Static task
static1
Behavioral task
behavioral1
Sample
ded9dd5a1621a56c5f074adb3327102d3e601690ba25448727273d2cfe1307e7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ded9dd5a1621a56c5f074adb3327102d3e601690ba25448727273d2cfe1307e7.exe
Resource
win10v2004-20220812-en
General
-
Target
ded9dd5a1621a56c5f074adb3327102d3e601690ba25448727273d2cfe1307e7
-
Size
225KB
-
MD5
d98ea3d799c6e455687ab462955ccdbd
-
SHA1
d103cb5e609564e0f60db226e3bf04e466cc149f
-
SHA256
ded9dd5a1621a56c5f074adb3327102d3e601690ba25448727273d2cfe1307e7
-
SHA512
1ec72b92e12099434d215a90c35a9221756fe899fbf0e1d8e87d964a094162eb642514b1a83ebda54b307ae7d2f092155b8109e1004146e1d8fc9e0496563851
-
SSDEEP
3072:NvyrfbfWEPzU7fNSa2h8iH43fjXV1S7D+zGJuut+NfCJIXgjSR:JGfbfWE4I451yD+zGJuCpIXg
Malware Config
Signatures
Files
-
ded9dd5a1621a56c5f074adb3327102d3e601690ba25448727273d2cfe1307e7.exe windows x86
312f29db9bc9d339030c606a79451eda
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
UnhandledExceptionFilter
LeaveCriticalSection
WaitForMultipleObjects
WaitForSingleObject
lstrcmpiW
lstrlenW
VirtualAlloc
LCMapStringW
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
SetUnhandledExceptionFilter
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeExW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
DebugBreak
CreateThread
CreateFileMappingW
CreateEventW
SetEvent
QueryPerformanceCounter
OpenFileMappingW
OpenEventW
MapViewOfFile
ChangeTimerQueueTimer
LocalFree
CloseHandle
UnmapViewOfFile
user32
GetSystemMetrics
CharNextW
OpenIcon
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetMessageA
DispatchMessageA
GetSysColor
UpdateWindow
UnregisterClassW
TranslateMessage
ShowWindow
RegisterClassW
PostMessageW
PeekMessageW
MsgWaitForMultipleObjects
LoadIconW
LoadCursorW
GetSystemMenu
GetMessageW
DispatchMessageW
DestroyWindow
DeleteMenu
DefWindowProcW
CreateWindowExW
MsgWaitForMultipleObjectsEx
gdi32
MoveToEx
LineTo
DeleteEnhMetaFile
GetStockObject
CloseEnhMetaFile
Rectangle
advapi32
AccessCheck
AdjustTokenPrivileges
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
DeregisterEventSource
FreeSid
GetAclInformation
GetLengthSid
GetSecurityDescriptorLength
GetTokenInformation
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDisablePredefinedCache
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetThreadToken
RegOpenKeyExA
AddAce
ole32
CoFreeUnusedLibrariesEx
CoGetCallContext
CoGetClassObject
CoGetInterfaceAndReleaseStream
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoRegisterClassObject
CoRevertToSelf
CoRevokeClassObject
CoSwitchCallContext
CoUninitialize
StringFromGUID2
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
msvcrt
memset
memcpy
Sections
.text Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 892B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ