Static task
static1
Behavioral task
behavioral1
Sample
897e6a0d6a4ec693963804e1ecc2835ca3ea30374c9c62a55ebd57b334729326.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
897e6a0d6a4ec693963804e1ecc2835ca3ea30374c9c62a55ebd57b334729326.exe
Resource
win10v2004-20220901-en
General
-
Target
897e6a0d6a4ec693963804e1ecc2835ca3ea30374c9c62a55ebd57b334729326
-
Size
47KB
-
MD5
53fc930a3383c4ad0bc30b1a1e096240
-
SHA1
8663842c4cb17d5bdf2a2aa21fcef6b1d02117f9
-
SHA256
897e6a0d6a4ec693963804e1ecc2835ca3ea30374c9c62a55ebd57b334729326
-
SHA512
1cdf475163d2272a770dbf6b1439d7913fca04dbcb933dcbbe19dd2d74db2c4bc52bb08c37ce38e5e3979c8b904d9a6126a3769b99ce3cbcc83a5c4c79ae8340
-
SSDEEP
384:OabHXsxed3mnFc/PtAZfMouWpsJkToxtuxIexOstd8h4j2wqzfC71ZkGVmgJwCcu:lIxedADzn0YMmwpFD0/iLUQ
Malware Config
Signatures
Files
-
897e6a0d6a4ec693963804e1ecc2835ca3ea30374c9c62a55ebd57b334729326.exe windows x86
6ebe5c91e47801626dea68343a1c6a53
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlInitUnicodeString
wcscat
wcscpy
RtlAnsiStringToUnicodeString
ZwCreateKey
swprintf
PsTerminateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmGetSystemRoutineAddress
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 128B - Virtual size: 100B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 768B - Virtual size: 764B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 736B - Virtual size: 734B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ