Static task
static1
Behavioral task
behavioral1
Sample
9a30ae2f974fb54c13881bfb76b050fe812f0b99dc097db83f424a1cdca1cf75.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
9a30ae2f974fb54c13881bfb76b050fe812f0b99dc097db83f424a1cdca1cf75.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
9a30ae2f974fb54c13881bfb76b050fe812f0b99dc097db83f424a1cdca1cf75
-
Size
316KB
-
MD5
04154b1e5f95dc1a1389187c6a5934b0
-
SHA1
3e42eedf7d44397f000c9ef4e6e5d7075d47838c
-
SHA256
9a30ae2f974fb54c13881bfb76b050fe812f0b99dc097db83f424a1cdca1cf75
-
SHA512
1dc3ae9422be851cf0fa6b7bff548020b3f5e13cb737e8b9377dc5a869e1e5bea17085f42d00ea26ca12a1171a22e3f4df22f0500d8fcc97afdfad7a17883ee5
-
SSDEEP
3072:TGtnzIjwfmD3m/pkiPZs6LCkiS6CTaQIYOR/bK4k2N7eOYjy6w+JO1mxY/UaPuyo:TeFm7m/2ssSkQIYORR+OYW4a/tmn
Malware Config
Signatures
Files
-
9a30ae2f974fb54c13881bfb76b050fe812f0b99dc097db83f424a1cdca1cf75.exe windows x86
fa9c88823ab17756506ef56d7b51e8a2
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
vc8_xerces-c_2_7
?getLineNumber@SAXParseException@xercesc_2_7@@QBEJXZ
??1MemBufFormatTarget@xercesc_2_7@@UAE@XZ
?adoptDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?flush@XMLFormatTarget@xercesc_2_7@@UAEXXZ
?writeChars@MemBufFormatTarget@xercesc_2_7@@UAEXQBEIQAVXMLFormatter@2@@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_7@@SAPAVDOMImplementation@2@PB_W@Z
?getColumnNumber@SAXParseException@xercesc_2_7@@QBEJXZ
?fgDOMWRTSplitCdataSections@XMLUni@xercesc_2_7@@2QB_WB
?fgDOMWRTDiscardDefaultContent@XMLUni@xercesc_2_7@@2QB_WB
?fgDOMWRTFormatPrettyPrint@XMLUni@xercesc_2_7@@2QB_WB
?fgDOMWRTBOM@XMLUni@xercesc_2_7@@2QB_WB
??2XMemory@xercesc_2_7@@SAPAXI@Z
?setErrorHandler@XercesDOMParser@xercesc_2_7@@QAEXQAVErrorHandler@2@@Z
?setLoadExternalDTD@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
??1MemBufInputSource@xercesc_2_7@@UAE@XZ
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W000@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PB_W0@Z
?error@XercesDOMParser@xercesc_2_7@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQB_WAAVXMLBuffer@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QB_W00@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
??0MemBufFormatTarget@xercesc_2_7@@QAE@HQAVMemoryManager@1@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?getRawBuffer@MemBufFormatTarget@xercesc_2_7@@QBEPBEXZ
??3XMemory@xercesc_2_7@@SAXPAX@Z
??_7ErrorHandler@xercesc_2_7@@6B@
?getSrcFile@XMLException@xercesc_2_7@@QBEPBDXZ
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
msvcp80
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1locale@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
mfc80u
ord1198
ord5705
ord909
ord5083
ord384
ord1154
ord288
ord317
ord6173
ord584
ord1202
ord6167
ord777
ord1271
ord3198
ord1925
ord3204
ord2250
ord2297
ord6747
ord2696
ord3192
ord379
ord6306
ord1443
ord2121
ord1182
ord284
ord6172
ord2897
ord5621
ord5319
ord6284
ord1430
ord383
ord629
ord287
ord762
ord555
ord5342
ord6160
ord744
ord5484
ord4100
ord5524
ord894
ord4074
ord3990
ord5558
ord2260
ord4101
ord6161
ord860
ord1079
ord5485
ord2444
ord1476
ord2311
ord896
ord899
ord900
ord3842
ord2261
ord1479
ord282
ord6700
ord1472
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord764
ord293
ord577
ord774
ord283
ord566
ord757
ord3824
ord776
ord1118
ord1908
ord280
ord5480
ord549
ord737
ord1535
ord1481
ord5646
ord6111
ord1178
ord1176
ord6282
ord1172
ord5316
ord266
ord6293
ord5327
ord3249
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2984
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
msvcr80
sprintf
atoi
_CxxThrowException
memmove_s
_mktime64
_wsplitpath
_time64
wcschr
wcspbrk
wcsftime
_localtime64_s
malloc
free
_purecall
wprintf
qsort
strstr
strncpy
memcpy
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memset
memcpy_s
??0exception@std@@QAE@ABV01@@Z
exit
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
memmove
??8type_info@@QBE_NABV0@@Z
??1exception@std@@UAE@XZ
kernel32
GetUserDefaultLCID
GetStringTypeExW
FreeLibrary
LCMapStringW
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
InterlockedIncrement
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
SetFilePointer
ReadFile
InterlockedExchange
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
user32
LoadStringW
MessageBoxW
gdi32
CreateFontIndirectW
GetObjectW
advapi32
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
comctl32
ord17
ws2_32
WSAStartup
Sections
.text Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE