Static task
static1
Behavioral task
behavioral1
Sample
936dd76d51cf83176dea31d86c258aacfafa8d40c4ed4447f5dbbbd887c47f73.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
936dd76d51cf83176dea31d86c258aacfafa8d40c4ed4447f5dbbbd887c47f73.exe
Resource
win10v2004-20220812-en
General
-
Target
936dd76d51cf83176dea31d86c258aacfafa8d40c4ed4447f5dbbbd887c47f73
-
Size
845KB
-
MD5
12fc903ac4c680fa6d2ff2492262c4ba
-
SHA1
cb9528319f4ecca09d10318cdf7b53d16bc4da96
-
SHA256
936dd76d51cf83176dea31d86c258aacfafa8d40c4ed4447f5dbbbd887c47f73
-
SHA512
0babc488a7e0b00e4c910062cf65b723e1dd69478dc6d53127b443d1a5252a37ec2a1ff16524bbe79bfe8bdcc6cdcc0361b225beafc9f41815a7eee319263dff
-
SSDEEP
12288:EOkQ+mPGCALesCzl9q066EkbKHj992x+OPlpWBue0kkM99AjdOXv9s:2Q+mPFAL1CPqrkbKDfS+OPlmL9HXv9
Malware Config
Signatures
Files
-
936dd76d51cf83176dea31d86c258aacfafa8d40c4ed4447f5dbbbd887c47f73.exe windows x86
7704d27fda0c89c1bd64a54fb3986169
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
KiUserExceptionDispatcher
NtQueryPortInformationProcess
NtResetWriteWatch
RtlReleaseActivationContext
sprintf
RtlInitializeAtomPackage
RtlAnsiCharToUnicodeChar
RtlUlongByteSwap
RtlIsGenericTableEmptyAvl
NtAllocateLocallyUniqueId
NtSetEventBoostPriority
RtlPrefixUnicodeString
DbgUiIssueRemoteBreakin
ZwLockVirtualMemory
NtSetUuidSeed
RtlCreateEnvironment
strcpy
RtlOemToUnicodeN
RtlCharToInteger
ZwRemoveProcessDebug
LdrAccessResource
NtQueryFullAttributesFile
NtLoadKey2
NtRemoveProcessDebug
RtlSetCurrentEnvironment
ZwResumeThread
towupper
_splitpath
CsrFreeCaptureBuffer
RtlRealPredecessor
DbgUiGetThreadDebugObject
NtCreateMailslotFile
RtlValidSecurityDescriptor
ZwQueryInstallUILanguage
ZwSetDefaultUILanguage
RtlQueryAtomInAtomTable
RtlNtStatusToDosError
NtQueryObject
LdrUnloadAlternateResourceModule
RtlUpcaseUnicodeToCustomCPN
ZwSetDefaultHardErrorPort
ZwSetBootEntryOrder
NtWaitHighEventPair
ZwCreateEvent
RtlQueryDepthSList
RtlAcquireResourceExclusive
NtRequestPort
NtFlushWriteBuffer
NtFlushVirtualMemory
RtlIpv6StringToAddressW
RtlCaptureContext
RtlDeNormalizeProcessParams
LdrGetDllHandle
ZwSetTimerResolution
ZwLoadDriver
NtAllocateUserPhysicalPages
dnsapi
Dns_RecvTcp
DnsAsyncRegisterTerm
DnsGetDnsServerList
DnsReplaceRecordSetA
DnsDhcpSrvRegisterHostName
DnsQueryConfigAllocEx
DnsRecordSetCopyEx
DnsRecordCopyEx
DnsValidateName_UTF8
DnsNameCompare_W
Dns_PingAdapterServers
DnsCreateReverseNameStringForIpAddress
DnsDowncaseDnsNameLabel
BreakRecordsIntoBlob
Dns_ReadRecordStructureFromPacket
DnsExtractRecordsFromMessage_UTF8
DnsRecordSetCompare
DnsDhcpSrvRegisterInit
DnsGetPrimaryDomainName_A
Dns_WriteQuestionToMessage
DnsCreateStandardDnsNameCopy
Dns_AllocateMsgBuf
DnsValidateName_A
DnsRecordListFree
Query_Main
msls31
LsFinishCurrentSubline
LsGetMinDurBreaks
LsdnResetPenNode
LsTruncateSubline
LsdnFinishByOneChar
LssbFDonePresSubline
LsResetRMInCurrentSubline
LssbFIsSublineEmpty
LsModifyLineHeight
LsdnSetAbsBaseLine
LsdnFinishRegularAddAdvancePen
LsGetSpecialEffectsSubline
LsForceBreakSubline
LsMatchPresSubline
LssbGetDupSubline
kernel32
SetConsoleMode
SetLastError
GetProcAddress
ReadConsoleA
CloseConsoleHandle
GlobalFindAtomW
SetCalendarInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
LoadLibraryW
SetFilePointer
HeapWalk
OpenProcess
DeleteCriticalSection
IsValidCodePage
tcpmonui
??0CTcpMibABC@@QAE@XZ
?Read@CPortABC@@UAEKQAXPAEKPAK@Z
??0CPortABC@@QAE@XZ
InitializePrintMonitorUI
??1CTcpMibABC@@UAE@XZ
??4CTcpMibABC@@QAEAAV0@ABV0@@Z
??4CPortABC@@QAEAAV0@ABV0@@Z
??_7CPortABC@@6B@
LocalAddPortUI
LocalConfigurePortUI
??0CTcpMibABC@@QAE@ABV0@@Z
??_7CTcpMibABC@@6B@
??1CPortABC@@UAE@XZ
??0CPortABC@@QAE@ABV0@@Z
comsvcs
GetMTAThreadPoolMetrics
CoLeaveServiceDomain
SafeRef
ComSvcsLogError
MiniDumpW
GetObjectContext
RecycleSurrogate
CoCreateActivity
DispManGetContext
CosGetCallContext
MTSCreateActivity
CoLoadServices
CoEnterServiceDomain
ComSvcsExceptionFilter
GetTrkSvrObject
gdi32
DdEntry49
EngStretchBltROP
GetRelAbs
CreateColorSpaceA
STROBJ_bEnum
GdiDescribePixelFormat
SetBitmapDimensionEx
EnableEUDC
GetBitmapDimensionEx
Sections
.text Size: 383KB - Virtual size: 383KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 181KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 180KB - Virtual size: 179KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE