Static task
static1
Behavioral task
behavioral1
Sample
e3b2c3f153aedd227318b946514fcbc9d2739fdadb0128cb643d6bc26735b1a3.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
e3b2c3f153aedd227318b946514fcbc9d2739fdadb0128cb643d6bc26735b1a3.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
e3b2c3f153aedd227318b946514fcbc9d2739fdadb0128cb643d6bc26735b1a3
-
Size
349KB
-
MD5
0ca18a073d562140505819d8bf92d0e6
-
SHA1
486ca446dd3d8c1f686eeae7d66eb89d119ef3d0
-
SHA256
e3b2c3f153aedd227318b946514fcbc9d2739fdadb0128cb643d6bc26735b1a3
-
SHA512
933291180cd2df2dff29b9422cba305697692fc3955d694f765f38d186fec918035538bcd0523210760777c796a298bf6e25a01929639b40b34071a10da87ccd
-
SSDEEP
6144:bKfYNWIO4451S4/mp7lSZaR9rJc/FpkMoOu+hun39GmD1aHCRgkC7+pbxzzXLm:WYYIOTmJd9uFiMIMK39Gmhaogj
Malware Config
Signatures
Files
-
e3b2c3f153aedd227318b946514fcbc9d2739fdadb0128cb643d6bc26735b1a3.exe windows x86
d2f393a55236e3f8268cdd27edce5c22
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
EnumCalendarInfoA
WaitCommEvent
GetSystemTimeAdjustment
LockFileEx
CreateWaitableTimerW
FileTimeToDosDateTime
MoveFileA
FlushInstructionCache
EnumTimeFormatsW
GetDateFormatW
InitializeCriticalSectionAndSpinCount
SetConsoleCursorPosition
GetTimeFormatW
OpenWaitableTimerA
WinExec
GlobalDeleteAtom
SetThreadAffinityMask
GetCurrentDirectoryA
GlobalFlags
HeapLock
GetVolumeInformationW
SetEndOfFile
GetTempPathW
GetSystemDefaultLangID
EnumDateFormatsExW
GetDriveTypeA
WritePrivateProfileSectionA
FreeLibrary
DeleteAtom
CopyFileA
GetDateFormatA
CreatePipe
WaitForSingleObjectEx
FindFirstChangeNotificationA
LocalHandle
AddAtomW
GetLogicalDriveStringsA
SetThreadPriority
GlobalFix
GetProcessShutdownParameters
lstrcmpW
lstrcat
WaitNamedPipeA
GetCommandLineA
WriteProfileSectionA
ReadConsoleInputA
FindResourceW
GetProfileStringW
OpenProcess
SetThreadIdealProcessor
SetLastError
GetFileType
ExpandEnvironmentStringsW
ResetWriteWatch
CreateFileMappingW
SetThreadPriorityBoost
CreateSemaphoreW
OutputDebugStringA
ReleaseSemaphore
MoveFileW
DeleteFiber
GetFileAttributesExA
RtlFillMemory
ResumeThread
lstrcpyW
EnumCalendarInfoExA
GetConsoleScreenBufferInfo
GetNamedPipeHandleStateW
GlobalLock
FreeEnvironmentStringsA
MulDiv
SetThreadLocale
LocalSize
WriteConsoleW
GetFullPathNameA
ReadFileEx
FreeResource
HeapWalk
GetAtomNameW
LoadLibraryExA
TransactNamedPipe
GetTempFileNameA
GetVersionExW
GetStartupInfoW
SetThreadContext
EnumResourceLanguagesW
EnumTimeFormatsA
ExitThread
GlobalFindAtomA
GlobalUnlock
SetConsoleTitleW
WriteConsoleInputA
ReadProcessMemory
SetConsoleWindowInfo
GetFileAttributesA
GetExitCodeProcess
EnumSystemLocalesA
ReadConsoleOutputCharacterA
WritePrivateProfileSectionW
GetThreadPriority
WriteFileEx
FindAtomW
SetConsoleCtrlHandler
AddAtomA
GetVersionExA
GetSystemInfo
SetComputerNameW
GetCurrentThread
LoadModule
lstrcpyn
GetLocaleInfoW
SetConsoleTitleA
GetProfileIntW
WritePrivateProfileStringA
GlobalFree
GetWindowsDirectoryW
LocalReAlloc
ReadConsoleW
CreateProcessW
MapViewOfFile
GetEnvironmentStringsA
GetDiskFreeSpaceExW
GetThreadSelectorEntry
FindFirstFileExW
GetProfileIntA
GetStringTypeA
WriteConsoleOutputCharacterW
LoadLibraryW
GetShortPathNameA
OpenFileMappingA
GetSystemPowerStatus
lstrcmpA
GetUserDefaultLangID
RemoveDirectoryW
ConnectNamedPipe
GetModuleFileNameW
GlobalMemoryStatus
GetSystemDirectoryA
ReadConsoleOutputAttribute
GetEnvironmentStrings
Toolhelp32ReadProcessMemory
GetFileInformationByHandle
ContinueDebugEvent
GetTimeFormatA
CreateToolhelp32Snapshot
GetThreadPriorityBoost
EnumResourceNamesW
DeleteCriticalSection
RtlMoveMemory
GetLongPathNameW
EnumCalendarInfoExW
FoldStringW
WriteProcessMemory
SetConsoleTextAttribute
DebugBreak
GetStdHandle
MultiByteToWideChar
GetPrivateProfileIntA
BeginUpdateResourceA
OpenMutexW
SearchPathW
VirtualFree
TransmitCommChar
GetUserDefaultLCID
FileTimeToSystemTime
lstrcatA
IsDebuggerPresent
FreeLibraryAndExitThread
CreateEventA
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
GetNumberOfConsoleMouseButtons
SetFileTime
SetComputerNameA
ReadFileScatter
CreateNamedPipeA
Heap32ListFirst
SetWaitableTimer
DisableThreadLibraryCalls
UpdateResourceA
FindResourceExA
GetLocalTime
GlobalWire
GlobalFindAtomW
FlushFileBuffers
GetShortPathNameW
HeapCompact
BeginUpdateResourceW
GetComputerNameW
FormatMessageA
Heap32ListNext
SetSystemTime
GetHandleInformation
FlushConsoleInputBuffer
PeekConsoleInputW
CreateSemaphoreA
lstrcpy
GetDiskFreeSpaceExA
LocalLock
CreateWaitableTimerA
TryEnterCriticalSection
GetEnvironmentVariableW
GetPrivateProfileStructW
CreateRemoteThread
HeapDestroy
GetMailslotInfo
Module32First
TlsGetValue
CopyFileExA
CreateMailslotW
SignalObjectAndWait
SetVolumeLabelW
LocalFlags
CreateFileA
GetModuleHandleW
TlsSetValue
GetPrivateProfileIntW
PeekConsoleInputA
ExpandEnvironmentStringsA
HeapValidate
GetProfileSectionW
InitAtomTable
WaitNamedPipeW
GlobalReAlloc
MoveFileExW
FindFirstChangeNotificationW
GetSystemDirectoryW
Process32Next
GetCurrencyFormatA
DefineDosDeviceW
HeapCreate
FindFirstFileW
FileTimeToLocalFileTime
HeapUnlock
WriteConsoleOutputA
MoveFileExA
GlobalAlloc
EnumResourceLanguagesA
RemoveDirectoryA
lstrlenW
ReadConsoleA
SetVolumeLabelA
FindCloseChangeNotification
LockResource
lstrcmp
FindNextFileW
ReadDirectoryChangesW
UnlockFileEx
ReadFile
lstrcatW
WaitForMultipleObjectsEx
FindAtomA
SuspendThread
WriteFile
InterlockedIncrement
GetLastError
VirtualProtectEx
GetLongPathNameA
WriteConsoleOutputCharacterA
SetConsoleCP
EraseTape
GetExitCodeThread
Sleep
InterlockedDecrement
SetThreadExecutionState
SetCriticalSectionSpinCount
CreateDirectoryA
WriteProfileStringA
GlobalGetAtomNameA
LocalFree
UnmapViewOfFile
GetCalendarInfoW
LocalShrink
EnumCalendarInfoW
lstrcmpiA
GetCompressedFileSizeW
CreateConsoleScreenBuffer
OpenFileMappingW
GetFileSize
ResetEvent
GetLogicalDrives
LocalUnlock
VirtualProtect
CreateThread
GetConsoleTitleW
GetCurrentDirectoryW
WriteConsoleInputW
SetFilePointer
SetLocalTime
GetComputerNameA
WaitForSingleObject
SetConsoleCursorInfo
GetConsoleMode
GetFileAttributesW
GlobalAddAtomA
GetFullPathNameW
ConvertDefaultLocale
GetPrivateProfileStringW
ReadConsoleOutputA
CommConfigDialogA
lstrcpyA
OpenEventA
GetProcessVersion
GetVolumeInformationA
UpdateResourceW
OpenMutexA
EnumDateFormatsExA
GetLargestConsoleWindowSize
GetStringTypeExA
EnterCriticalSection
WritePrivateProfileStructA
ReadConsoleOutputW
CreateTapePartition
SetConsoleOutputCP
Heap32First
GetCompressedFileSizeA
SetEnvironmentVariableA
GetNumberFormatW
SleepEx
GetLocaleInfoA
VirtualLock
DeviceIoControl
OpenSemaphoreA
FindFirstFileExA
GetPrivateProfileSectionW
FlushViewOfFile
SetConsoleScreenBufferSize
CompareStringA
GetStringTypeW
GetProfileStringA
FillConsoleOutputAttribute
lstrcpynA
RtlZeroMemory
GetEnvironmentStringsW
FoldStringA
SetTimeZoneInformation
DefineDosDeviceA
FreeEnvironmentStringsW
FillConsoleOutputCharacterW
SystemTimeToFileTime
UnlockFile
GetWindowsDirectoryA
GlobalAddAtomW
GetAtomNameA
EnumSystemCodePagesA
Module32Next
TlsFree
MapViewOfFileEx
GetDiskFreeSpaceW
GetQueuedCompletionStatus
IsValidLocale
SetConsoleMode
DeleteFileA
EnumSystemLocalesW
CreateProcessA
GlobalGetAtomNameW
CreateMailslotA
FillConsoleOutputCharacterA
InterlockedCompareExchange
SetHandleCount
FindResourceExW
EnumResourceTypesA
WideCharToMultiByte
SetLocaleInfoA
SetEvent
TerminateThread
TlsAlloc
SearchPathA
SetEnvironmentVariableW
InterlockedExchangeAdd
InitializeCriticalSection
GetEnvironmentVariableA
GetACP
CommConfigDialogW
VirtualFreeEx
FindNextFileA
FindFirstFileA
GetPrivateProfileSectionA
GetConsoleTitleA
VirtualAllocEx
GetProfileSectionA
GetSystemDefaultLCID
GetNamedPipeInfo
CompareFileTime
CreateFileMappingA
FreeConsole
HeapSize
GetVersion
ReadConsoleOutputCharacterW
GetTempPathA
lstrlen
LocalCompact
lstrcpynW
GetSystemTime
PulseEvent
SetFileAttributesW
OpenEventW
GetProcessHeaps
GetThreadLocale
GetCommandLineW
GlobalUnfix
ReleaseMutex
EscapeCommFunction
SetCurrentDirectoryW
EnumResourceTypesW
GetProcessPriorityBoost
CreateNamedPipeW
CreateDirectoryW
OpenWaitableTimerW
WriteProfileSectionW
FindResourceA
GetTempFileNameW
GetTimeZoneInformation
GetFileAttributesExW
WriteConsoleA
LockFile
CreateMutexW
WritePrivateProfileStructW
SetConsoleActiveScreenBuffer
lstrcmpi
GetPrivateProfileStringA
LocalAlloc
WriteConsoleOutputAttribute
LoadResource
GlobalHandle
SetLocaleInfoW
GetStringTypeExW
GetPrivateProfileSectionNamesA
GlobalUnWire
GlobalCompact
GetCurrencyFormatW
FormatMessageW
EnumDateFormatsW
GetPrivateProfileStructA
OpenSemaphoreW
SetPriorityClass
Heap32Next
GetConsoleCursorInfo
WritePrivateProfileStringW
DebugActiveProcess
FindNextChangeNotification
CreateFileW
WaitForDebugEvent
ReadConsoleInputW
SetSystemTimeAdjustment
VirtualUnlock
AllocConsole
GetProcessAffinityMask
lstrlenA
Thread32Next
wininet
InternetCrackUrlW
DetectAutoProxyUrl
InternetSetCookieW
FtpPutFileW
InternetWriteFile
SetUrlCacheConfigInfoA
InternetCrackUrlA
GopherGetAttributeW
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
CommitUrlCacheEntryW
InternetGetCertByURLA
InternetErrorDlg
FtpDeleteFileA
InternetConfirmZoneCrossing
InternetTimeFromSystemTimeA
HttpOpenRequestW
InternetAlgIdToStringA
FindNextUrlCacheGroup
InternetShowSecurityInfoByURLW
HttpSendRequestExA
UrlZonesDetach
InternetCombineUrlW
InternetQueryOptionW
GopherCreateLocatorA
ShowSecurityInfo
InternetFortezzaCommand
InternetConfirmZoneCrossingA
CreateUrlCacheContainerW
FindNextUrlCacheContainerA
IsHostInProxyBypassList
HttpSendRequestExW
FtpGetFileEx
InternetReadFile
DeleteIE3Cache
FtpGetFileA
InternetWriteFileExW
InternetDial
HttpCheckDavCompliance
SetUrlCacheEntryInfoA
FtpGetCurrentDirectoryW
FtpCreateDirectoryA
InternetShowSecurityInfoByURL
CreateUrlCacheEntryW
DeleteUrlCacheEntryA
SetUrlCacheEntryGroup
UnlockUrlCacheEntryStream
GetUrlCacheConfigInfoA
InternetOpenUrlW
FindNextUrlCacheEntryExA
InternetReadFileExW
DeleteUrlCacheContainerA
FtpCommandA
CreateUrlCacheContainerA
IncrementUrlCacheHeaderData
FtpRenameFileA
InternetHangUp
InternetGoOnline
InternetGetConnectedStateExW
RetrieveUrlCacheEntryFileA
IsUrlCacheEntryExpiredW
FindFirstUrlCacheContainerW
SetUrlCacheEntryInfoW
GetUrlCacheEntryInfoExA
GopherGetAttributeA
GopherOpenFileW
CommitUrlCacheEntryA
FreeUrlCacheSpaceW
GetUrlCacheEntryInfoW
InternetSetOptionExW
UnlockUrlCacheEntryFileA
InternetReadFileExA
InternetAutodial
FindNextUrlCacheEntryA
FtpSetCurrentDirectoryA
InternetConnectA
InternetUnlockRequestFile
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryExW
UpdateUrlCacheContentPath
InternetGetConnectedState
GetUrlCacheHeaderData
InternetGetConnectedStateExA
FtpGetFileW
FtpPutFileEx
InternetQueryOptionA
InternetSetDialStateA
InternetCombineUrlA
FindNextUrlCacheContainerW
InternetGetLastResponseInfoW
FindFirstUrlCacheGroup
InternetSetOptionW
SetUrlCacheEntryGroupA
FtpCommandW
HttpEndRequestA
InternetLockRequestFile
HttpSendRequestA
FtpFindFirstFileW
InternetSetDialState
InternetTimeToSystemTime
FindFirstUrlCacheEntryA
LoadUrlCacheContent
InternetOpenA
FtpRemoveDirectoryW
FindFirstUrlCacheEntryExA
InternetCreateUrlW
InternetGetCertByURL
SetUrlCacheHeaderData
ResumeSuspendedDownload
InternetTimeToSystemTimeA
InternetOpenUrlA
CreateUrlCacheEntryA
InternetTimeToSystemTimeW
DeleteUrlCacheContainerW
HttpAddRequestHeadersW
GopherGetLocatorTypeA
InternetDialA
GopherFindFirstFileA
CreateUrlCacheGroup
FtpCreateDirectoryW
InternetDialW
InternetCanonicalizeUrlA
FreeUrlCacheSpaceA
UnlockUrlCacheEntryFile
InternetTimeFromSystemTimeW
FtpGetCurrentDirectoryA
InternetGetCookieA
InternetQueryDataAvailable
ShowCertificate
InternetGoOnlineA
FtpRemoveDirectoryA
FindCloseUrlCache
InternetSetOptionExA
InternetFindNextFileW
InternetCloseHandle
SetUrlCacheConfigInfoW
InternetAlgIdToStringW
InternetSecurityProtocolToStringW
InternetSetOptionA
FindNextUrlCacheEntryExW
InternetAttemptConnect
InternetCheckConnectionA
InternetGoOnlineW
UnlockUrlCacheEntryFileW
FtpDeleteFileW
ShowClientAuthCerts
InternetSetFilePointer
DeleteUrlCacheGroup
SetUrlCacheGroupAttributeA
HttpQueryInfoA
InternetConfirmZoneCrossingW
InternetAutodialHangup
InternetSetCookieA
GopherCreateLocatorW
InternetFindNextFileA
ShowX509EncodedCertificate
RegisterUrlCacheNotification
HttpEndRequestW
InternetCreateUrlA
FtpSetCurrentDirectoryW
InternetGetLastResponseInfoA
advapi32
RegQueryValueExA
CryptSetProviderA
CryptSignHashA
RegDeleteValueW
LookupAccountSidA
CryptAcquireContextW
ReportEventW
CryptSetProviderExW
RegDeleteKeyW
RegSetValueExW
CryptGenRandom
CryptGetDefaultProviderW
CryptExportKey
CryptGetHashParam
CreateServiceW
CryptEnumProviderTypesA
RegReplaceKeyA
CryptImportKey
CryptVerifySignatureW
RevertToSelf
CryptSetProvParam
CryptEncrypt
LookupSecurityDescriptorPartsA
CryptReleaseContext
CryptSetProviderW
RegQueryInfoKeyW
CryptEnumProviderTypesW
RegSetValueExA
RegEnumKeyExA
RegSetKeySecurity
CryptGetUserKey
RegOpenKeyExW
GetUserNameW
CryptAcquireContextA
CryptSignHashW
CryptEnumProvidersA
CryptSetHashParam
RegFlushKey
StartServiceW
LookupPrivilegeNameW
RegRestoreKeyW
LookupSecurityDescriptorPartsW
RegReplaceKeyW
InitiateSystemShutdownA
RegSaveKeyA
RegLoadKeyW
LookupAccountSidW
CryptEnumProvidersW
AbortSystemShutdownW
RegEnumValueW
CryptSetProviderExA
RegCreateKeyExA
RegSetValueW
LogonUserW
RegCreateKeyExW
LookupPrivilegeNameA
RegConnectRegistryA
CryptContextAddRef
RegDeleteValueA
CryptCreateHash
RegLoadKeyA
RegEnumKeyExW
DuplicateTokenEx
CryptDecrypt
CryptDuplicateHash
RegConnectRegistryW
CreateServiceA
LookupPrivilegeValueW
LookupAccountNameA
ReportEventA
RegQueryInfoKeyA
InitializeSecurityDescriptor
LookupPrivilegeDisplayNameA
CryptGetDefaultProviderA
LookupPrivilegeDisplayNameW
CryptHashData
CryptGenKey
LogonUserA
RegRestoreKeyA
CryptDestroyHash
RegDeleteKeyA
AbortSystemShutdownA
DuplicateToken
RegOpenKeyA
RegQueryValueW
InitiateSystemShutdownW
RegOpenKeyExA
RegOpenKeyW
GetUserNameA
RegQueryValueExW
LookupAccountNameW
RegCreateKeyA
RegQueryMultipleValuesA
RegEnumValueA
CryptGetKeyParam
RegCloseKey
StartServiceA
RegNotifyChangeKeyValue
CryptGetProvParam
CryptDestroyKey
CryptVerifySignatureA
RegSetValueA
RegSaveKeyW
RegQueryValueA
CryptHashSessionKey
Sections
.text Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE