Static task
static1
Behavioral task
behavioral1
Sample
a60d9332a0e88c4ba1cf8fa3c807dc8dcebabf601864591d7c3aef6ccfe0e3e6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a60d9332a0e88c4ba1cf8fa3c807dc8dcebabf601864591d7c3aef6ccfe0e3e6.exe
Resource
win10v2004-20220901-en
General
-
Target
a60d9332a0e88c4ba1cf8fa3c807dc8dcebabf601864591d7c3aef6ccfe0e3e6
-
Size
1.2MB
-
MD5
d6988fadb9d50864913df38c7129b101
-
SHA1
356656b254c30a8d3a208a8b0a7cdd181635ef7c
-
SHA256
a60d9332a0e88c4ba1cf8fa3c807dc8dcebabf601864591d7c3aef6ccfe0e3e6
-
SHA512
1c67bd8d10dbd899d5bb3b2be66f88159841dfbaffc1e1f920bc5a0ee7d25660135d18d79e3653299ed3c14c6839b6619f077cc03b780e2174e1a490e6d6ed23
-
SSDEEP
24576:nW3zYUNf9VrZRDGgL/po1StmOmnjK/YtPI057LtQmCOn3vwVsHVb6P:PK1ZVVgq057LXCOn3vNbI
Malware Config
Signatures
Files
-
a60d9332a0e88c4ba1cf8fa3c807dc8dcebabf601864591d7c3aef6ccfe0e3e6.exe windows x86
7958d6e3b80bb9c045ae0a58b29a8aab
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DisconnectNamedPipe
CreateNamedPipeW
GetSystemTimeAsFileTime
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
GetSystemDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
ResumeThread
TerminateThread
SetThreadPriority
ResetEvent
CancelIo
ReadFile
GetOverlappedResult
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetComputerNameW
CreateProcessW
lstrcmpiW
lstrcmpW
GetExitCodeProcess
OpenProcess
SetConsoleCtrlHandler
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
VerifyVersionInfoW
SetPriorityClass
MoveFileExW
CreateDirectoryW
GetCommandLineW
GetModuleFileNameW
GetNativeSystemInfo
SetFilePointer
GetStdHandle
GetFileSize
ConnectNamedPipe
GetCurrentProcess
InterlockedExchangeAdd
LocalFree
WaitForMultipleObjects
MulDiv
WideCharToMultiByte
WriteFile
FreeLibrary
InterlockedCompareExchange
CreateFileW
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
OpenSemaphoreW
CreateSemaphoreW
CreateEventW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
SetEvent
GetLastError
GetProcAddress
GetOEMCP
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
CompareStringW
GetFileType
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCurrentThreadId
Sleep
LoadLibraryExW
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetACP
VerSetConditionMask
ExpandEnvironmentStringsW
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
advapi32
RegNotifyChangeKeyValue
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegSetValueExW
RegSetKeySecurity
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
LookupPrivilegeValueW
UnregisterTraceGuids
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
AddAccessDeniedAce
FreeSid
AllocateAndInitializeSid
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
AddAccessAllowedAce
GetAce
GetAclInformation
InitializeAcl
GetLengthSid
EqualSid
IsValidSid
GetKernelObjectSecurity
shell32
CommandLineToArgvW
SHGetFolderPathW
ole32
StringFromCLSID
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
oleaut32
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayPutElement
SafeArrayCreateVector
VariantInit
VariantClear
ws2_32
htonl
WSAStartup
htons
ntohs
socket
getnameinfo
getsockopt
WSACleanup
ntohl
closesocket
iphlpapi
GetAdaptersAddresses
rpcrt4
UuidCreate
RpcStringFreeW
UuidToStringW
msi
ord205
Sections
.text Size: 761KB - Virtual size: 761KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 182KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 226KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 716B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 293KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ