Static task
static1
Behavioral task
behavioral1
Sample
082ff4711d6b41472be0662e66034edb4e308a717599432d8c73ed403312f10c.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
082ff4711d6b41472be0662e66034edb4e308a717599432d8c73ed403312f10c.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
082ff4711d6b41472be0662e66034edb4e308a717599432d8c73ed403312f10c
-
Size
426KB
-
MD5
4ca0441e41498bcbb1c4e586a3a87b04
-
SHA1
3edc8b05ee6cca20f6ddf85ca0d9f7116f2d0040
-
SHA256
082ff4711d6b41472be0662e66034edb4e308a717599432d8c73ed403312f10c
-
SHA512
adedcd79a6f4414d4a58351aec8bf9485c6b7df7c46c0a8eb62c127970f50f590a72606a16cab18dcef356c73cf100f22a5bf4362a76163d5261f1b1b25d90b0
-
SSDEEP
12288:PU5xr/TC7FxxFgAoI6nvXJ/CWer7Q2yfBLD4Bnb:w0fr7dyfBLD4Bn
Malware Config
Signatures
Files
-
082ff4711d6b41472be0662e66034edb4e308a717599432d8c73ed403312f10c.exe windows x86
37391050a30cb1ee85fd3516c8cc416a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
kernel32
GetCurrentThreadId
GetCommandLineA
lstrcatA
lstrcpyA
GetModuleFileNameA
SetFileAttributesA
GetVersion
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
LoadResource
LoadLibraryExA
OpenProcess
GetLocalTime
TerminateThread
CreateThread
ResetEvent
GetFileAttributesA
SetThreadPriority
GetCurrentProcess
SetProcessWorkingSetSize
GetExitCodeThread
OutputDebugStringA
LocalFree
LocalAlloc
WinExec
EnterCriticalSection
DeviceIoControl
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentThread
IsBadReadPtr
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
WriteFile
WaitForSingleObject
FileTimeToLocalFileTime
GetCurrentProcessId
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
CreateNamedPipeA
GetExitCodeProcess
FindFirstFileA
FindClose
MoveFileA
DeleteFileA
GetOverlappedResult
FormatMessageA
lstrlenA
ReleaseMutex
CreateMutexA
GetTickCount
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetComputerNameA
GetEnvironmentVariableA
GetSystemTime
SizeofResource
FindResourceA
CreateProcessA
FreeLibrary
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CloseHandle
SetEvent
Sleep
FileTimeToSystemTime
LeaveCriticalSection
GetModuleHandleA
CreateEventA
GetVersionExA
DeleteCriticalSection
GetProcAddress
GetThreadLocale
SetLastError
GetLastError
InterlockedExchange
RaiseException
GetACP
InitializeCriticalSection
GetLocaleInfoA
CreateFileA
user32
LoadStringA
WaitForInputIdle
DispatchMessageA
GetSystemMetrics
GetMessageA
wvsprintfA
FindWindowA
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjects
CharNextA
PostThreadMessageA
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
PostQuitMessage
MessageBoxA
wsprintfA
PostMessageA
IsWindow
OemToCharA
advapi32
SetServiceStatus
RegCreateKeyExA
StartServiceCtrlDispatcherA
DeleteService
ControlService
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegConnectRegistryW
IsValidSecurityDescriptor
AddAccessAllowedAce
GetTokenInformation
OpenProcessToken
InitializeAcl
GetUserNameA
RegConnectRegistryA
RegisterServiceCtrlHandlerA
RegDeleteValueA
ole32
CoUninitialize
StringFromGUID2
CoRevokeClassObject
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoResumeClassObjects
CoCreateInstance
CoRegisterClassObject
oleaut32
VariantInit
VariantChangeType
SystemTimeToVariantTime
VarBstrFromDate
VariantTimeToSystemTime
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
VariantCopy
VarBstrCat
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCopy
SysAllocString
SysAllocStringLen
VariantClear
avgklib
??0KFolder@@QAE@XZ
?program@KFolder@@QAEHPADPBD@Z
msvcp71
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0locale@std@@QAE@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIG@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstream@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?uncaught_exception@std@@YA_NXZ
?_Register@facet@locale@std@@QAEXXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1strstreambuf@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?freeze@strstreambuf@std@@QAEX_N@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
shlwapi
PathFindExtensionA
msvcr71
_itow
mktime
wcstombs
wcslen
ceil
floor
srand
time
rand
vfprintf
wcscpy
wcscat
strncmp
_mbsrchr
_mbsicmp
_mbsnbcpy
_mbsnbcat
_access
_mbschr
_set_security_error_handler
fmod
toupper
_beginthread
memchr
_ultoa
__CxxFrameHandler
_callnewh
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_strdup
_filelength
_fileno
_unlink
_memicmp
_CxxThrowException
towupper
memcmp
memmove
free
memset
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf
strtoul
_itoa
strtol
_purecall
??_V@YAXPAX@Z
malloc
realloc
exit
strchr
_snprintf
memcpy
_beginthreadex
iswspace
_resetstkoflw
wcsncpy
__doserrno
_errno
sscanf
fclose
fopen
fseek
fread
fwrite
fflush
_chsize
rename
strlen
strncpy
strrchr
strcpy
fgets
fprintf
sprintf
strcat
Sections
.text Size: 259KB - Virtual size: 258KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 82KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE