Static task
static1
Behavioral task
behavioral1
Sample
5fe2a1a52ff7c77682c1c524ee049349bd5bbbd5eb21ddbe5f08b172a7ae6b25.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5fe2a1a52ff7c77682c1c524ee049349bd5bbbd5eb21ddbe5f08b172a7ae6b25.exe
Resource
win10v2004-20220812-en
General
-
Target
5fe2a1a52ff7c77682c1c524ee049349bd5bbbd5eb21ddbe5f08b172a7ae6b25
-
Size
932KB
-
MD5
916e7137ad1978841596d0dbd454b200
-
SHA1
adedf9844858bf3e3aae783ab073a2ebf4cfc94d
-
SHA256
5fe2a1a52ff7c77682c1c524ee049349bd5bbbd5eb21ddbe5f08b172a7ae6b25
-
SHA512
2386da436d12cc8bed373aa0e2b36a9033d16e29bf7b442f6dba9f74d45d6942e7d54f29dc11be6c89ad722ac93fb47c955afd3e9aa98f8daebfe960d82daf4d
-
SSDEEP
24576:2NvTX39z2WwAN6O0EF2k4LPxxb3b8qv/YVnI+k4Wn/YC/R7eCg5:aTX0O0EF2nDDXIN2D/R7K5
Malware Config
Signatures
Files
-
5fe2a1a52ff7c77682c1c524ee049349bd5bbbd5eb21ddbe5f08b172a7ae6b25.exe windows x86
d0bbdbbf26aa27e25daa5c371747495d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
SHGetFolderPathW
ExtractIconExW
ShellExecuteW
kernel32
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
GetModuleHandleW
InitializeCriticalSection
InterlockedDecrement
MulDiv
GlobalFree
CloseHandle
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
GetTempPathW
GetWindowsDirectoryW
WriteProcessMemory
LocalFree
GetProcAddress
VirtualFreeEx
VirtualAllocEx
OpenProcess
GetCurrentThreadId
GetExitCodeThread
GetLongPathNameW
TlsAlloc
TlsFree
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
Sleep
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateRemoteThread
WaitForSingleObject
GetVolumeInformationW
GetVersionExW
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
CompareFileTime
SystemTimeToFileTime
GetStartupInfoW
lstrlenA
MultiByteToWideChar
GetLastError
SetLastError
WideCharToMultiByte
GetSystemTime
GetSystemDirectoryW
CreateThread
user32
FindWindowW
GetWindowThreadProcessId
GetActiveWindow
DialogBoxParamW
PostThreadMessageW
PostMessageW
ReleaseDC
CallWindowProcW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
RedrawWindow
GetWindowDC
FillRect
SetWindowTextW
SendMessageW
GetClientRect
MoveWindow
GetWindowRect
EndDialog
SetWindowPos
GetMessageW
MapWindowPoints
GetWindowTextW
SetFocus
CreateDialogParamW
PeekMessageW
ShowWindow
InvalidateRect
UpdateWindow
DispatchMessageW
IsWindow
DestroyWindow
HideCaret
SetWindowLongW
CreateWindowExW
GetDC
DefWindowProcW
GetWindowLongW
GetParent
GetWindow
SystemParametersInfoW
MessageBoxW
gdi32
DeleteDC
GetTextExtentPoint32W
CreateFontW
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
DeleteObject
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
IsTextUnicode
ole32
CreateStreamOnHGlobal
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
oleaut32
OleLoadPicture
SysAllocString
VariantInit
VariantCopy
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
CreateErrorInfo
VariantChangeType
msvcp60
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$ctype@G@std@@UAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??_7?$ctype@G@std@@6B@
?do_is@?$ctype@G@std@@MBEPBGPBG0PAF@Z
?do_is@?$ctype@G@std@@MBE_NFG@Z
?do_scan_is@?$ctype@G@std@@MBEPBGFPBG0@Z
?do_scan_not@?$ctype@G@std@@MBEPBGFPBG0@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
?do_tolower@?$ctype@G@std@@MBEGG@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Cltab@?$ctype@D@std@@0PBFB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
?do_toupper@?$ctype@G@std@@MBEGG@Z
?do_widen@?$ctype@G@std@@MBEPBDPBD0PAG@Z
?do_widen@?$ctype@G@std@@MBEGD@Z
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
?do_narrow@?$ctype@G@std@@MBEDGD@Z
??1?$ctype@D@std@@UAE@XZ
??0_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??_7facet@locale@std@@6B@
??_7ctype_base@std@@6B@
??_7?$ctype@D@std@@6B@
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??_7runtime_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0locale@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?do_toupper@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Term@?$ctype@D@std@@KAXXZ
??0_Locinfo@std@@QAE@PBD@Z
_Getctype
msvcrt
_wgetenv
abs
_wtoi
_wrmdir
_wremove
_lrotr
malloc
wcscat
modf
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
localtime
_findclose
_wfindnext
_wfindfirst
isprint
isspace
isalnum
__CxxFrameHandler
wcslen
swprintf
memcpy
wcschr
??2@YAPAXI@Z
_ftol
strlen
strncmp
memcmp
memset
wcstol
_wcsnicmp
srand
clock
time
__p___wargv
__p___argc
??1exception@@UAE@XZ
_wcsicmp
wcscpy
fabs
wcsncpy
_wtol
_wmkdir
_wchdir
fclose
fwrite
_wfopen
_waccess
wcstok
_wcsdup
_wsplitpath
_wgetcwd
tolower
rand
memmove
memchr
wcscmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
free
_CxxThrowException
sprintf
strncpy
wsock32
connect
htons
ioctlsocket
gethostbyname
send
recv
ntohl
select
htonl
socket
WSAStartup
Sections
.text Size: 112KB - Virtual size: 111KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 764KB - Virtual size: 761KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ