Static task
static1
Behavioral task
behavioral1
Sample
42f0d812f9ebe622313326f7a3897874db45b64dea38752d222109244a11cff7.exe
Resource
win7-20220812-en
windows7-x64
General
-
Target
42f0d812f9ebe622313326f7a3897874db45b64dea38752d222109244a11cff7
-
Size
212KB
-
MD5
497aaef584a85f535bd756f5e46d221f
-
SHA1
81d17b6a290d8b4d681f280342977c4e67584692
-
SHA256
42f0d812f9ebe622313326f7a3897874db45b64dea38752d222109244a11cff7
-
SHA512
f0bedf4ec7187e7c9475ba7eaec0ddbcc84cc47fe007165fafc6b2b555560b5549190ce6566de703b884183e97d758e403cb3c155f6b27bfcda3401d42d6695a
-
SSDEEP
3072:6hrz6oB5eti+ck+0o59BXz/Jor2P1KSxTuxvB9kQgK0f3eYqLYCjPHEVcJXGb5e:6heti+c79kZx7kRKwbqLXOccw
Malware Config
Signatures
Files
-
42f0d812f9ebe622313326f7a3897874db45b64dea38752d222109244a11cff7.exe windows x86
11a4dedfb3e2e4cf11c1b48eea8be369
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CancelWaitableTimer
GlobalFindAtomW
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
GetCommState
CreateActCtxW
GetConsoleAliasExesLengthA
GetConsoleDisplayMode
GetConsoleFontSize
GetFullPathNameA
GetComputerNameExA
GetFileAttributesA
GetThreadSelectorEntry
GetFullPathNameW
MoveFileWithProgressW
CreateFileW
InterlockedExchangeAdd
SetThreadExecutionState
GetProcessVersion
InitializeSListHead
_lread
FreeLibraryAndExitThread
OpenEventA
CreateHardLinkW
HeapQueryInformation
HeapWalk
SetDefaultCommConfigA
TerminateProcess
EnumCalendarInfoW
GetThreadPriorityBoost
PeekConsoleInputW
IsValidLanguageGroup
GetCurrentThread
GetFileAttributesW
ClearCommBreak
GetProfileSectionA
Beep
CopyFileExA
EnumSystemLanguageGroupsW
FileTimeToDosDateTime
SetConsoleCP
BuildCommDCBA
WritePrivateProfileSectionA
SetUserGeoID
GetStringTypeExW
GetQueuedCompletionStatus
lstrcmpW
ReplaceFileW
SetSystemTimeAdjustment
GetConsoleAliasesLengthA
CheckNameLegalDOS8Dot3A
GlobalGetAtomNameA
GetConsoleMode
SetProcessPriorityBoost
FindActCtxSectionStringW
GetUserGeoID
GetBinaryTypeA
CommConfigDialogA
FillConsoleOutputCharacterA
SetUnhandledExceptionFilter
SetSystemPowerState
SetSystemTime
FindNextVolumeW
GetACP
WriteFile
GetNumaNodeProcessorMask
EnumResourceNamesA
WaitNamedPipeA
CancelDeviceWakeupRequest
SetVolumeLabelW
lstrcmpiW
EncodeSystemPointer
CreateJobObjectA
FindNextVolumeMountPointA
GetPrivateProfileStringW
GetVolumePathNamesForVolumeNameA
GetTempFileNameW
QueryPerformanceCounter
SetHandleCount
GetWindowsDirectoryA
GlobalMemoryStatusEx
IsBadHugeWritePtr
GetNumberOfConsoleMouseButtons
AreFileApisANSI
GetCurrentProcessId
FindFirstVolumeW
GetConsoleAliasesA
EnumSystemGeoID
CreateSemaphoreW
_hwrite
UnhandledExceptionFilter
SetFirmwareEnvironmentVariableA
IsDBCSLeadByteEx
CreateMemoryResourceNotification
ReadConsoleInputW
GlobalDeleteAtom
MultiByteToWideChar
GlobalAddAtomW
GetUserDefaultUILanguage
GetFileTime
EnumLanguageGroupLocalesA
ExpandEnvironmentStringsA
GetTickCount
FindCloseChangeNotification
GlobalHandle
ChangeTimerQueueTimer
GetTimeFormatA
SetEndOfFile
GetStringTypeA
ExitProcess
EnumResourceTypesA
SetupComm
GetNativeSystemInfo
CreateTapePartition
CreateDirectoryExA
DecodePointer
GlobalSize
GetProcessPriorityBoost
GetDiskFreeSpaceA
FatalAppExitW
BackupSeek
RequestDeviceWakeup
GetDriveTypeA
GetProcessAffinityMask
SetCommBreak
SetThreadPriorityBoost
GetVolumePathNameA
FindFirstVolumeMountPointA
CheckRemoteDebuggerPresent
WriteConsoleOutputCharacterA
ProcessIdToSessionId
CreateConsoleScreenBuffer
GetSystemDirectoryA
GetProfileIntA
WriteConsoleA
GetAtomNameW
GenerateConsoleCtrlEvent
BackupRead
GetDevicePowerState
ZombifyActCtx
IsValidLocale
GetDiskFreeSpaceExW
GetSystemRegistryQuota
RtlCaptureStackBackTrace
ReadProcessMemory
GlobalAddAtomA
SignalObjectAndWait
SetFileAttributesA
ReleaseSemaphore
GetNamedPipeHandleStateW
GetLastError
WriteConsoleInputA
CreateJobObjectW
SetMessageWaitingIndicator
BuildCommDCBAndTimeoutsA
WaitCommEvent
SetComputerNameExW
GetTapeParameters
GetCurrencyFormatW
GetOEMCP
EnumCalendarInfoA
GlobalFree
DeleteFiber
FindFirstFileW
UnlockFileEx
GetPriorityClass
DebugActiveProcessStop
SetNamedPipeHandleState
SetFileTime
ResetEvent
TransactNamedPipe
_lopen
GetPrivateProfileStructW
FindFirstChangeNotificationA
WriteProfileStringA
Sleep
FindNextVolumeA
WriteProfileSectionA
GetThreadContext
LoadLibraryW
OpenProcess
GetDiskFreeSpaceW
GetProfileSectionW
GlobalLock
ReadFileEx
FillConsoleOutputCharacterW
GetCommTimeouts
GetFirmwareEnvironmentVariableW
QueryInformationJobObject
TlsGetValue
SetFileAttributesW
GlobalFix
CreateFileA
CreateHardLinkA
FindResourceExA
IsSystemResumeAutomatic
CallNamedPipeA
SetFileApisToOEM
GetSystemDefaultLCID
GetCommModemStatus
LocalFlags
SetThreadContext
OpenMutexA
FindResourceExW
CreateMutexA
PulseEvent
GetConsoleCP
SetTapePosition
LCMapStringW
GetStringTypeW
GetLocaleInfoA
_llseek
IsBadWritePtr
LocalSize
HeapSetInformation
HeapDestroy
GetDllDirectoryA
GlobalCompact
GetNumberFormatA
CreateTimerQueueTimer
MulDiv
lstrlenW
GlobalReAlloc
DefineDosDeviceW
PostQueuedCompletionStatus
GetSystemDirectoryW
GetSystemDefaultUILanguage
GetConsoleAliasExesA
IsBadHugeReadPtr
GetProcessHeap
SetCalendarInfoA
CompareFileTime
SetCommTimeouts
SetWaitableTimer
SetStdHandle
LocalCompact
EnumTimeFormatsA
CreateMutexW
GetPrivateProfileSectionNamesW
SetFileShortNameA
WriteConsoleOutputCharacterW
GetStdHandle
_lclose
GetCommConfig
PeekConsoleInputA
SetFirmwareEnvironmentVariableW
EnumSystemLocalesA
ExpandEnvironmentStringsW
QueryActCtxW
CreateDirectoryA
QueueUserAPC
CallNamedPipeW
BeginUpdateResourceA
QueueUserWorkItem
VerSetConditionMask
FindVolumeMountPointClose
GlobalFindAtomA
GetNamedPipeInfo
GetThreadTimes
WriteConsoleOutputAttribute
GetPrivateProfileIntW
GetProcessIoCounters
CreateJobSet
GetConsoleCursorInfo
MoveFileExA
GetPrivateProfileSectionNamesA
GetVolumePathNameW
GetPrivateProfileIntA
GetLogicalDriveStringsA
IsBadReadPtr
FreeUserPhysicalPages
EnumResourceLanguagesW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GetLargestConsoleWindowSize
GetHandleInformation
SetConsoleMode
VerifyVersionInfoA
GlobalGetAtomNameW
RemoveDirectoryA
GlobalWire
QueryPerformanceFrequency
PeekNamedPipe
EnumCalendarInfoExA
LoadLibraryExA
WriteFileGather
SuspendThread
GetLongPathNameA
CommConfigDialogW
FindActCtxSectionGuid
GetConsoleWindow
SetTapeParameters
CreateEventW
WritePrivateProfileStructA
EnumCalendarInfoExW
GetUserDefaultLangID
EnumSystemCodePagesW
HeapValidate
InterlockedFlushSList
MoveFileExW
WriteProcessMemory
CreateTimerQueue
GetModuleFileNameW
AddAtomA
EnumSystemCodePagesA
GetUserDefaultLCID
DeleteAtom
DuplicateHandle
EscapeCommFunction
SetTimeZoneInformation
OpenMutexW
GetProcessHeaps
GetConsoleOutputCP
VerLanguageNameW
GetDefaultCommConfigA
CompareStringA
QueryMemoryResourceNotification
WriteTapemark
EnumResourceLanguagesA
SetConsoleTitleA
CancelIo
LCMapStringA
GetNamedPipeHandleStateA
EndUpdateResourceW
ReadConsoleW
IsValidCodePage
IsBadCodePtr
DeleteVolumeMountPointW
FindNextFileW
GetCPInfo
WriteConsoleW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
HeapSize
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
SetFilePointer
GetFileType
ReadFile
GetModuleHandleW
HeapReAlloc
RaiseException
RtlUnwind
IsDebuggerPresent
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
GetCurrentThreadId
ExitThread
HeapAlloc
HeapFree
SetEnvironmentVariableW
FindFirstChangeNotificationW
ResetWriteWatch
FindNextFileA
GetFileInformationByHandle
GetVersion
FileTimeToLocalFileTime
ReadConsoleOutputW
SetEnvironmentVariableA
GetSystemTime
EnumDateFormatsExA
GetFileSizeEx
GlobalUnfix
GetAtomNameA
GetVolumeInformationW
GetEnvironmentStringsW
GetNumaAvailableMemoryNode
GetExitCodeThread
GetConsoleScreenBufferInfo
TransmitCommChar
SetConsoleCursorInfo
VerLanguageNameA
HeapCreate
LocalFree
InterlockedCompareExchange
GetFileAttributesExA
GetSystemWindowsDirectoryA
WaitForSingleObject
TerminateThread
FreeLibrary
lstrcpyA
lstrcatA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
SearchPathA
OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
CloseHandle
VirtualAlloc
UnmapViewOfFile
VirtualFree
VirtualProtect
GetModuleHandleA
lstrcmpA
GetModuleFileNameA
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA
HeapUnlock
gdi32
GetObjectA
CreateEllipticRgn
EndPath
FrameRgn
GetGlyphOutlineW
Polyline
CopyMetaFileA
SetPixel
EnumObjects
GetEnhMetaFileDescriptionA
LineTo
CreateHatchBrush
GetWindowOrgEx
MaskBlt
GetROP2
GetCurrentObject
GetTextMetricsA
ScaleWindowExtEx
GetDIBits
GetGlyphIndicesA
GetMetaFileW
StartPage
GetNearestPaletteIndex
SetWindowExtEx
SetMetaRgn
ExtTextOutA
GetColorAdjustment
GetGlyphOutlineA
StretchDIBits
CreateScalableFontResourceA
GetNearestColor
SetTextCharacterExtra
RestoreDC
SelectClipPath
GetCharWidth32W
GetGlyphIndicesW
GetEnhMetaFileHeader
OffsetWindowOrgEx
DeleteMetaFile
PolyBezierTo
GetCharWidthA
SetBrushOrgEx
GetTextFaceW
EnumMetaFile
CreateEnhMetaFileA
CreateDIBPatternBrush
SetDCPenColor
CloseEnhMetaFile
GetBrushOrgEx
ColorCorrectPalette
SelectPalette
CreatePolygonRgn
DescribePixelFormat
GetPixel
StrokePath
CreateFontIndirectExW
CreateRectRgn
PatBlt
CreateDIBitmap
GetTextCharset
EndDoc
GetCharABCWidthsA
GetViewportExtEx
SetTextColor
EnumFontsA
GetLayout
SelectObject
EqualRgn
SetViewportExtEx
PlgBlt
GetClipBox
GetKerningPairsA
GetOutlineTextMetricsA
GetTextFaceA
FillRgn
GetWindowExtEx
GetFontLanguageInfo
GetMetaFileA
AbortPath
CreateBrushIndirect
RealizePalette
comdlg32
FindTextA
ChooseColorA
FindTextW
GetSaveFileNameA
PrintDlgA
PrintDlgW
ReplaceTextW
ChooseColorW
advapi32
RegSetValueExA
RegCloseKey
RegCreateKeyExA
activeds
ord20
ord30
ord14
ord6
ord29
ord4
ord21
ord13
ord5
comsvcs
CoEnterServiceDomain
MTSCreateActivity
CoLeaveServiceDomain
SafeRef
CoCreateActivity
crypt32
CryptDecryptAndVerifyMessageSignature
CryptGetAsyncParam
CertResyncCertificateChainEngine
CryptUnprotectData
CryptVerifyCertificateSignature
CertFindExtension
CryptSignAndEncodeCertificate
CryptMsgControl
CryptEnumOIDFunction
CryptDecodeMessage
CryptRegisterOIDFunction
CertFreeCertificateChainEngine
PFXIsPFXBlob
CertStrToNameW
CertRemoveEnhancedKeyUsageIdentifier
CertAddEncodedCertificateToSystemStoreW
CryptSetAsyncParam
CertCreateCertificateContext
CryptVerifyCertificateSignatureEx
CryptSignCertificate
CertFindRDNAttr
CertEnumCertificateContextProperties
CertCompareCertificateName
CertEnumCRLsInStore
CryptFindOIDInfo
CertEnumSystemStoreLocation
CryptRegisterOIDInfo
CertFreeCRLContext
PFXExportCertStoreEx
CertAddCRLContextToStore
CryptHashCertificate
CryptUnregisterOIDInfo
CertCloseStore
CertFreeCTLContext
CertAddCertificateLinkToStore
CertAddSerializedElementToStore
CryptFormatObject
CryptQueryObject
PFXExportCertStore
CertAddEncodedCRLToStore
CryptGetMessageSignerCount
CertNameToStrW
CertEnumCRLContextProperties
CryptEnumOIDInfo
CryptDecodeObjectEx
CertCreateSelfSignCertificate
CertAddEncodedCertificateToStore
CertCompareCertificate
CertDeleteCTLFromStore
CertFindCRLInStore
CertEnumCTLsInStore
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertAlgIdToOID
CryptAcquireCertificatePrivateKey
CertDuplicateCTLContext
CertFindCertificateInCRL
CertSerializeCTLStoreElement
CertOpenSystemStoreW
CryptMsgVerifyCountersignatureEncoded
CryptMemRealloc
CertEnumPhysicalStore
CertFindChainInStore
CryptMsgGetParam
CertAddEnhancedKeyUsageIdentifier
CryptExportPublicKeyInfoEx
CryptGetDefaultOIDDllList
CertCompareIntegerBlob
CryptMsgDuplicate
CertUnregisterSystemStore
PFXVerifyPassword
CertEnumCTLContextProperties
CryptGetOIDFunctionValue
CryptSignMessage
CertFindAttribute
CertGetCRLFromStore
CertCreateContext
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CryptCloseAsyncHandle
CryptMsgClose
PFXImportCertStore
CertGetStoreProperty
CryptDecodeObject
CertControlStore
CryptStringToBinaryA
CryptGetKeyIdentifierProperty
CryptCreateAsyncHandle
CertFreeCertificateChain
imm32
ImmGetCandidateListW
ImmGetStatusWindowPos
iphlpapi
GetOwnerModuleFromTcpEntry
GetIpStatistics
GetRTTAndHopCount
SetIfEntry
NotifyAddrChange
GetBestInterface
GetIpNetTable
GetIpErrorString
GetPerAdapterInfo
GetAdapterOrderMap
CreateProxyArpEntry
GetTcpTable
GetInterfaceInfo
GetUdpStatisticsEx
GetIfEntry
GetIpStatisticsEx
GetBestInterfaceEx
SetIpForwardEntry
SetIpTTL
NotifyRouteChange
GetIfTable
GetFriendlyIfIndex
GetNumberOfInterfaces
GetTcpStatistics
msi
ord93
ord212
ord130
ord242
ord168
ord214
ord172
ord244
ord253
ord41
ord243
ord126
ord211
ord258
ord65
ord9
ord60
ord254
ord249
ord276
ord104
ord113
ord237
ord88
ord87
ord275
ord229
ord277
ord193
ord39
ord70
ord205
ord255
ord251
ord94
ord250
ord107
ord179
ord102
ord246
ord6
ord155
ord175
ord209
ord112
ord177
ord219
ord71
ord265
ord216
ord225
ord169
ord110
ord269
ord16
ord131
ord203
ord90
ord38
ord15
ord204
ord56
ord232
ord240
ord108
msimg32
AlphaBlend
TransparentBlt
comctl32
ImageList_DrawIndirect
ord336
ord16
ImageList_DragLeave
ord327
ImageList_DragShowNolock
GetMUILanguage
ImageList_SetImageCount
ImageList_GetImageCount
ord337
ord3
ord413
ImageList_LoadImageW
DestroyPropertySheetPage
InitializeFlatSB
ImageList_Write
ImageList_Add
ord17
ImageList_DragMove
ImageList_Read
ord335
ord8
ImageList_Remove
FlatSB_GetScrollRange
ord4
ord329
ImageList_SetOverlayImage
ord15
ImageList_SetDragCursorImage
ord14
ImageList_Replace
ImageList_Create
FlatSB_ShowScrollBar
FlatSB_SetScrollProp
ord5
ord320
CreateToolbarEx
ImageList_Merge
ImageList_LoadImageA
FlatSB_SetScrollRange
ord236
PropertySheetA
ImageList_ReplaceIcon
ord412
ord410
UninitializeFlatSB
FlatSB_SetScrollPos
ord323
ImageList_Draw
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
ImageList_Destroy
CreatePropertySheetPageA
ImageList_Copy
InitMUILanguage
ImageList_AddMasked
FlatSB_GetScrollProp
FlatSB_EnableScrollBar
Sections
.text Size: 86KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 93KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE