Static task
static1
Behavioral task
behavioral1
Sample
190d1207c37632213ee5870f1e0720662ca6648e338d392547973208eaf97471.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
190d1207c37632213ee5870f1e0720662ca6648e338d392547973208eaf97471.exe
Resource
win10v2004-20220901-en
General
-
Target
190d1207c37632213ee5870f1e0720662ca6648e338d392547973208eaf97471
-
Size
87KB
-
MD5
927c307b5bd4da52ead386d760e8e7b0
-
SHA1
7b30df473ce4ec4e258eea2a10408a6d8875ff93
-
SHA256
190d1207c37632213ee5870f1e0720662ca6648e338d392547973208eaf97471
-
SHA512
da201dc6258e7b727db3a9f51def43ef907cddb647c8907477bb0196151f46b2d2669933154084b65eaedc8bcbaa1cd1bba6b25961d9f2d44eec843ab4e623f7
-
SSDEEP
1536:e7n3O7mbnIb4y3zUnGfZMbC/C3NTSN1vWQibMq6FlkHGeLqtkes2nrGx2T3qsdm:eCqch3z8C/O1SN1vWQiIFlkHGe2tfgWy
Malware Config
Signatures
Files
-
190d1207c37632213ee5870f1e0720662ca6648e338d392547973208eaf97471.exe windows x64
ad2fa98efac4b7f076ecb39b9fc8d7bb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorGroup
GetTokenInformation
GetAclInformation
CopySid
InitializeSecurityDescriptor
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
LookupAccountSidW
InitializeAcl
SetSecurityDescriptorOwner
AddAccessAllowedAce
IsValidSid
AddAce
GetLengthSid
GetSecurityDescriptorDacl
CreateWellKnownSid
OpenProcessToken
kernel32
SetEnvironmentVariableW
GetCurrentThreadId
SetEvent
GetCommandLineW
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
EncodeSystemPointer
GetLocalTime
GetEnvironmentVariableW
OutputDebugStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersionExA
HeapSetInformation
Sleep
RegisterApplicationRestart
ApplicationRecoveryFinished
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLastError
lstrlenW
FreeLibrary
DeleteCriticalSection
OutputDebugStringW
user32
UnregisterClassA
CharUpperW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
msvcrt
_lock
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
fputws
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_onexit
__C_specific_handler
memset
_purecall
wcscat_s
wcscpy_s
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler3
_vsnwprintf
fflush
memcpy
__setusermatherr
__dllonexit
ole32
CoSuspendClassObjects
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoTaskMemRealloc
oleaut32
SysStringLen
SysFreeString
VarUI4FromStr
RegisterTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
mscoree
CorBindToRuntimeEx
CorMarkThreadInThreadPool
Sections
.text Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE