windows x86
024c6a25ba8da438841f4c90c0f96240
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
CreateFileA
CloseHandle
SetCommMask
SetupComm
PurgeComm
SetCommTimeouts
GetCommState
SetCommState
CreateEventA
ClearCommError
CreateThread
WaitCommEvent
WriteFile
ReadFile
GetLastError
GetOverlappedResult
Sleep
QueryPerformanceFrequency
GetTickCount
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
InitializeCriticalSection
user32
ShowWindow
wsprintfA
SetRect
GetAsyncKeyState
EndDialog
EndPaint
BeginPaint
MessageBoxA
ShowCursor
LoadStringA
LoadAcceleratorsA
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
UpdateWindow
DialogBoxParamA
DestroyWindow
PostQuitMessage
DefWindowProcA
advapi32
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
msvcp90
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
binkw32
_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkClose@4
_BinkOpen@8
_BinkGetFrameBuffersInfo@8
_BinkPause@8
_BinkGoto@12
_BinkWait@4
_BinkRegisterFrameBuffers@8
_BinkShouldSkip@4
_BinkNextFrame@4
_BinkDoFrame@4
d3d9
Direct3DCreate9
d3dx9_33
D3DXGetImageInfoFromFileA
D3DXCreateTextureFromFileExA
D3DXMatrixScaling
D3DXCreateFontIndirectA
D3DXMatrixMultiply
D3DXMatrixRotationZ
D3DXCreateSprite
D3DXCompileShader
D3DXMatrixTranslation
winmm
mmioOpenA
mmioDescend
mmioRead
mmioAscend
mmioClose
timeGetTime
dsound
ord1
msvcr90
_CIsin
_CIcos
__CxxFrameHandler3
memset
_controlfp_s
_invoke_watson
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
memcpy
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
vsprintf_s
atoi
fread
fopen_s
printf
fclose
fprintf
fwrite
fopen
exit
system
_localtime64
_time64
_CxxThrowException
__p__commode
??3@YAXPAX@Z
srand
??2@YAPAXI@Z
sprintf
strcpy_s
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@XZ
strcat_s
??_V@YAXPAX@Z
rand
Sections
.text Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dldrat Size: 131KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE