Static task
static1
Behavioral task
behavioral1
Sample
37875955ecaea8af05b353328446b140df9cd0426c37e8aa649dbbb6d52cf89e.exe
Resource
win7-20220812-en
General
-
Target
37875955ecaea8af05b353328446b140df9cd0426c37e8aa649dbbb6d52cf89e
-
Size
699KB
-
MD5
0d19450094d3562a32994a919998ddf0
-
SHA1
7b83973813cfb3b6a3ece32f030f578c233726e3
-
SHA256
37875955ecaea8af05b353328446b140df9cd0426c37e8aa649dbbb6d52cf89e
-
SHA512
23d5485913cb8633cd0b26d0cccb4d153af216845d716f3cbc9c9e638ef2be7645005e3971258430cd9b9ec7b7e9410de26db188e37600c6faec96f43ec97e9a
-
SSDEEP
12288:ol7djaB7OoRTQTR7djaB7OoRTQTDiiiiiiiiiiiiiioX3W:oTGBJRTQTHGBJRTQTDiiiiiiiiiiiiiX
Malware Config
Signatures
Files
-
37875955ecaea8af05b353328446b140df9cd0426c37e8aa649dbbb6d52cf89e.exe windows x86
6f5de88b0cf7d9bc54098240fccbc66a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileA
GetFileSize
GetModuleHandleW
GetTickCount
SizeofResource
SetEvent
DeleteCriticalSection
HeapAlloc
HeapDestroy
VirtualLock
GetModuleFileNameW
CreateFileMappingW
WideCharToMultiByte
HeapCreate
GetCurrentThreadId
MapViewOfFile
lstrlenW
HeapFree
UnmapViewOfFile
LoadLibraryW
ResetEvent
CreateFileW
LockResource
SetProcessWorkingSetSize
InterlockedIncrement
ReadFileEx
CreateEventW
SetCurrentDirectoryA
LoadLibraryA
InitializeCriticalSection
WaitForSingleObjectEx
GetLastError
CloseHandle
FindResourceExW
InterlockedDecrement
VirtualUnlock
FindResourceW
GetCurrentProcess
RaiseException
SetLastError
FreeLibrary
DeviceIoControl
GetVersionExW
GetProcAddress
LoadResource
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
GetProcessHeap
HeapSize
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapReAlloc
user32
UnregisterClassA
PostThreadMessageW
shell32
ShellExecuteExW
SHGetSpecialFolderPathW
ole32
CoCreateInstance
CoUninitialize
CoInitialize
shlwapi
PathFileExistsW
PathCombineA
PathCombineW
msvcp80
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
msvcr80
??2@YAPAXI@Z
_vsnprintf_s
free
calloc
wcsrchr
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_recalloc
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
??3@YAXPAX@Z
wcscpy_s
_vsnwprintf_s
_waccess
memmove_s
exit
_CxxThrowException
memcpy_s
__CxxFrameHandler3
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 660KB - Virtual size: 660KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE