�(O^3�>X.5bY��W��f�e�8�Z�PLs�Z6�aSi��A�zR�8% ��a�D��4Qn}�ߦ������m��Q�Mf��9������mLu�C�u�p ��ƈ�,B�Ih���$G�`�J�Ef�0=t`�%X5hnm$B+v��{F7LLՕzoEf�-���1MbajU�kp-\p�����ק�"}�֨t#FՒ�S�gO��������ě-s��Ny_w-���w��� ��nu<���i��]E�?͡�2���o� �����,T\WP�v��6x���2w��3bX����� �g�H.��X�H�E����^���!Nzg���ߺ"�(���0l-&l���SO.�DP<\z�9�)�cwgQ�h��������R� ����a�;�Y�3�7������GQۻ^�a��~����\u��p��G]%��Y_�����[����N}ª�o��J��&�`�I7�/DW�<4:\��]2 ݤۦ����Y$�H�o��7P5�x���'��:^4U掿����]�f3�薙�-<�r�!KJZ�&_8SDѳ����N)U�����x@*�&V(+�3ƐlhW�8���jר�+��6�ݱ Ϋ�m>G1�v[��6 D�"(�����ngqfմ�p��H�oi��Pߣ��O�aU�����}ð J�UqE쾷��mA��#�C�P�j��|89��ҟ�xw�F��k��t�;ߐ��0���K���u���G�dNux2���0tEG|�C���s )[���Dl>� u�w��k[ʲI���?��}|��9����/��#���J��pxOlI�H�8�AN�+�<Rn���A�h�AJ9�{�2�H6�`E�(��nE�w��u�J5�+����d[���IK�0cLl����{~v��p�����4#�v״��y!WkeZ�<�ǥ_/�S��S-�RT�t^����o]3'RO���m߉4�* ���^�<H+{Sj�A=� yb����C�:�=������l\�Гj1���Z��;#�+���D�n;�.�H������J��n�>��^<��}�f4�Dt\I.����Rv��@�o��'�����Fď�9�BU�;��K}�l@�)��Y����ܓ��E��Z�nz���wO���25d:�`�y-3�,8~y-���)���Z*. x1�S���ս8=�Hؑ'����.��Xs��N�.�u !�!p� >^�?{�x���FY�F�Tr�yƪh���'��!I|pJ�/V6���s����#��LS2pj�_ׄ�8TV�ۿv�:����3p}2�[�G��YA�n"�� }'�����Cؗ� \~��T�s��\�盘N�*�>w��k��j��a�t��%M7k`��o�����Y�]G֊s�`���]|�P�aD[��*��Ѿ&�>nv���G �� ��B6�z[���ez)�K� �4!��7�8�ѵ�8�<ȣ�6�ww��\��n�����7�3 �0�VT����<�?ノ !֕ ~�ء�9mY�cK�I @�ft��� #~N���>�vkf�������[�� `���Ufٔ��zmL2�/���?�_m�כy����>(Ƥ���<E�����2(���ًȕ��F�z�h��7s����k٪(����$u�U���i��bmWp����/gOtC��r��{���!���Ym�G4�W2�2 �`����a���+%����)����0�9�'M������Q�%e7�� ��/��p��1[ЋK!�$�_`���Fm���ьz����N(,%R��@�� ���0���"�Hn,v�j�Vʂ����Z839�Hz��C�a�7�s�+��Kb��l'�a�kxy p&·��>�s[s�y'K� bO)Sۖ!\.��P��T����-x������VtyCnq<�3s'wx��/�(�ͥ2P����/8>2��'8��l����������� ���6�)j h���In����������U;�#�a���}s����ρ�E;�����;����l�t��Xe�����h�_(��J8�<8o+O8��0��W��O�2;~��ܕq`�{%:�5�>��x�?����/Q�c��F�Ob�����^㫋�&�Ր����w���q\Ox��$�];�b.a�?Ǩ����B\���>Γ W(&���z�L1��x&�M��e�D�m��N�(߂�VK��+����!su;K�-ϭ`d���U��`%��S��t���#�������.] �K@C��C�<��6���=�I�ZOhE�nRU2�~�܄%��<_�;r���4�o'��.L�*�)��'r ��"���K�%J�����]+v�z�h|������,��(���$.cFG�Z2S{p� �m����sv,�}��m[b@p�P���{s��13u'��S⑃�h{�- =��>��O��ZE�*�R�O��Ҁ�$+�.[�s$!�;�QC�S��L�V;0��<W���rO�_C���[u匲�c�:l eν�T��A��<� 5^��*�$s�dU�e� �G�Gy력D/������$8z���hK�n�b�+9��`Ҩ3x�����hu"}�sP��Wx;����kP?� ��tr�t �{��(�<��v���`e0�N��Z��P9��Ô��J���{j���K[nb�D��ƌн��d�q<������1|�뿉��m ��*š=@_B/E�F�i g;6m�T�� S��Gz5H9���g�^]�Y��˴y,#@��/�4z�^��G��ԣK���e!H���i�K�a`Â�QV��C�����_����Z�7R�pb�3�vA�+G �=O�����̓��h!�Ռ��M�*j�{߬Gw���_1����vb�֕fQf ���/�� FS�_; R�!,y�4b.Q��������\���l������7R�����w��*��<���r�Bri� ��nVG��G��rY�8�Ke���\���De�Ť��qM�����`o.�^-��q�r�f��>����P�]�v�����P" ��c��>��n68q�������w�[{�³����?��Z�����ޛ�sW�
Static task
static1
Behavioral task
behavioral1
Sample
23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll
Resource
win10v2004-20220812-en
General
-
Target
23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093
-
Size
69KB
-
MD5
d45c14ed23b5dd6498ea649964a60e89
-
SHA1
efa0fa7a731eb56f2f25f12ed43ce7325f4bbb14
-
SHA256
23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093
-
SHA512
c1854b9b80e8fe4f4057f03be3571777be5d7c4ace035b51e140be191d26f3215778a7aa93032ebfffe32ccc41ca51a93bedb900391dc44f67af68456891364f
-
SSDEEP
1536:Us9P/OcCj+KcsdaddukhSDr/IJmOPgY4kgAkYwg5M857JkPi:UW/RCj+KcsdadYkkf/mmOPj43rLV8xc
Malware Config
Signatures
Files
-
23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll windows x86
597bb153bf4206b0d94c021d502ae413
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
libeay32
ord342
ord340
ord341
kernel32
FlushInstructionCache
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcess
ReadProcessMemory
Module32First
VirtualAllocEx
GetModuleFileNameA
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
WriteProcessMemory
CreateThread
VirtualProtect
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess
user32
MessageBoxA
MessageBoxA
msvcr100
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
__CxxFrameHandler3
_malloc_crt
_encoded_null
fopen
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
fclose
_except_handler4_common
__clean_type_info_names_internal
malloc
free
_initterm
??2@YAPAXI@Z
memchr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
sprintf
memmove
??3@YAXPAX@Z
fread
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy
_CxxThrowException
_msize
_onexit
memset
msvcp100
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
Exports
Exports
Sections
.text Size: - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.hmp0 Size: - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.hmp1 Size: - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.hmp2 Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 204B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ