Static task
static1
Behavioral task
behavioral1
Sample
95cada07a481de1a28527fe6aceb97d3b3fa17778fde2132d572915f60904d9e.exe
Resource
win7-20220901-en
windows7-x64
General
-
Target
95cada07a481de1a28527fe6aceb97d3b3fa17778fde2132d572915f60904d9e
-
Size
1.0MB
-
MD5
0cd586ced68290706538dc6195917120
-
SHA1
55edb43e73d01cc155b3bf0bf19bd1958ff473c8
-
SHA256
95cada07a481de1a28527fe6aceb97d3b3fa17778fde2132d572915f60904d9e
-
SHA512
314f0f7e75e86aef5b3361b7c893cfc5cc94a71dc7b82dc07d1a2ceab79497f204b61cfcb34272d588a4cc32a753e1800107559ff99c465b81ee86687f719e1a
-
SSDEEP
24576:p9EsjLFhFlH8uMh+zlmxcuz8Qf/li0f/ligYos:p9EsjLF7lH8uMh+z2Zz8Qf/Ff/tYd
Malware Config
Signatures
Files
-
95cada07a481de1a28527fe6aceb97d3b3fa17778fde2132d572915f60904d9e.exe windows x86
2676ef74fce8aafa5cea88c6b1e0f9b2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OpenThread
Sleep
CreateEventW
ResetEvent
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
CancelIo
DisconnectNamedPipe
ReadFileEx
WriteFileEx
WaitNamedPipeW
FreeLibraryAndExitThread
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapSize
IsDebuggerPresent
InitializeSListHead
ExpandEnvironmentStringsW
InterlockedPushEntrySList
IsProcessorFeaturePresent
VerifyVersionInfoW
SetEvent
VerSetConditionMask
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryW
MoveFileExW
GetPrivateProfileIntW
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
Process32NextW
TerminateProcess
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
CreateProcessW
SetErrorMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathW
TerminateThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
EncodePointer
VirtualFree
WideCharToMultiByte
CreateDirectoryW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
OutputDebugStringW
GetLocalTime
GetFileSize
VirtualAlloc
CreateFileW
GetPrivateProfileStringW
GetTickCount
CompareStringW
lstrlenW
GetCurrentProcess
FlushInstructionCache
LockResource
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
lstrcmpiW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetVersionExW
MoveFileW
CopyFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetTempFileNameW
GetModuleHandleExW
CreateMutexW
CloseHandle
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
SetLastError
GetLastError
LocalFree
LocalAlloc
GetProcAddress
InterlockedCompareExchange
InterlockedPopEntrySList
user32
DrawFocusRect
UnregisterClassW
DestroyWindow
CharNextW
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
IsWindow
MsgWaitForMultipleObjects
RegisterClassW
GetClassInfoW
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
RegisterClassExW
GetClassInfoExW
LoadStringW
LoadKeyboardLayoutW
SendInput
GetKeyState
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
LoadImageW
LoadCursorW
LoadBitmapW
GetWindow
ShowWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRectEmpty
FillRect
GetClassNameW
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextW
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetCapture
GetFocus
GetActiveWindow
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItem
EndDialog
DialogBoxParamW
BringWindowToTop
SetWindowPos
PostThreadMessageW
SetTimer
KillTimer
OpenDesktopW
CloseDesktop
GetKeyboardState
ToAscii
AllowSetForegroundWindow
advapi32
SetSecurityDescriptorDacl
RegCloseKey
RegSetValueW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetAce
GetSidLengthRequired
InitializeAcl
InitializeSid
AddAce
GetFileSecurityW
OpenProcessToken
DuplicateToken
MapGenericMask
AccessCheck
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetAclInformation
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
CreateProcessAsUserW
ConvertSidToStringSidW
RegQueryValueExA
RegCreateKeyW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromIID
IIDFromString
CoCreateGuid
shell32
ord165
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
ShellExecuteW
oleaut32
SysFreeString
VarUI4FromStr
shlwapi
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW
SHDeleteKeyW
comctl32
InitCommonControlsEx
_TrackMouseEvent
gdi32
CreateFontIndirectW
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
msvcp120
?good@ios_base@std@@QBE_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_Xbad_function_call@std@@YAXXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?rdstate@ios_base@std@@QBEHXZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?_Winerror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Syserror_map@std@@YAPBDH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eof@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
msvcr120
swprintf_s
_wcslwr_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
wcscat_s
_waccess
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
__RTDynamicCast
_wfopen_s
fclose
fgetpos
fread
fseek
free
malloc
_recalloc
??_V@YAXPAX@Z
memcpy_s
wcsncpy_s
wcsstr
calloc
_wtoi
wcscpy_s
_hypot
rand
vsprintf_s
_vsnwprintf
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memmove_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
vswprintf_s
?terminate@@YAXXZ
wcstoul
wcscspn
wcsspn
_wcsnicmp
_vsnprintf
_vscprintf
_vscwprintf
wcschr
wcsrchr
wcspbrk
_waccess_s
_wsplitpath_s
_vsnwprintf_s
_itow_s
_wcsicmp
_findclose
_wfindnext64i32
_wfindfirst64i32
_time64
srand
swscanf_s
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
_purecall
memchr
_libm_sse2_log_precise
memset
imm32
ImmDisableIME
Sections
.text Size: 575KB - Virtual size: 575KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 15KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 246KB - Virtual size: 245KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 94KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE