Static task
static1
Behavioral task
behavioral1
Sample
f04eb367f65ed6aa0b14f5f5ada90f316d37db859b798096451af10e34958beb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f04eb367f65ed6aa0b14f5f5ada90f316d37db859b798096451af10e34958beb.exe
Resource
win10v2004-20220812-en
General
-
Target
f04eb367f65ed6aa0b14f5f5ada90f316d37db859b798096451af10e34958beb
-
Size
6.2MB
-
MD5
90a79fcd99f23e76f92da7f341d81c1d
-
SHA1
20cb0789439a480e28d7db8495c910e1c2d66479
-
SHA256
f04eb367f65ed6aa0b14f5f5ada90f316d37db859b798096451af10e34958beb
-
SHA512
842d8626fd1bb1279510b71870be567e4932094b35384fcdce09ff05543ad7e794b3ed44e78b03cc753aea659ffdea91bd9ffe16b3f4e8669fa5601f70fc6c5a
-
SSDEEP
98304:fcPEy9bQlEDBGHKiE7rdY1tSLgTi/ZASM5NSe3zwclx1O47F68TB8:0PEybGEDBGKrCSLIoZAzO47F63
Malware Config
Signatures
Files
-
f04eb367f65ed6aa0b14f5f5ada90f316d37db859b798096451af10e34958beb.exe windows x86
afb9233299cb05f605831f6e9ad0af73
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpSendRequestA
InternetQueryOptionA
shfolder
SHGetFolderPathA
d3d9
Direct3DCreate9
d3dx9_42
D3DXMatrixMultiply
D3DXMatrixOrthoOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXCreateEffectFromFileA
D3DXPlaneTransform
D3DXMatrixTranspose
D3DXMatrixInverse
D3DXVec3Normalize
D3DXAssembleShaderFromFileA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileExA
D3DXCreateCubeTextureFromFileExA
D3DXCreateTexture
D3DXVec3Transform
D3DXSaveSurfaceToFileA
D3DXMatrixOrthoOffCenterRH
dinput8
DirectInput8Create
winmm
timeBeginPeriod
timeEndPeriod
timeGetTime
netapi32
Netbios
ws2_32
WSACleanup
closesocket
WSAIoctl
WSASocketA
WSAStartup
ioctlsocket
listen
bind
setsockopt
htons
inet_ntoa
recv
__WSAFDIsSet
send
accept
shutdown
inet_addr
gethostbyname
gethostbyaddr
socket
WSAGetLastError
WSASendTo
ntohs
WSARecvFrom
select
connect
crypt32
CertOpenSystemStoreA
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
fmodex
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setHardwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@HHHH@Z
?set3DSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?set3DMinMaxDistance@Sound@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setPriority@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getNumPlaying@SoundGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getMasterSoundGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSoundGroup@2@@Z
?set3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
FMOD_System_Create
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DAttributes@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@0@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAM00PAH@Z
?setDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@MMMH@Z
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N@Z
?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNEL@@W4FMOD_CHANNEL_CALLBACKTYPE@@PAX2@Z@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?getChannel@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?getIndex@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
LoadLibraryW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
MoveFileA
VirtualFree
ExitThread
ExitProcess
GetCurrentThreadId
SetLastError
FlushFileBuffers
TlsSetValue
TlsAlloc
GetModuleHandleW
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameW
GetFileType
WriteConsoleW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteCriticalSection
InterlockedExchange
FatalAppExitA
HeapSize
HeapCreate
TlsFree
HeapDestroy
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchangeAdd
CreateSemaphoreA
SetStdHandle
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
lstrlenA
lstrcatA
lstrcpyA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ResetEvent
MulDiv
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileA
lstrcpynA
GetFullPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetFileAttributesA
TlsGetValue
FindClose
FindFirstFileA
FindNextFileA
GetExitCodeThread
InitializeCriticalSection
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
GetLastError
GetTickCount
MapViewOfFile
OpenFileMappingW
GetFileSize
ReadFile
UnmapViewOfFile
CreateFileMappingA
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
GetVersionExA
GetStdHandle
AllocConsole
RaiseException
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
CreateEventA
GetUserDefaultLCID
CreateMutexA
HeapAlloc
GetProcessHeap
HeapFree
TerminateThread
CreateThread
WriteFile
SetFilePointer
GetWindowsDirectoryA
GetSystemTime
GetVolumeInformationA
GetDriveTypeA
GetSystemDirectoryA
ResumeThread
SystemTimeToFileTime
DeleteFileA
ReleaseSemaphore
user32
SendMessageA
MessageBoxA
ShowWindow
ClipCursor
GetClassLongA
SetWindowPos
DefWindowProcA
PostQuitMessage
DestroyWindow
DestroyMenu
DestroyAcceleratorTable
DispatchMessageW
TranslateMessage
TranslateAcceleratorA
GetMessageW
PeekMessageW
PeekMessageA
LoadAcceleratorsA
GetDlgItem
PostMessageA
EnableWindow
IsDlgButtonChecked
wsprintfA
CheckRadioButton
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetFocus
EnumDisplayDevicesA
EndPaint
BeginPaint
SetDlgItemTextA
AdjustWindowRect
DispatchMessageA
SetWindowTextA
SetWindowLongA
GetDlgItemInt
GetDlgItemTextA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetFocus
LoadImageA
ScreenToClient
GetCursorPos
SetCursor
SetCursorPos
RedrawWindow
DestroyIcon
SetForegroundWindow
SetActiveWindow
CreateDialogParamA
DrawMenuBar
SetMenuItemInfoA
GetDesktopWindow
IsDialogMessageA
GetMessageA
GetWindowTextLengthA
GetDlgCtrlID
CallWindowProcA
GetParent
GetTopWindow
LoadIconA
LoadCursorA
RegisterClassExW
LoadMenuA
CreateWindowExW
SetMenu
GetMenu
GetSystemMetrics
GetWindowTextA
SetRect
UpdateWindow
GetWindowLongA
GetWindowRect
SetDlgItemInt
GetClientRect
gdi32
CreateFontA
GetDeviceCaps
ExtTextOutA
GetTextExtentPoint32A
DeleteDC
GetStockObject
SetBkColor
SetTextColor
CreateDIBSection
SetBkMode
BitBlt
CreateCompatibleDC
SetTextAlign
SetMapMode
CreateFontIndirectA
GetObjectA
DeleteObject
SelectObject
advapi32
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegDeleteValueA
shell32
ShellExecuteA
ole32
CoInitialize
CoCreateInstance
CoUninitialize
oleaut32
VariantClear
VariantInit
skinmagic
ord3
ord2
ord9
ord1
imm32
ImmAssociateContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
wsock32
gethostname
WSAAsyncSelect
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 659KB - Virtual size: 659KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 234KB - Virtual size: 54.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 517KB - Virtual size: 520KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE