Static task
static1
Behavioral task
behavioral1
Sample
99ba456c544f229827db078f47ff7d6f93ebede1bfdb526dd788b05aa8c09ee7.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
99ba456c544f229827db078f47ff7d6f93ebede1bfdb526dd788b05aa8c09ee7.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
99ba456c544f229827db078f47ff7d6f93ebede1bfdb526dd788b05aa8c09ee7
-
Size
341KB
-
MD5
0fa7ae87c9b23168a8a44667dc5320a0
-
SHA1
cc5e75d57e8a100371538401f00500e54b506919
-
SHA256
99ba456c544f229827db078f47ff7d6f93ebede1bfdb526dd788b05aa8c09ee7
-
SHA512
294818429de03cad2dc21bf07670365163d66a8313e7f33c94457dfff47b3ab0a242df74cf85e6b3373ad5e956f527402765e92ddffeec1efb2a4e816ce5b495
-
SSDEEP
6144:ctoICDXHY5niQoV7qEtVJ1Vg6IKtvQQKDOzMumvC8M7pdT/pk:cuICzY5n1olqEfJ1V7IKtRKBvC8M7lk
Malware Config
Signatures
Files
-
99ba456c544f229827db078f47ff7d6f93ebede1bfdb526dd788b05aa8c09ee7.exe windows x86
1dda70747e65e4dd2a47fa1b04a929c6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gdiplus
GdipGetImageHeight
GdipCreateFromHDC
GdipGetImageWidth
GdiplusShutdown
GdipCloneImage
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipDeleteGraphics
GdipReleaseDC
GdipDrawImageRectRectI
mfc80u
ord2397
ord282
ord2409
ord2255
ord2386
ord2402
ord1479
ord5609
ord2407
ord347
ord2390
ord602
ord2392
ord2394
ord2388
ord1270
ord2404
ord2384
ord1271
ord931
ord1118
ord927
ord776
ord899
ord896
ord2239
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4535
ord4562
ord3677
ord3942
ord5222
ord5220
ord2925
ord1911
ord566
ord3826
ord757
ord5378
ord6215
ord5096
ord1007
ord3800
ord1121
ord5579
ord2009
ord2054
ord3824
ord4320
ord6274
ord2379
ord6272
ord4008
ord4032
ord4026
ord1049
ord5971
ord2011
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord3635
ord5178
ord1079
ord4574
ord4109
ord4347
ord354
ord605
ord3176
ord4256
ord5199
ord1392
ord5908
ord6720
ord2366
ord265
ord3158
ord4226
ord1536
ord2361
ord3756
ord587
ord563
ord753
ord4074
ord2261
ord2460
ord5398
ord5484
ord2444
ord1176
ord557
ord745
ord1472
ord2461
ord266
ord6002
ord5711
ord5558
ord4100
ord1182
ord1178
ord1960
ord2381
ord2399
ord5727
ord2169
ord709
ord2163
ord501
ord293
ord6700
ord1513
ord6273
ord870
ord3796
ord6275
ord6086
ord3198
ord3339
ord4961
ord1353
ord5171
ord4119
ord1955
ord577
ord1647
ord1646
ord280
ord1058
ord1590
ord760
ord283
ord5196
ord572
ord2531
ord2725
ord6721
ord2829
ord5911
ord4301
ord1611
ord2708
ord1894
ord1608
ord2856
ord3940
ord2534
ord3155
ord1393
ord2640
ord4238
ord2527
ord5148
ord3712
ord3678
ord1899
ord3713
ord5067
ord3703
ord6271
ord2638
ord5524
ord4179
ord3943
ord5210
ord4480
ord1920
ord4255
ord3990
ord3204
ord762
ord3590
ord1198
ord1925
ord3397
ord5633
ord4716
ord4276
ord1591
ord5956
ord5231
ord774
ord5229
ord920
ord925
ord2311
ord929
ord764
ord3795
msvcr80
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
srand
_time32
setlocale
memmove_s
_purecall
_wtoi
__CxxFrameHandler3
strncpy
strlen
memset
_CxxThrowException
memcpy
atoi
strstr
_itoa
tolower
wcsrchr
_wstat32i64
_wmkdir
_wsplitpath
wcslen
towlower
_stricmp
strncat
wcsncat
rand
isprint
_crt_debugger_hook
isspace
_vsnwprintf_s
free
malloc
isalnum
swscanf_s
wcsncat_s
_time64
memcpy_s
strncpy_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_beginthreadex
kernel32
OutputDebugStringA
OutputDebugStringW
WritePrivateProfileStringW
OpenMutexW
GetLastError
SetThreadLocale
Sleep
GetTickCount
CreateMutexW
CreateThread
SetEvent
WaitForSingleObject
CreateEventW
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32FirstW
Module32NextW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetLongPathNameW
FindFirstFileW
FindClose
LoadLibraryW
FreeLibrary
HeapFree
ResetEvent
GetModuleFileNameW
LeaveCriticalSection
CreateEventA
MultiByteToWideChar
GetVersionExW
GetFileSize
CopyFileW
DeleteFileW
WriteFile
lstrcpynW
lstrlenW
DeviceIoControl
GetSystemDirectoryW
InterlockedDecrement
DeleteFileA
CreateFileA
InterlockedIncrement
GlobalFree
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
CreateFileW
SetFilePointer
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
InitializeCriticalSection
lstrlenA
GetVersionExA
GetThreadLocale
GetACP
EnterCriticalSection
GetLocaleInfoA
GetProcessHeap
GetProcAddress
SetLastError
DeleteCriticalSection
user32
InvalidateRect
IsWindow
RegisterClassW
FindWindowExW
GetClassInfoW
LoadBitmapW
GetWindowRect
SendMessageW
EnableWindow
SetTimer
PostMessageW
KillTimer
MessageBoxW
GetWindowThreadProcessId
GetForegroundWindow
ShowWindow
SetForegroundWindow
AttachThreadInput
ReleaseCapture
DrawFocusRect
ClientToScreen
OffsetRect
DrawEdge
GetSysColor
WindowFromPoint
GetNextDlgGroupItem
GetCursorPos
GetCapture
GetParent
GetWindowLongW
LoadIconW
gdi32
SelectObject
StretchBlt
CreateCompatibleBitmap
CreateFontIndirectW
CreateCompatibleDC
GetObjectW
CreateFontW
BitBlt
DeleteObject
msimg32
TransparentBlt
advapi32
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
shell32
ShellExecuteW
SHGetSpecialFolderPathW
comctl32
_TrackMouseEvent
InitCommonControlsEx
ole32
CoInitialize
CoCreateGuid
CoUninitialize
CoLoadLibrary
CreateStreamOnHGlobal
OleRun
CoCreateInstance
oleaut32
SafeArrayDestroy
SafeArrayCreateVector
VariantChangeType
VariantClear
SysStringByteLen
VariantInit
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
SafeArrayPutElement
SysAllocStringByteLen
msvcp80
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
wininet
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
ws2_32
__WSAFDIsSet
accept
getpeername
select
connect
recv
send
WSACleanup
getsockname
WSASetLastError
listen
recvfrom
htons
inet_addr
gethostbyname
WSAStartup
inet_ntoa
WSAGetLastError
closesocket
ioctlsocket
setsockopt
gethostname
ntohs
ntohl
htonl
bind
socket
sendto
netapi32
NetApiBufferFree
Netbios
NetWkstaTransportEnum
Sections
.text Size: 172KB - Virtual size: 170KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 60KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE