Static task
static1
Behavioral task
behavioral1
Sample
82be75876e0207e27a4c3d3ef03840d606b00dce79308d3488b92a73de6b6b2d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
82be75876e0207e27a4c3d3ef03840d606b00dce79308d3488b92a73de6b6b2d.exe
Resource
win10v2004-20220812-en
General
-
Target
82be75876e0207e27a4c3d3ef03840d606b00dce79308d3488b92a73de6b6b2d
-
Size
164KB
-
MD5
80a68930d15c45180d42cd75c9add056
-
SHA1
c4b29e7fe06d563db16de2620691405f082fb102
-
SHA256
82be75876e0207e27a4c3d3ef03840d606b00dce79308d3488b92a73de6b6b2d
-
SHA512
1967c3d6276e7d6680e20355fd5e10fab433d052bf60c5ec4dabde3ad4f0916e926c601956a51fe3bb7f5a096a3b02631d5df7c895f4f1a9d7a33804ec5659a5
-
SSDEEP
3072:IHqWH/DbOnf4EPgZRV0dDySrrm2zhLdlRaW5gu5WXRc2BJjp8e:1SfOf4EPA09Tl5dlR/6fXRccL8e
Malware Config
Signatures
Files
-
82be75876e0207e27a4c3d3ef03840d606b00dce79308d3488b92a73de6b6b2d.exe windows x86
74c8e1a7d906b084a42f6d694e7201b2
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gzipdll
unzip
mfc80ud
ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord386
ord1416
ord2634
ord5045
ord6278
ord5770
ord8386
ord7991
ord8391
ord8424
ord5502
ord573
ord832
ord7664
ord4646
ord3469
ord2725
ord6482
ord289
ord3663
ord3187
ord422
ord742
ord3121
ord1975
ord4487
ord1669
ord2784
ord5941
ord6179
ord3999
ord6998
ord2152
ord2221
ord2222
ord2580
ord6970
ord1864
ord6730
ord4655
ord8670
ord5280
ord8668
ord2064
ord2992
ord3002
ord7036
ord3268
ord3266
ord3284
ord3296
ord3273
ord3289
ord3294
ord3277
ord3279
ord3281
ord3275
ord3291
ord3271
ord1184
ord1180
ord1182
ord1178
ord1173
ord7050
ord7052
ord8194
ord2153
ord5961
ord6455
ord4775
ord1802
ord2994
ord7001
ord5856
ord8666
ord6841
ord2508
ord6946
ord5922
ord1916
ord5499
ord2176
ord2179
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord6638
ord6468
ord5884
ord6977
ord9137
ord288
ord2029
ord919
ord3402
ord1160
ord5503
ord6266
ord7046
ord7011
ord7553
ord3508
ord3803
ord3972
ord5990
ord3780
ord3975
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6174
ord5940
ord2891
ord1757
ord7685
ord4638
ord3080
ord714
ord2646
ord2595
ord3253
ord5633
ord1578
ord1358
ord8227
ord1396
ord1485
ord5311
ord908
ord888
ord662
ord5087
ord6237
ord1142
ord1145
ord286
ord299
ord673
ord921
ord901
ord1435
ord3286
ord893
msvcr80d
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
_wcmdln
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_errno
exit
_beginthreadex
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf_s
_CxxThrowException
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
kernel32
SetThreadPriority
CloseHandle
Sleep
CreateMutexW
SetLastError
GetLastError
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
ResumeThread
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetVersion
MultiByteToWideChar
GetTickCount
GetCurrentThread
CreateFileMappingA
MapViewOfFile
QueryPerformanceCounter
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
lstrlenA
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MulDiv
user32
OffsetRect
InflateRect
EqualRect
SetRectEmpty
SubtractRect
IntersectRect
IsRectEmpty
RegisterClassW
GetSysColor
PtInRect
UnionRect
LoadCursorW
SetRect
CopyRect
PostMessageW
GetSystemMetrics
FindWindowW
DefDlgProcW
gdi32
CreateSolidBrush
shell32
ShellExecuteW
SHFileOperationW
comctl32
InitCommonControlsEx
shlwapi
PathRemoveFileSpecW
ws2_32
WSAStartup
gdiplus
GdiplusStartup
GdiplusShutdown
advapi32
SetThreadToken
RevertToSelf
OpenThreadToken
Sections
.text Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE