Static task
static1
Behavioral task
behavioral1
Sample
2f7c85d2f84e2f769d0a4f1c8ab9ab0d7930d7211276f42aa6572bcdca0e96ab.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
2f7c85d2f84e2f769d0a4f1c8ab9ab0d7930d7211276f42aa6572bcdca0e96ab.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
2f7c85d2f84e2f769d0a4f1c8ab9ab0d7930d7211276f42aa6572bcdca0e96ab
-
Size
225KB
-
MD5
5b2fd69cc0814ece85e92d492d2ed8f3
-
SHA1
949c6ac49b7e2996453b18e07e049f9e5ed817f8
-
SHA256
2f7c85d2f84e2f769d0a4f1c8ab9ab0d7930d7211276f42aa6572bcdca0e96ab
-
SHA512
c2793aa7a5f82c522540eb4782ecbd03d15aa9ab89338df538a1f9418482ba5aa7cb8657f9d7c6d09de50bcc80c0ac39e00f1fe4994cc2f8d58253c9d87f835d
-
SSDEEP
3072:XtEKEkSZQAZ9wiToipBRVehhKm/z88OFAHrE6k2ofNacY/2C6pE/FqeAaqayg/UP:XWKtQDPwi0WBnm/z3TkKMTpAe7FP
Malware Config
Signatures
Files
-
2f7c85d2f84e2f769d0a4f1c8ab9ab0d7930d7211276f42aa6572bcdca0e96ab.exe windows x86
a54fa18829c602304a2cba73a1d2b925
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileMappingW
CreateIoCompletionPort
CreateProcessW
CreateTapePartition
CreateTimerQueue
CreateToolhelp32Snapshot
CreateWaitableTimerA
DeleteCriticalSection
DeleteFiber
DeleteFileA
DisconnectNamedPipe
EndUpdateResourceA
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExW
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesA
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsA
EnumUILanguagesW
ExitThread
ExpandEnvironmentStringsA
FatalAppExitW
FillConsoleOutputAttribute
FindFirstChangeNotificationA
FindFirstVolumeMountPointA
FindNextVolumeA
FindResourceExA
FlushViewOfFile
FoldStringA
FreeEnvironmentStringsW
GenerateConsoleCtrlEvent
GetACP
GetBinaryType
GetBinaryTypeW
GetCPInfoExW
GetCommProperties
GetComputerNameExA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleCP
GetConsoleFontSize
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileSize
GetFileTime
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeInfo
GetNumberFormatA
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetPrivateProfileSectionW
GetProcessVersion
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetShortPathNameA
GetStringTypeExA
GetSystemTime
GetTapeParameters
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadTimes
GetTimeFormatW
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameA
GetWindowsDirectoryW
GetWriteWatch
GlobalAddAtomA
GlobalAlloc
GlobalCompact
GlobalFindAtomW
GlobalFlags
GlobalLock
GlobalMemoryStatus
CreateFiber
GlobalReAlloc
Heap32Next
HeapCreate
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
HeapValidate
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
IsBadStringPtrW
IsBadWritePtr
IsValidLocale
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LocalSize
MapUserPhysicalPages
Module32Next
MoveFileExA
MoveFileWithProgressW
OpenEventW
OpenFile
OpenFileMappingW
OpenMutexA
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
QueryPerformanceFrequency
QueueUserAPC
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileScatter
RemoveDirectoryA
ResumeThread
RtlMoveMemory
RtlZeroMemory
ScrollConsoleScreenBufferW
SetCalendarInfoW
SetCommBreak
SetComputerNameW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleMode
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigA
SetEnvironmentVariableA
SetFileAttributesW
SetHandleCount
SetInformationJobObject
SetLocaleInfoW
SetProcessWorkingSetSize
SetSystemPowerState
SetSystemTimeAdjustment
SetTapeParameters
SetTapePosition
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SetVolumeLabelA
SetVolumeMountPointW
SwitchToFiber
SwitchToThread
TerminateProcess
Thread32Next
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
UpdateResourceW
VirtualQuery
WaitNamedPipeW
WinExec
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterW
WriteProcessMemory
WriteProfileStringA
WriteTapemark
_lopen
_lwrite
lstrcmpiW
lstrcpyn
lstrlenA
CreateEventA
CreateDirectoryW
CopyFileExW
CompareStringA
CloseHandle
VirtualAlloc
CancelIo
CallNamedPipeW
BuildCommDCBA
BackupWrite
BackupSeek
AssignProcessToJobObject
AreFileApisANSI
AllocConsole
GetSystemInfo
LoadLibraryW
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
lstrcatA
CreateFileA
GlobalMemoryStatusEx
user32
ShowOwnedPopups
ShowWindow
SubtractRect
SwapMouseButton
SwitchToThisWindow
SystemParametersInfoW
TabbedTextOutA
ToUnicode
TrackPopupMenuEx
TranslateMDISysAccel
UnhookWinEvent
UpdateWindow
ValidateRect
ValidateRgn
VkKeyScanExA
VkKeyScanExW
VkKeyScanW
WINNLSGetIMEHotkey
WinHelpA
WinHelpW
WindowFromDC
WindowFromPoint
keybd_event
mouse_event
wsprintfW
wvsprintfA
SetWindowsHookExW
SetWindowsHookExA
SetWindowWord
SetWindowTextA
SetWindowLongA
SetWindowContextHelpId
SetWinEventHook
SetScrollPos
SetScrollInfo
SetPropA
SetProcessWindowStation
SetMessageExtraInfo
SetMenuItemInfoW
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenuContextHelpId
SetDlgItemTextW
SetDeskWallpaper
SetDebugErrorLevel
SetClipboardData
SendNotifyMessageW
SendMessageW
SendMessageCallbackA
SendIMEMessageExW
SendDlgItemMessageA
ScrollWindowEx
ScreenToClient
RemovePropW
RemovePropA
RemoveMenu
ReleaseDC
RegisterHotKey
RegisterDeviceNotificationW
RegisterClassExA
RealGetWindowClassW
RealGetWindowClassA
RealChildWindowFromPoint
PtInRect
PostQuitMessage
PackDDElParam
OpenWindowStationW
OpenDesktopW
MsgWaitForMultipleObjectsEx
MoveWindow
ModifyMenuW
MessageBoxExW
MessageBoxExA
MessageBoxA
MapVirtualKeyW
MapVirtualKeyExA
MapDialogRect
LookupIconIdFromDirectoryEx
LoadStringW
LoadMenuW
LoadMenuIndirectW
LoadMenuIndirectA
LoadMenuA
LoadKeyboardLayoutW
LoadImageA
LoadCursorFromFileW
LoadAcceleratorsA
IsZoomed
IsWindowUnicode
IsWindowEnabled
IsRectEmpty
IsHungAppWindow
IsCharUpperA
IsCharAlphaA
InvertRect
InvalidateRgn
InvalidateRect
IntersectRect
InSendMessageEx
IMPSetIMEW
IMPSetIMEA
IMPQueryIMEW
IMPQueryIMEA
IMPGetIMEW
HideCaret
GrayStringA
GetWindowTextW
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowModuleFileName
GetWindow
GetUpdateRect
GetSysColorBrush
GetSysColor
GetQueueStatus
GetPropA
GetProcessWindowStation
GetProcessDefaultLayout
GetParent
GetOpenClipboardWindow
GetMouseMovePointsEx
GetMessageTime
GetMessagePos
GetMenuItemInfoW
GetMenuInfo
GetMenu
GetListBoxInfo
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetKeyboardLayout
GetKeyState
GetKBCodePage
GetInputDesktop
GetGUIThreadInfo
GetFocus
GetDlgItemTextA
GetDlgItem
GetClipboardSequenceNumber
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardData
GetClassInfoW
GetClassInfoExW
GetCapture
GetAltTabInfoA
GetAltTabInfo
FreeDDElParam
FrameRect
FindWindowW
FindWindowExW
FindWindowA
EqualRect
EnumWindows
EnumWindowStationsW
EnumDisplaySettingsA
EnumDisplayDevicesW
EndTask
EndDialog
EnableWindow
DrawTextExA
DrawStateW
DrawFocusRect
DrawAnimatedRects
DlgDirSelectExW
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListW
DlgDirListComboBoxA
DlgDirListA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DialogBoxIndirectParamW
DestroyMenu
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DdeQueryNextServer
DdeInitializeW
DdeInitializeA
DdeImpersonateClient
DdeEnableCallback
DdeDisconnectList
DdeCreateStringHandleA
DdeCmpStringHandles
DdeClientTransaction
DdeAbandonTransaction
CreateWindowStationA
CreateMenu
CreateMDIWindowA
CreateIconIndirect
CreateIcon
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateCursor
CreateCaret
CopyImage
CopyIcon
CloseWindowStation
CloseWindow
CloseDesktop
CloseClipboard
ChildWindowFromPointEx
CheckMenuRadioItem
CheckDlgButton
CharUpperW
CharUpperBuffW
CharUpperBuffA
CharToOemBuffW
CharPrevW
CharPrevExA
CharPrevA
CharNextW
CharNextExA
CharNextA
ChangeDisplaySettingsExA
CascadeChildWindows
BringWindowToTop
BlockInput
BeginDeferWindowPos
AttachThreadInput
ArrangeIconicWindows
AppendMenuA
AnyPopup
AnimateWindow
AllowSetForegroundWindow
ActivateKeyboardLayout
GetWindowContextHelpId
comdlg32
ChooseColorA
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ole32
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserFree
UtGetDvtd32Info
StringFromCLSID
StgSetTimes
StgPropertyLengthAsVariant
StgOpenStorageOnILockBytes
StgOpenStorage
StgOpenAsyncDocfileOnIFillLockBytes
StgIsStorageILockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
StgCreatePropStg
StgCreatePropSetStg
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserMarshal
STGMEDIUM_UserFree
SNB_UserUnmarshal
SNB_UserMarshal
SNB_UserFree
ReleaseStgMedium
RegisterDragDrop
ReadFmtUserTypeStg
ReadClassStg
PropVariantCopy
PropVariantClear
PropStgNameToFmtId
ProgIDFromCLSID
OpenOrCreateStream
OleTranslateAccelerator
OleSetMenuDescriptor
OleSetClipboard
OleSetAutoConvert
OleSaveToStream
OleSave
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumFormatEtc
OleQueryCreateFromData
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLoadFromStream
OleLoad
OleIsCurrentClipboard
OleInitializeWOW
OleInitialize
OleGetIconOfClass
OleGetClipboard
OleGetAutoConvert
OleFlushClipboard
OleDraw
OleDoAutoConvert
OleCreateStaticFromData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkToFile
OleCreateLinkFromData
OleCreateFromFileEx
OleCreateFromFile
OleCreateFromData
OleCreateEx
OleCreateEmbeddingHelper
OleCreate
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleBuildVersion
MonikerCommonPrefixWith
IsEqualGUID
IsAccelerator
IIDFromString
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserFree
HPALETTE_UserUnmarshal
HPALETTE_UserSize
HPALETTE_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HMENU_UserSize
HMENU_UserMarshal
HMENU_UserFree
HICON_UserUnmarshal
WriteOleStg
HICON_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserSize
HDC_UserFree
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserMarshal
GetRunningObjectTable
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetClassFile
FreePropVariantArray
FmtIdToPropStgName
EnableHookObject
DoDragDrop
DllGetClassObjectWOW
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateStdProgressIndicator
CreateObjrefMoniker
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateClassMoniker
CreateBindCtx
CoWaitForMultipleHandles
CoUnloadingWOW
CoUninitialize
CoTreatAsClass
CoTestCancel
CoTaskMemRealloc
CoTaskMemAlloc
CoSwitchCallContext
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoResumeClassObjects
CoReleaseServerProcess
CoRegisterSurrogateEx
CoRegisterPSClsid
CoRegisterMallocSpy
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalInterface
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoInstall
CoInitializeSecurity
CoInitialize
CoImpersonateClient
CoGetTreatAsClass
CoGetPSClsid
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetCancelObject
CoGetCallerTID
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoFileTimeNow
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateGuid
CoAllowSetForegroundWindow
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
HICON_UserSize
oleaut32
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLi
RegisterActiveObject
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetElement
SafeArrayGetIID
SafeArrayGetRecordInfo
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArraySetIID
SafeArrayUnaccessData
SafeArrayUnlock
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
UnRegisterTypeLi
VARIANT_UserFree
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAdd
VarAnd
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromUI1
VarBoolFromUI2
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmpR8
VarCyFix
VarCyFromDate
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyInt
VarCyRound
VarCySu
VarDateFromBool
VarDateFromCy
VarDateFromI1
VarDateFromI4
VarDateFromR4
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecCmp
VarDecCmpR8
VarDecFix
VarDecFromDate
VarDecFromDisp
VarDecFromI2
VarDecFromR4
VarDecFromStr
VarDecFromUI2
VarDecInt
VarDecMul
VarDecNeg
VarDecSu
VarDiv
VarFormat
VarFormatPercent
VarI1FromCy
VarI1FromDate
VarI1FromDisp
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI2FromDate
VarI2FromDec
VarI2FromI1
VarI2FromI4
DispGetParam
VarI2FromR8
VarI2FromUI1
VarI2FromUI4
VarI4FromBool
VarI4FromDate
VarI4FromR8
VarI4FromUI1
VarIdiv
VarInt
VarMod
VarMonthName
VarNumFromParseNum
VarParseNumFromStr
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDisp
VarR4FromI1
VarR4FromStr
VarR4FromUI1
VarR4FromUI4
VarR8FromDate
VarR8FromDec
VarR8FromI1
VarR8FromI2
VarR8FromStr
VarR8FromUI1
VarR8FromUI4
VarR8Pow
VarR8Round
VarSu
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromR4
VarUI1FromR8
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI4
VarUI2FromR4
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR8
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarXor
VariantChangeType
VariantClear
VariantCopyInd
VectorFromBstr
OleLoadPictureEx
OleLoadPicture
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
OleCreatePictureIndirect
OleCreateFontIndirect
OaBuildVersion
LoadTypeLibEx
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_Unmarshal
LHashValOfNameSysA
GetRecordInfoFromTypeInfo
GetRecordInfoFromGuids
BSTR_UserUnmarshal
ClearCustData
CreateErrorInfo
CreateTypeLib2
DispGetIDsOfNames
DispInvoke
msvcrt
memcpy
Sections
.text Size: 186KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data5 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data4 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data3 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data2 Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ