Static task
static1
Behavioral task
behavioral1
Sample
0345af8ddf83d330c8a670b358532751febca53d82046b465111f5c8d73f3891.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0345af8ddf83d330c8a670b358532751febca53d82046b465111f5c8d73f3891.exe
Resource
win10v2004-20220812-en
General
-
Target
0345af8ddf83d330c8a670b358532751febca53d82046b465111f5c8d73f3891
-
Size
67KB
-
MD5
93269f642477533fc2b71e5115924c70
-
SHA1
0ed51491475c3a3556478cb5d681ffdfe5efaee6
-
SHA256
0345af8ddf83d330c8a670b358532751febca53d82046b465111f5c8d73f3891
-
SHA512
b6e1c81188087f9cd6ae1a67bd6478cd373b27e7d91096c02f7c8a7d3889b91048327998e1de410c920fe5b4d4dd1d9225dc96fb26c6bfa6fff9551d92974de6
-
SSDEEP
1536:PYJwqCsoBBPL7mDqqfVkol24id+1eY70mnWSqeqXwErRJ0Jo8qjGaB62b:P5qDCPL7G9kol242+1eM0GrH4LRJ0Jo3
Malware Config
Signatures
Files
-
0345af8ddf83d330c8a670b358532751febca53d82046b465111f5c8d73f3891.exe windows x86
3cb5a50ff8521e1914bd279d89644505
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
tapi32
phoneGetMessage
lineDialA
lineAddProviderA
TUISPIDLLCallback
lineAddToConference
lineCreateAgentSessionW
lineHold
lineSetCallPrivilege
LocWizardDlgProc
phoneGetIconA
lineSetDevConfigA
lineSetAppPriorityW
lineGetAppPriorityA
lineOpenW
lineGetCallInfoA
lineMonitorTones
lineGetDevConfigW
lineGenerateTone
lineSetupConferenceA
lineGetAgentGroupListA
lineTranslateAddressW
lineUncompleteCall
lineGetAppPriorityW
lineSetAgentGroup
MMCConfigProvider
tapiRequestDrop
MMCGetServerConfig
lineBlindTransferW
lineGenerateDigitsW
phoneGetIconW
lineClose
lineSetMediaControl
lineGetAddressCapsA
user32
DialogBoxParamA
EndDialog
SendMessageA
imm32
ImmSetConversionStatus
ImmGenerateMessage
ImmSetHotKey
ImmGetDescriptionW
ImmCreateIMCC
ImmGetCompositionStringA
ImmNotifyIME
ImmGetCompositionWindow
ImmGetGuideLineW
ImmGetHotKey
ImmLockIMCC
ImmGetContext
ImmSetCompositionFontW
ImmEnumRegisterWordW
ImmGetCandidateListCountA
ImmEnumInputContext
ImmGetDefaultIMEWnd
ImmUnregisterWordA
ImmGetVirtualKey
ImmConfigureIMEA
ImmRegisterWordA
ImmGetIMEFileNameA
ImmAssociateContext
ImmEscapeW
ImmGetRegisterWordStyleA
ImmGetConversionListA
ImmGetCompositionFontW
advapi32
ElfClearEventLogFileW
CreateProcessAsUserA
CryptAcquireContextA
LsaOpenTrustedDomainByName
EnumServiceGroupW
GetExplicitEntriesFromAclW
GetEventLogInformation
CryptSetProvParam
CryptHashSessionKey
AreAnyAccessesGranted
GetMultipleTrusteeA
SetSecurityDescriptorOwner
QueryRecoveryAgentsOnEncryptedFile
ChangeServiceConfig2A
SetEntriesInAccessListA
TrusteeAccessToObjectW
SetPrivateObjectSecurity
CreatePrivateObjectSecurity
OpenSCManagerW
ElfOpenBackupEventLogA
ConvertSDToStringSDRootDomainA
ElfReadEventLogA
LsaLookupPrivilegeName
SetNamedSecurityInfoW
GetServiceKeyNameA
BuildTrusteeWithObjectsAndNameW
RegSaveKeyW
TraceEvent
SetUserFileEncryptionKey
LsaEnumerateTrustedDomainsEx
LsaAddPrivilegesToAccount
GetSecurityDescriptorRMControl
AccessCheckByTypeAndAuditAlarmA
LsaICLookupSids
BuildTrusteeWithSidA
RegDeleteKeyA
ElfRegisterEventSourceW
RegCreateKeyW
AddAuditAccessAceEx
BuildSecurityDescriptorA
AddAce
OpenEventLogW
GetSecurityInfoExW
QueryUsersOnEncryptedFile
UnlockServiceDatabase
DuplicateEncryptionInfoFile
GetTrusteeNameA
NotifyChangeEventLog
CryptEncrypt
SystemFunction023
LsaLookupNames
CryptContextAddRef
CryptEnumProviderTypesA
InitiateSystemShutdownExA
ReportEventW
FileEncryptionStatusA
IsValidSid
rasapi32
RasDialA
RasGetEapUserDataA
RasDeleteEntryA
RasEnumAutodialAddressesW
RasGetAutodialEnableW
RasEnumDevicesW
RasSetSharedAutoDial
RasSetAutodialEnableA
RasEnumDevicesA
RasGetEntryDialParamsW
RasValidateEntryNameW
RasSetAutodialAddressA
RasGetAutodialAddressW
RasGetAutodialEnableA
RasGetEapUserIdentityW
RasGetAutodialParamA
DwCloneEntry
RasSetCredentialsW
RasSetCustomAuthDataA
RasValidateEntryNameA
RasEditPhonebookEntryW
RasInvokeEapUI
psapi
GetDeviceDriverFileNameW
EmptyWorkingSet
GetMappedFileNameW
GetMappedFileNameA
EnumProcesses
GetModuleInformation
QueryWorkingSet
EnumDeviceDrivers
GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules
ws2_32
select
recv
WSAJoinLeaf
WSAGetOverlappedResult
WSALookupServiceNextW
WSAGetServiceClassInfoA
__WSAFDIsSet
WSALookupServiceBeginW
WSARecv
getprotobyname
WSAGetLastError
WEP
WSADuplicateSocketA
WSCGetProviderPath
getsockname
accept
bind
listen
WSASendDisconnect
WSAAsyncGetServByPort
crypt32
CryptSIPRemoveSignedDataMsg
CertAddEnhancedKeyUsageIdentifier
CertGetStoreProperty
CertGetCTLContextProperty
CryptUnregisterOIDInfo
CertFreeCRLContext
CertFreeCertificateContext
CertVerifyValidityNesting
CertCreateContext
CryptGetAsyncParam
CryptEncryptMessage
CertCreateCRLContext
CertAddStoreToCollection
CertDeleteCTLFromStore
CryptUnregisterOIDFunction
CryptCreateAsyncHandle
CertAddEncodedCTLToStore
CertDeleteCertificateFromStore
CryptGetKeyIdentifierProperty
CryptHashCertificate
CryptMsgEncodeAndSignCTL
CertAddCRLContextToStore
CertRDNValueToStrW
CertVerifyRevocation
CryptDecodeObjectEx
CryptLoadSip
kernel32
GlobalGetAtomNameW
DeleteFileA
InterlockedIncrement
GetProcAddress
GetModuleHandleA
ExitProcess
InterlockedDecrement
wininet
InternetLockRequestFile
InternetConfirmZoneCrossingA
IsUrlCacheEntryExpiredW
FtpCommandW
GetUrlCacheEntryInfoW
InternetOpenW
InternetInitializeAutoProxyDll
FtpDeleteFileA
UpdateUrlCacheContentPath
RetrieveUrlCacheEntryStreamA
HttpEndRequestW
UnlockUrlCacheEntryStream
FindNextUrlCacheContainerW
FindFirstUrlCacheEntryExW
InternetCrackUrlA
SetUrlCacheEntryInfoW
InternetSetCookieA
GopherGetLocatorTypeA
InternetDialA
InternetSetDialStateA
InternetCreateUrlA
InternetAutodialCallback
FtpFindFirstFileA
FtpFindFirstFileW
InternetGetConnectedStateExA
InternetCreateUrlW
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExA
FtpSetCurrentDirectoryA
InternetSetDialStateW
InternetGetLastResponseInfoA
FindFirstUrlCacheContainerA
GopherGetAttributeW
CreateUrlCacheGroup
UnlockUrlCacheEntryFileW
DeleteIE3Cache
GetUrlCacheHeaderData
IsUrlCacheEntryExpiredA
HttpSendRequestA
InternetFindNextFileA
GopherCreateLocatorW
LoadUrlCacheContent
InternetCloseHandle
CreateUrlCacheEntryA
GetUrlCacheGroupAttributeA
shell32
SHPathPrepareForWriteA
CommandLineToArgvW
SHFreeNameMappings
SHGetPathFromIDListW
ExtractAssociatedIconW
samlib
SamAddMemberToAlias
SamQueryDisplayInformation
SamRemoveMemberFromForeignDomain
SamiEncryptPasswords
SamiSetDSRMPassword
SamGetAliasMembership
SamEnumerateGroupsInDomain
SamSetInformationGroup
SamChangePasswordUser2
SamOpenUser
SamDeleteUser
SamConnectWithCreds
SamQueryInformationDomain
SamDeleteAlias
SamSetMemberAttributesOfGroup
SamConnect
SamRemoveMemberFromGroup
SamGetGroupsForUser
SamGetDisplayEnumerationIndex
SamQuerySecurityObject
SamDeleteGroup
SamRemoveMultipleMembersFromAlias
SamiChangePasswordUser
SamSetInformationAlias
SamTestPrivateFunctionsUser
SamOpenAlias
SamChangePasswordUser
SamSetSecurityObject
shlwapi
AssocCreate
version
VerQueryValueA
VerInstallFileW
GetFileVersionInfoW
VerFindFileA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
VerInstallFileA
GetFileVersionInfoSizeA
VerFindFileW
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE