�$��/���MG҂tc%�Oh�w����p������ 0ܐ�a�xys´��#Y�o�S)�۠��xxr���}�b|��0@<HE�㜽�xW��rnt;1,/������L' l3(?�'�z������a��0Xz� KK�5:$���f���p5}�^��W��P���J8.���j�!t�)"�;�a��/N�L�m�0|��['���6�B�<gǾ&�2N�l�B��EI�ޢ%{��u��cٟ���~>���*�"�G����n:�`��R��.���)�,Z���YA$�sN�1�b�^��`��,�6��|oNj�P�:�[�3���(պeN��>��e_7;��tف�/�S�}�391�k0�~c�"��H)VD�N'F���l2PFh 044h[~j����������S�~B�Mԧ�! ������Ƚ���MI��us��9��4��-���/�i�~Y��$��N���v�F���nd�L� �@����Ԥ��U���Y �3�*�P��m�����&O��~k������z�}".��ףSK�Ԥ��LCYWC47�^�+���q+��+�%Hzl$���ך�`PB�ղ�T��r23�å�Dtc��znG�Ǩzc��*^��o垱�#�s��3�8�P����I�`� ��+�V�����ٲi�V��~C���o������J���Brҍ(�/C��ҳ�M��5f�l�A��Db.>����+IY���J��B�[l�S�<�o��b�Z�0����g��1kxK*n���7�ϣ�ͦ�K��ߥ#����H5ڬgmSh�H�V�`-&�)5aҨJa<Ӷ�F��_w��6�JJ��*@N/߶ ��F赆7��"��GF��J��&LW�qWA��*@�W�韫�)ښ$5�q�}�/�1�k+�SlXq� ��\�@WH��㷸�&ٓh ��ư]���Ѐ��Ž�F^�}\� 7��ණ�V�|�+��TRI�4#@в#j�i��X�n�msW�)��Ųţ������m��{�����WJu6{�4��m�`Bd�z� �b�ַ�d\�)j'Z����dct,�9�K�j2��|0y���S�)%��v�m�o�}����F75zw���!��_��Ũx�PX��6�ᮓ�,���8�o����]¡�8$B�nv���� �����0�}�N`����<W��B��T����}�E�3��g8 ���TV�"z��&�"�)Y�6K��o%���e���y�E.�=���hO}�g����ѩ��f{��y�ho/܁��ԭ4��^�.zi����d� 4B��jrƷN��<A�~��>��Ѕ���1� �c���m�mϧg�i��Ť�M�ie���`x#��aqH����[�)c�&��%�Is���&���A���a�r�'�*R��4�#�cN��$z�܍:<�T�W����Q\�Ojȍ�&S�)8�I�w3�2 ���5�\=���S]��ν����Ŧm��W+�i�v��J~���Xۀc�,Vx[}s�tﯾ.6`D�:ȁJ��B�;�b��2�}�n���0u�\��H�VU�[�D�=�Dzx�s�sb���V��%�z�E����vX��� P�-WPK�����NS�@�f��&d@h�,l��w �d=^���ݶ�=O:&Y&yQ�km��1ln��b�5* �A�FUe�/r���u���I{��T .��Ҟ+��2:|�L�D|zT���s�x��r�h_~����%�7?W�j+ ��g������֭8,��رb A3�"�Vk�3�9����j��K��PJ���5�61W���?�Q㇐LR�Rި���1��}�C�j3Gf<��l��v�߷OD�p���h" r�b4�$�ٻ�n���r5q|'�5�_�9 K�#Ӧe���R�v��e�uA,q�J{��?E� ���I3��>mN&�Ԍs��ۤ��)����\���_h�1Ѿr�#�hJJ��:�i=���2 ���d�s��+�����D�V����(p����B6-}"�pt��롫Q}�0<E��؛�!�ݱ"_B��\$�T�Y梀���{}K��qs��VN��P����*:�(�~����?=�ڔ�D"������&�a���5+,�.O4�-_�i���~o���jdq�LE&:����I&��"ǫ%Ǧi'� �'�Pi�X3��(x�� H���_v��;��&�����naLd��)�,�EHrܿl��_ +h��-�j3��晒ԡ�H��`k�| �R}�d�gM�8~���[{������Q�4d[���"r ��~Ӻ�A%���s���ּKI̝�k��dx��B�� �G���zV�evT��SY�Q���e��R��DZ�h�3��e~��<B��H��=��Ʀ����i���زN @�1�I���#���dr�a�/�������.�l�4��S��u���E��0��_��D7��T���������A�A2��C�1���IE�Qy $An��١�!�k� �܍}�leZ� �*Z�*����sG�:*������2Q`~��91�i�2��R��?=��ɺ����0R-����=zq[V�|���0��+���s�����Ăݧ��m�#\ߞAҷ|W} �j��o��h�3��ܑ)<�,���F�E�l/��e�d����<s���Y4�q�*��� )��S=�ز����el�6k��U1�����̧��J�{�?BA��\��������2RaIi�tL�J�����wߡڣ\�ϔ߷�sN�WV1�F�iuvL'�<����ms��.n�`��Fm]F^�bm�i�̌1�28�|_�]��#J�3��B����(�H=�wA�Y��Cิ�D=���?l� =J�6�t����6��yu.�n-k�gn�;t���!��>���J������x�P�����UEH����zD�*��5�<c���h�[���ޔ�97��ߙ%��rׂ�X�M��8��q�غ�����ot�C6��H Xx�����G�MqV��ή��O��ƱC�-�*�lq�����qn��鈼��q�Ec�NKڥ��G� wg�?�8u�� �X�M|
Static task
static1
Behavioral task
behavioral1
Sample
2df9330f7b5b95dd9a769a63e76c23fb6400fdb5fdc15656ab2c5ad7c009c5d1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2df9330f7b5b95dd9a769a63e76c23fb6400fdb5fdc15656ab2c5ad7c009c5d1.exe
Resource
win10v2004-20220812-en
General
-
Target
2df9330f7b5b95dd9a769a63e76c23fb6400fdb5fdc15656ab2c5ad7c009c5d1
-
Size
2.6MB
-
MD5
d2481dcb825fb4ababf34c942ca0a5a2
-
SHA1
6f16de9d2a809b47ecf69ec48859a591f8579d98
-
SHA256
2df9330f7b5b95dd9a769a63e76c23fb6400fdb5fdc15656ab2c5ad7c009c5d1
-
SHA512
bf4a607ad9a05725b0a964ad572afef753b93c698c6e6b026b172f44aa684e632682f9cf0476290be632b0d3742c58f17252eebb59ebeafcde921245059dad0c
-
SSDEEP
49152:0FQ96MScoyO3YSNqbZpHW98YIjpN8NURoG2v6y2eEvbrOzDY5:L91UyOxupybO4UqGjzse
Malware Config
Signatures
Files
-
2df9330f7b5b95dd9a769a63e76c23fb6400fdb5fdc15656ab2c5ad7c009c5d1.exe windows x86
e52ba28cbd04d3e004210a8fdf507cd7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcessId
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
DestroyWindow
CharUpperBuffW
advapi32
RegCreateKeyA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
shell32
SHGetSpecialFolderPathA
oleaut32
SysFreeString
msvcp120
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
urlmon
URLDownloadToFileA
wininet
DeleteUrlCacheEntryA
ws2_32
connect
wtsapi32
WTSSendMessageA
WTSSendMessageW
userenv
CreateEnvironmentBlock
ntdll
RtlCreateUserThread
msvcr120
malloc
Exports
Exports
Sections
.text Size: - Virtual size: 325KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
boot0 Size: - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
boot1 Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 183KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ