Static task
static1
Behavioral task
behavioral1
Sample
576d385b7e11dabef1dda835c16e8325fe57de056b0cf01ecf22cbeb86e6e395.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
576d385b7e11dabef1dda835c16e8325fe57de056b0cf01ecf22cbeb86e6e395.exe
Resource
win10v2004-20220901-en
General
-
Target
576d385b7e11dabef1dda835c16e8325fe57de056b0cf01ecf22cbeb86e6e395
-
Size
704KB
-
MD5
0638a3614128e061442cfa785fcdf4d0
-
SHA1
132a11455730ff003d61eb5c8642ce7a6373af42
-
SHA256
576d385b7e11dabef1dda835c16e8325fe57de056b0cf01ecf22cbeb86e6e395
-
SHA512
ad50a5d63d078dc3cfec1ccfe888ad21f30fdf2bc38e09ed1637a3f87759e7f39bcd2ac705ff17b6f37b995d5f52e603452cb893b2fdc74d0f6c9172362e1a85
-
SSDEEP
12288:1lesJ3+qLn5HlrM9s0SEpIxD3hZk+QsG+WTCVDtgBbhUGTQq9iA8JkHTX:RB5x0SEpIxjYRj2Rg4uJzDTX
Malware Config
Signatures
Files
-
576d385b7e11dabef1dda835c16e8325fe57de056b0cf01ecf22cbeb86e6e395.exe windows x86
0fb44b896facd19a3eefe83fca27ea0f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
StrCmpNIW
SHDeleteKeyA
PathMatchSpecW
PathCombineW
wvnsprintfA
wvnsprintfW
StrCmpNIA
PathRemoveFileSpecW
PathFileExistsW
StrStrW
PathFindFileNameW
wnsprintfW
kernel32
CreateFileA
SetEvent
GetTickCount
VirtualAlloc
VirtualProtect
MultiByteToWideChar
GetUserDefaultUILanguage
HeapAlloc
GetFileAttributesA
GetModuleHandleA
CreateThread
CloseHandle
lstrcatW
GetDiskFreeSpaceW
FindNextFileW
GetLocalTime
FindClose
LeaveCriticalSection
lstrcpyA
OpenMutexW
CreateProcessW
lstrcatA
CreateEventW
user32
GetKeyState
FindWindowExA
GetCursorPos
GetMessageA
GetIconInfo
SendMessageA
OpenWindowStationA
DispatchMessageA
PeekMessageA
GetForegroundWindow
GetClassNameA
SetThreadDesktop
GetWindowTextA
CloseWindowStation
advapi32
CryptHashData
CryptDestroyHash
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExA
DuplicateTokenEx
CryptReleaseContext
Sections
.text Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE