Static task
static1
Behavioral task
behavioral1
Sample
70d015679be923b58ed1f9187fa41c6e749b90b8e9e203578253d82cd0459cb9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
70d015679be923b58ed1f9187fa41c6e749b90b8e9e203578253d82cd0459cb9.exe
Resource
win10v2004-20220812-en
General
-
Target
70d015679be923b58ed1f9187fa41c6e749b90b8e9e203578253d82cd0459cb9
-
Size
376KB
-
MD5
0c4bc61fbb1044b87a8a541eb15a13f0
-
SHA1
ec9541f3305e27af1fa0962daf2ba4bc26a1c3ce
-
SHA256
70d015679be923b58ed1f9187fa41c6e749b90b8e9e203578253d82cd0459cb9
-
SHA512
0cb955f1966da408b7c751e079d144dad635a22e5a78421848b4500dd4d1edacb2a369173dfb7529dfa207c300993b6c888b0c9f3a0a48d9969aa1898299cafb
-
SSDEEP
6144:i906XjaHZ/gc6ZWD+bisyOWIquYYH88MpUSHEG:CXez6sTQoYHKpU
Malware Config
Signatures
Files
-
70d015679be923b58ed1f9187fa41c6e749b90b8e9e203578253d82cd0459cb9.exe windows x86
945cf87b770568be0a0d94c53423eab7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
Imports
loadperf
SetServiceAsTrustedW
BackupPerfRegistryToFileW
InstallPerfDllA
InstallPerfDllW
UpdatePerfNameFilesA
SetServiceAsTrustedA
LoadPerfCounterTextStringsW
RestorePerfRegistryFromFileW
UpdatePerfNameFilesW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA
shlwapi
StrStrA
StrStrW
PathRemoveBlanksW
StrCmpIW
PathCompactPathExW
PathRemoveExtensionW
PathFindFileNameW
UrlCanonicalizeA
PathStripPathA
PathGetDriveNumberW
PathFindExtensionW
SHRegGetUSValueA
PathSkipRootA
StrStrNW
PathRemoveExtensionA
PathRemoveBlanksA
StrSpnA
PathGetDriveNumberA
PathStripPathW
UrlHashW
StrToIntW
ColorAdjustLuma
SHSetValueW
PathGetCharTypeA
StrCSpnW
user32
GetClientRect
GetDesktopWindow
IsChild
FindWindowW
GetWindowTextW
FindWindowA
GetProcessDefaultLayout
msvcrt20
_tcsnextc
_wsearchenv
strtoul
wcsncpy
clock
_mbbtombc
?setg@streambuf@@IAEXPAD00@Z
??0ostrstream@@QAE@PADHH@Z
_tcsnicmp
??_7filebuf@@6B@
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
_wutime
_execv
strxfrm
_mbsnbcoll
__doserrno
strftime
?terminate@@YAXXZ
__winitenv
putc
calloc
_memicmp
msasn1
ASN1BERDecSkip
ASN1_FreeEncoded
ASN1utf8string_free
ASN1BERDecNotEndOfContents
ASN1ztchar16string_free
ASN1BERDecZeroChar16String
ASN1BERDecCheck
ASN1DecAlloc
ASN1BEREncCheck
ASN1intx_add
ASN1BEREncOctetString
ASN1BERDecChar16String
ASN1BERDecEoid
ASN1BERDecOctetString2
ASN1BEREncRemoveZeroBits
ASN1_CloseDecoder
ASN1octetstring_free
ASN1objectidentifier_cmp
ASN1BERDecSXVal
ASN1BERDecS32Val
ASN1BEREncU32
ASN1CEREncBeginBlk
kernel32
GetWindowsDirectoryA
GetDiskFreeSpaceExW
GetCurrentProcess
IsBadStringPtrW
GetSystemTimeAsFileTime
ReadConsoleOutputAttribute
QueryPerformanceCounter
GetPrivateProfileIntW
GetModuleHandleA
GetACP
AddConsoleAliasW
SetConsoleTitleW
GetConsoleAliasesA
VirtualAlloc
GetCurrentProcessId
AddAtomW
ifsutil
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?GetBuffer@TLINK@@QAEPAXPAX@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
msvcrt
free
__p__commode
_initterm
Sections
.text Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rdata Size: 360KB - Virtual size: 357KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE