Static task
static1
Behavioral task
behavioral1
Sample
c5b00280595a37f170a1aa54659eaf99fc7cd7a868e803f49c4fcc9d5e9dcac6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c5b00280595a37f170a1aa54659eaf99fc7cd7a868e803f49c4fcc9d5e9dcac6.exe
Resource
win10v2004-20220812-en
General
-
Target
c5b00280595a37f170a1aa54659eaf99fc7cd7a868e803f49c4fcc9d5e9dcac6
-
Size
2.0MB
-
MD5
314ece23dedcccfba4892bb7b09d4a2d
-
SHA1
8f30c1ffa1d48217ca894c128e0c49203b1dc945
-
SHA256
c5b00280595a37f170a1aa54659eaf99fc7cd7a868e803f49c4fcc9d5e9dcac6
-
SHA512
ec8bd5a2cc89dba7b8c7d4096cdb8e26605db50ffac8a83cd78235a1e216fe30c76eb7a3e9db5a0ef436df835ef2dd7f336e98c524217e01430fd3022b4e08cd
-
SSDEEP
49152:YG+e6dXSQDA0Eii+rdWU9jCXpNeIObhg/JeIOcR8cOif:YG+rdXSQDA0E5+xwNeIObi/JeIO0x
Malware Config
Signatures
Files
-
c5b00280595a37f170a1aa54659eaf99fc7cd7a868e803f49c4fcc9d5e9dcac6.exe windows x86
b6a17554052be9e57c082d106af97d5f
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29-01-1996 00:00Not After01-08-2028 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After07-11-2021 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before25-06-2012 00:00Not After24-08-2015 23:59SubjectCN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
InternetGetCookieA
InternetCrackUrlA
InternetGetConnectedState
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetConnectW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetOpenW
shlwapi
PathCombineW
SHQueryInfoKeyW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
SHGetValueW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
SHGetValueA
urlmon
URLDownloadToFileW
kernel32
CreateProcessW
WaitForSingleObject
GetTickCount
QueueUserWorkItem
SetFileAttributesW
GetFileAttributesW
WriteFile
OutputDebugStringW
CreateFileW
GetModuleFileNameW
GetFileSize
CloseHandle
DeleteCriticalSection
PeekNamedPipe
GetLastError
LeaveCriticalSection
CreateEventW
ResetEvent
SetEvent
GetProcAddress
CopyFileW
GetCurrentProcess
SetUnhandledExceptionFilter
WritePrivateProfileStringW
ExpandEnvironmentStringsW
lstrlenW
WideCharToMultiByte
OutputDebugStringA
EnterCriticalSection
GetPrivateProfileStringW
CreateDirectoryW
GetTempFileNameW
DeleteFileW
MoveFileW
Sleep
FindResourceExW
lstrlenA
FindNextFileW
GetModuleFileNameA
LockResource
FindClose
SizeofResource
LoadLibraryW
LoadResource
FindResourceW
FindFirstFileW
CreatePipe
FileTimeToSystemTime
InterlockedExchangeAdd
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
FormatMessageW
FormatMessageA
GetTempPathA
GetFileAttributesExW
DeleteFileA
GetFileAttributesA
UnlockFileEx
LockFileEx
LockFile
UnlockFile
AreFileApisANSI
GetStartupInfoW
MultiByteToWideChar
ReadFile
TerminateProcess
GetTempPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapDestroy
QueryDosDeviceW
InitializeCriticalSection
GetModuleHandleW
GetVersionExW
GetSystemInfo
IsWow64Process
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetVersion
GlobalFree
GetVersionExA
HeapFree
FreeLibrary
LocalFree
LocalAlloc
LoadLibraryA
HeapAlloc
GetProcessHeap
DeviceIoControl
CopyFileA
lstrcatA
GetSystemDirectoryA
CreateFileA
lstrcpyA
HeapReAlloc
SetLastError
GlobalAlloc
IsBadReadPtr
lstrcpynW
GetACP
FreeResource
ResumeThread
MulDiv
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
GetLocalTime
GlobalUnlock
GlobalLock
SetFilePointer
LoadLibraryExW
GetCurrentProcessId
ReleaseMutex
CreateMutexW
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
VirtualQuery
Module32NextW
Module32FirstW
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemDefaultLangID
RaiseException
TerminateThread
DuplicateHandle
GetExitCodeThread
lstrcmpW
user32
TranslateMessage
FindWindowW
GetMessageW
wsprintfA
wsprintfW
RemovePropW
GetWindowRect
PostQuitMessage
LoadImageW
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
MessageBoxW
DestroyWindow
UnregisterClassW
PeekMessageW
PostMessageW
RegisterClassExW
IsWindow
CreateWindowExW
GetPropW
DefWindowProcW
DispatchMessageW
SetPropW
PostThreadMessageW
IsCharAlphaNumericA
CharNextW
ShowWindow
SetFocus
EnableWindow
GetWindow
SystemParametersInfoW
GetParent
SendMessageW
GetSystemMetrics
CallWindowProcW
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoExW
IsIconic
ScreenToClient
SetWindowRgn
GetKeyState
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
GetDC
ReleaseDC
GetFocus
IsWindowVisible
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
UpdateLayeredWindow
CopyRect
IsZoomed
MoveWindow
SetForegroundWindow
OffsetRect
InflateRect
SetCursor
wvsprintfW
IntersectRect
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetMonitorInfoW
MonitorFromWindow
DrawIconEx
DestroyIcon
FindWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
FillRect
InvalidateRgn
CreateAcceleratorTableW
advapi32
RegEnumKeyExW
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueW
CryptEncrypt
CryptDestroyKey
CryptImportKey
CryptSetKeyParam
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
AllocateAndInitializeSid
CheckTokenMembership
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueW
RegCreateKeyW
RegCreateKeyExW
QueryServiceStatus
FreeSid
shell32
SHCreateDirectoryExW
ShellExecuteExW
ord165
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
SHChangeNotify
ole32
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID
oleaut32
VariantInit
VariantClear
SysAllocString
OleLoadPicture
ws2_32
sendto
inet_addr
inet_ntoa
WSAGetLastError
connect
gethostbyname
shutdown
accept
ioctlsocket
WSAStartup
ntohs
send
recv
__WSAFDIsSet
select
closesocket
WSACleanup
socket
htons
bind
getsockname
listen
iphlpapi
GetIpForwardTable
winhttp
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
setupapi
CMP_WaitNoPendingInstallEvents
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInfoListDetailW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Reenumerate_DevNode
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
psapi
GetProcessImageFileNameW
GetModuleFileNameExW
crypt32
CryptBinaryToStringA
gdiplus
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipCloneImage
GdipCloneBitmapAreaI
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipGraphicsClear
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdiplusStartup
GdipBitmapUnlockBits
GdipFree
GdipAlloc
GdipGetImageEncoders
comctl32
_TrackMouseEvent
ord17
msimg32
TransparentBlt
GradientFill
AlphaBlend
gdi32
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
DeleteDC
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetTextMetricsW
CombineRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
RoundRect
GetTextExtentPoint32W
SetTextColor
SetBkMode
TextOutW
GetCharABCWidthsW
GetDeviceCaps
CreateSolidBrush
SetDIBitsToDevice
CreateRoundRectRgn
DeleteObject
GetClipBox
CreateDCW
GetDIBits
BitBlt
Exports
Exports
StartWorkFlow
UIEvent2Module
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 243KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 33KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 631KB - Virtual size: 631KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE