��yIB'� ��/���[��9��q� +)}dޜ�N+�90| �>Z(��;���H��9U9{��a��Y�]�f���V�I�̺BҜ��;������� ʸ�0�+~Ԍ�I��p{cc>� �*|z�`7�9��w��p�ءS3?�u�2�����%m������v�mk���Va�&�!���3��uc}TR��HhЌD���x��b� ���%հT��.\� �Mgw�h1s,�� 8�����:1N���������{�:�ʺ?4��z����`y�h��<hL~�@��\�"4k���<zɠm�(Sݷ�丶.�X��=V�S7��YѦ,�����煞�8,���3v��<���� ��������hb��[����5�~PbxlJ��΄�"rI ��)ey3��}R�G*Ė�_�B�{�o��t�)Çբ�L���@��Bxʯ~-\�F�&Xs,킜c8��TX�39&��A����а �*��i�b��ɋV��=�r�?����Z����}@M/��#d��G-�T��ϝ5G���fݣ������`��h�x��W��!�u[�>�*\��15��o#��!���cb�cQ1�����-�2Qm�#O5�jJ����y?���/ɜ��Mo�>� 3�p�'���q���;�/��@�ֿ� w�xW%q.@+��e+�9��t��}�]�r�m�7�Fa��f�9����=i���`p*�J(0|>̥XΞGM,�� ѱHX��gV���j�������fȂv������U.Y7����J��V������d[�ɣ+L�q�B I=�~�����]�X3�o�d2Xm<u&�b���ɯ�?��;����<�$k� d�p�nf�=Ye��j�B��(����{:�9�Q�_MP��'�o�.&݉6��c�$�<B@q���3�F�Ƽ���� �u��5 �gU����#˚X۲rn�'�?��۶��j�����~���|�hj�L�D��N��0峤5�P�v�����M��-;M��:�8`��K�( b5������n����,�y�� ���\���܌'�0����8�ArH-4��=b.�!��MXN�E���{zJU��5�s{��vJ,f�'�Ӥ�W�X� B/N��U�Gz�o��Jx�C��wk�KD���Z��IE��K�WJ�|֟T�h��� �M��eG����d�����>`x��Q���v���l�Z�m�d�a����Z��%mzn��h����Wf�(�K��k�������������d�n�GMUߞ�A�a��z���2��p��?!�ުEQ�f)4�aL���<�Ø�Ӧ��x[Vn6����DJ�v�v����;`9P�\�@��>�ݘbR!�Ky9�a����_><E��#�����x�<��A_J���9N5��Q�������N�5��ky̐�H��������m�<���Ye��s�� o�&~ފD�N�X%q���/��K� yj\8��{[�v��)��g��TeQ�l.�J���\ Ġ�������{n�l"�t��'H�LvLVÃm1*��I���צ��Tfmʐ�\��P�b��@8����?sV$Ȟ:��qn��>�����aW��:��V�ڥB�eYW��{DBin�?�2��S$�o�^}�j�?y6^�6��^�^�`�N��1�p1����}ҎV���#�4�o��#�5�B�u�� ����\�͉I�m�0:��.�T��k5�լnQz`�5�Q��Y.f"eE�R����淤1xkBd���n�_�(�������|eΏ�����s�}�3�*$u��|E-�C�qP�&G�)<q�2�p��V������n}V�b˝�� ����y.�{adxv�D�]��dļL�@ ��6u�����L��� �l��'�!W�r y��a"-1Ե_����-ZPs(ܑ_�e�=�Qg8�P"D��Dy~^F��0�bR@�R~A���Py)T��3.��7�D�����1����Nx��4�~��Cϯ����E������G��v VHo�g��,�(@i�)�ˣ��ʤ� ���4� un����{v�TPF��9��95�F����,�I�O��A��4 JNn��y+�6ֈ_$$��3Z]���F@}lo��V�+�ex�i�c���7_^��}�}ʸ �wOh�'tf8���@a���t }%���y�5p�Mb*CF�] (��'�eC�:��N�OF���_w�/�<W��(������{M`��"�t��K��&4�ў۹4��� u�!�c��BWڵ�;�o�c�j�^n�K}��$膯9���E��� hh��Ux�nJТ���`I?)�"���B��햌�z֘�qJ�Ȓg��b]G��^#��|Th{)��p�IȜٯ�H��U�3[[�s���CEt�}���r�=Q����q�:oY˿���`�����#�2o������u��؞�� ��p�c�6fK�F�[�U�.�?kO���D�tf��sf��xD��7��G �W缻�~0�����t� Lpk�'���Iim�\}p��|ĭ�7���:���Tw��E!�\�!�8�~3�M��bb�8�n$��Q$��y�k)-x)U�^Qh/5h�b���lB���"h\�[�f�VA�&�eݫ��[2�>�������+�����(����`�&z���:��|N�b�L^k���ۥeӜfL�@4�tp!��w�9�~��rh��Z�C^_�����l�8_U�C�G�rF�{&|!u����H�,�%�W\%��<X�E��؊#{X��[T��f�Dɂ��u�ч��|`�����#�1��ࠁd&������|����>��-M�b�/��IS�9BG�����nD�e�@K ����,������q�d?�#�.4�5�u��^�8Xd�l"5��32]�?��[J���p��9����ި�G�g@��=�er���Aa,G]����Ge�!;�~�C*x�{�7�ߨ����x��*��C:]u��K��`�i��wߙ�pD��Wy&h�d��%10!�<�m�F<s�FvA�K:��`WIK�Ի��7�7#�p��4��I dަ�r���k
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
General
-
Target
tmp
-
Size
5.5MB
-
MD5
8c66f92777ce3a5426e1eafd5cacda74
-
SHA1
c3daa0905089f5fc37f8c724f4e5b8f459b5dfd6
-
SHA256
3d4a63c5813625b141306babe40e24361b8322d25788b7ff1b502030c4cb498c
-
SHA512
4c9c72070c7a4e50eea450b240db24a800ecc4f27822d69f700cf041e24e0f3d23c8603d29ca3f64a7a6b9a933cc272cde2588902003eaf674920ca254dcb73a
-
SSDEEP
98304:ZNxzylSs5NqU6x6gYCJwMKdT/kpPr9+Oq6jTAD83iynNggVi/We9pQIXtNaRVYvQ:0FLqUuYOwMKdT8/+OzRNgtd6e
Malware Config
Signatures
Files
-
tmp.exe windows x64
e57441b73e4ddcde937c26cf22515594
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeleteFileA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
ShowWindow
CharUpperBuffW
shell32
ShellExecuteA
oleaut32
VariantClear
msvcp140
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
urlmon
URLDownloadToFileA
ntdll
RtlVirtualUnwind
vcruntime140
memcmp
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
_set_fmode
api-ms-win-crt-runtime-l1-1-0
_initterm_e
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
ceilf
Exports
Exports
Sections
.text Size: - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.nxloade Size: - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.nxloade Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.nxloade Size: 5.5MB - Virtual size: 5.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ