Static task
static1
Behavioral task
behavioral1
Sample
a54c74b381ee1e3b4f53837548863d5f8b060ab41fe54405a6f3c86449ffe2cc.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a54c74b381ee1e3b4f53837548863d5f8b060ab41fe54405a6f3c86449ffe2cc.exe
Resource
win10v2004-20221111-en
General
-
Target
a54c74b381ee1e3b4f53837548863d5f8b060ab41fe54405a6f3c86449ffe2cc
-
Size
111KB
-
MD5
e5b3afbc526ff13b389434721232a51b
-
SHA1
f5b042835203475e713389874419a580d347b05b
-
SHA256
a54c74b381ee1e3b4f53837548863d5f8b060ab41fe54405a6f3c86449ffe2cc
-
SHA512
b0e5b49abce048473e7ee8ffa6b7ab1f8089426e136e50c8be45905aab917fcc2b4ce07b2c1578c3387c503ccacfccb032831b3e70d422417a74a9489428ec9c
-
SSDEEP
3072:wZUhrasXeubC3dqyaXSU/2V/WAtkZKBst4eV:dcR3YXXSU/2V/WAG
Malware Config
Signatures
Files
-
a54c74b381ee1e3b4f53837548863d5f8b060ab41fe54405a6f3c86449ffe2cc.exe windows x86
2860478be99ce8a9caa4bb467b19dfc6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
SetFileAttributesA
MoveFileExA
GetTickCount
GetTempPathA
lstrlenA
GetCurrentProcess
GetSystemInfo
GetVersionExA
OpenEventA
CreateMutexA
CopyFileA
ResumeThread
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetStartupInfoA
GetModuleHandleA
TerminateThread
lstrcpyA
GetFileAttributesA
GetLastError
MoveFileA
InitializeCriticalSection
CancelIo
InterlockedExchange
SetEvent
ResetEvent
LoadLibraryA
GetProcAddress
WaitForSingleObject
CloseHandle
GetCurrentThreadId
CreateThread
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
Sleep
GlobalMemoryStatus
user32
GetMessageA
PostThreadMessageA
GetInputState
RegisterClassA
LoadCursorA
LoadIconA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
wsprintfA
MessageBoxA
gdi32
GetStockObject
advapi32
CreateServiceA
OpenServiceA
DeleteService
RegSetValueExA
RegCloseKey
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegQueryValueExA
shell32
SHGetSpecialFolderPathA
msvcrt
_onexit
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
memset
??2@YAPAXI@Z
memcmp
free
malloc
_except_handler3
strcmp
sprintf
strcpy
exit
strcat
strncat
strchr
realloc
rand
atoi
strncmp
_beginthreadex
_snprintf
calloc
??1type_info@@UAE@XZ
__dllonexit
??0exception@@QAE@ABQBD@Z
_exit
ws2_32
socket
recv
select
closesocket
send
gethostbyname
getsockname
ioctlsocket
__WSAFDIsSet
inet_addr
listen
bind
ntohs
accept
getpeername
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostname
iphlpapi
GetIfTable
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationA
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ