Static task
static1
Behavioral task
behavioral1
Sample
4cf331fb5edcc052785d67489677e7c3451c6729c0cb898218294af7e1e0d3f8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4cf331fb5edcc052785d67489677e7c3451c6729c0cb898218294af7e1e0d3f8.exe
Resource
win10v2004-20220812-en
General
-
Target
4cf331fb5edcc052785d67489677e7c3451c6729c0cb898218294af7e1e0d3f8
-
Size
174KB
-
MD5
239903ace7a0712fb34ff5dacb82ce95
-
SHA1
f1f3252f248662487a0a2c5ac375cef990a7495a
-
SHA256
4cf331fb5edcc052785d67489677e7c3451c6729c0cb898218294af7e1e0d3f8
-
SHA512
d8b6597deab3d0c00af76f611daf39d0cdadc130de36a941f6c98a3d07e1a4f1beb1fe4a7ae702ae56e3f1f743ae3f1f678cc8b0ba12e54fdc11492b424c6a14
-
SSDEEP
3072:KZ/LhS0rKgHq+rFLIwgoovufDUbZMYIWJkBK5Se:+/LhS0rKE/FLITo9mpIWWBE
Malware Config
Signatures
Files
-
4cf331fb5edcc052785d67489677e7c3451c6729c0cb898218294af7e1e0d3f8.exe windows x86
edf0659abd5188c18e493cb2537cb8d9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadFile
CreateFileW
GetFileSizeEx
FindNextFileW
DeleteFileW
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
HeapReAlloc
HeapCompact
HeapAlloc
HeapFree
HeapCreate
SetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
LocalAlloc
LocalFree
CreateNamedPipeW
GetCommandLineW
CreateMutexW
GetDriveTypeW
FileTimeToSystemTime
OpenMutexW
ReleaseMutex
GetVolumeInformationW
ExpandEnvironmentStringsW
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GlobalLock
GlobalUnlock
lstrcpynA
lstrcmpiA
SetCurrentDirectoryW
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindNextVolumeMountPointW
GetCurrentDirectoryW
FindVolumeMountPointClose
FindFirstVolumeMountPointW
GetFileAttributesW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
FindFirstVolumeW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetStringTypeW
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemWow64DirectoryW
GetSystemDirectoryW
WriteFile
SetFileTime
SetFilePointer
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrcpyA
GetSystemTime
LoadLibraryW
GetLocalTime
FindClose
MoveFileW
SetThreadPriority
lstrcmpW
GetACP
FreeConsole
CopyFileW
GetCurrentThread
GetTickCount
GetModuleHandleW
SleepEx
SystemTimeToFileTime
SetUnhandledExceptionFilter
CreateProcessW
FreeLibrary
SetErrorMode
lstrlenA
FindFirstFileW
ExitProcess
GetCurrentProcess
GetExitCodeThread
ExitThread
CreateThread
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
lstrcpyW
GetWindowsDirectoryW
lstrcatW
GetTempPathW
lstrlenW
GetModuleFileNameW
GetComputerNameW
GetEnvironmentVariableW
GetLastError
MultiByteToWideChar
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSize
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
IsBadReadPtr
lstrcmpiW
GetProcAddress
lstrcpynW
GetOEMCP
user32
ShowWindow
SetWindowLongW
PeekMessageW
GetWindowTextW
GetAsyncKeyState
RegisterRawInputDevices
RegisterClassExW
GetKeyboardState
GetRawInputData
PostQuitMessage
CreateWindowExW
DefWindowProcW
GetWindowThreadProcessId
ToUnicodeEx
DispatchMessageW
GetKeyboardType
wsprintfW
GetKeyboardLayout
wsprintfA
GetMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
OpenClipboard
GetClipboardData
CloseClipboard
GetForegroundWindow
GetKeyboardLayoutNameW
CharLowerW
advapi32
CryptGenRandom
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
LookupAccountSidA
QueryServiceStatus
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptGetHashParam
SetEntriesInAclW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
GetTokenInformation
OpenThreadToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetUserNameW
ChangeServiceConfigW
StartServiceW
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
OpenProcessToken
shell32
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ole32
CoInitializeSecurity
CoUninitialize
CoInitialize
IIDFromString
CoTaskMemFree
StringFromIID
CoCreateInstance
oleaut32
VariantChangeType
VariantInit
SysAllocString
VariantClear
rpcrt4
UuidCreate
RpcStringFreeW
UuidToStringW
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
secur32
GetComputerObjectNameW
wininet
InternetGetConnectedState
InternetGetLastResponseInfoW
ws2_32
WSAStartup
WSACleanup
shlwapi
PathAppendW
PathFindExtensionW
StrStrA
PathAddBackslashW
PathRemoveFileSpecW
crypt32
CryptUnprotectData
mpr
WNetCancelConnectionW
WNetAddConnection2W
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ