Static task
static1
Behavioral task
behavioral1
Sample
4867a68ac291cb81c10a3ca23bdf5c079409a3d29c9a9c6bb919a07b0798aa2c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4867a68ac291cb81c10a3ca23bdf5c079409a3d29c9a9c6bb919a07b0798aa2c.exe
Resource
win10v2004-20220812-en
General
-
Target
4867a68ac291cb81c10a3ca23bdf5c079409a3d29c9a9c6bb919a07b0798aa2c
-
Size
270KB
-
MD5
a0761960618c9e240d9d28754f7d6d7e
-
SHA1
c32d8a907822eb98542bab91f3ed3e7b96943889
-
SHA256
4867a68ac291cb81c10a3ca23bdf5c079409a3d29c9a9c6bb919a07b0798aa2c
-
SHA512
3173f4bbffb72dda2b5eb75ac8a7029fa471a494cf2823f9e42a65873c3229b496c4cf8d7c50c005577a85f7557d980fb15e565f42e3f173cc220893ec50d8fa
-
SSDEEP
3072:LizN5BIABnHBfq+qhK2amTkUnMwDMJWtJTO5OG+UswU2Kwgyui/fGxFpkrW6:EfIA9HBf4paOCETO5yR2KwEi/fGO
Malware Config
Signatures
Files
-
4867a68ac291cb81c10a3ca23bdf5c079409a3d29c9a9c6bb919a07b0798aa2c.exe windows x86
d68a626ed377324d41c14d32778733f4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
gdi32
GetObjectType
GetTextCharset
kernel32
GetStartupInfoA
FreeConsole
shlwapi
PathUnquoteSpacesW
setupapi
SetupDiEnumDeviceInterfaces
SetupDiBuildClassInfoListExW
SetupGetLineByIndexW
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiSetClassInstallParamsW
SetupInstallFilesFromInfSectionW
SetupQueryDrivesInDiskSpaceListW
SetupFreeSourceListA
SetupBackupErrorW
SetupInstallFileExA
SetupQueryInfFileInformationW
InstallHinfSectionA
SetupSetDirectoryIdExA
SetupDiGetDeviceRegistryPropertyA
SetupQueueCopySectionA
SetupDiGetWizardPage
SetupDiSetDeviceInstallParamsA
SetupInstallFileA
SetupDiGetHwProfileFriendlyNameExA
SetupQueryInfFileInformationA
SetupOpenFileQueue
SetupGetBinaryField
SetupAdjustDiskSpaceListA
rpcrt4
RpcSmGetThreadHandle
RpcSsAllocate
NdrSendReceive
NdrMapCommAndFaultStatus
NdrServerContextUnmarshall
NdrInterfacePointerMemorySize
RpcServerInqIf
NdrNonEncapsulatedUnionFree
NdrComplexStructFree
NdrConformantVaryingStructMemorySize
RpcNetworkInqProtseqsA
RpcIfIdVectorFree
RpcTestCancel
RpcBindingToStringBindingW
RpcServerUseAllProtseqsIfEx
NdrNonEncapsulatedUnionBufferSize
RpcSmClientFree
I_RpcServerUseProtseqEp2A
NdrServerContextNewUnmarshall
IUnknown_AddRef_Proxy
NdrDcomAsyncClientCall
RpcEpResolveBinding
RpcBindingFree
I_RpcReallocPipeBuffer
I_RpcBindingInqDynamicEndpointW
RpcServerUseAllProtseqsIf
UuidCreateSequential
RpcNetworkIsProtseqValidA
NdrConformantArrayMarshall
UuidEqual
RpcSsSetThreadHandle
IUnknown_QueryInterface_Proxy
RpcCancelThreadEx
I_RpcMapWin32Status
NdrServerCall
RpcBindingFromStringBindingW
ntdll
NtImpersonateAnonymousToken
RtlExtendedIntegerMultiply
ZwOpenProcess
NtDeleteFile
RtlTimeFieldsToTime
RtlLargeIntegerSubtract
NtUnmapViewOfSection
NtReadVirtualMemory
RtlExtendedLargeIntegerDivide
RtlPrefixUnicodeString
NtQueryInformationProcess
NtTerminateThread
RtlIntegerToUnicodeString
NtSetEvent
ZwClose
RtlCopyUnicodeString
NtDeviceIoControlFile
RtlDetermineDosPathNameType_U
NtFlushVirtualMemory
RtlNtStatusToDosError
NtWaitForSingleObject
NtOpenEvent
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 145KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.eh_fram Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ