Static task
static1
Behavioral task
behavioral1
Sample
35e9577c1b1866c95500fcc5cdc65b81b1427304f7e2c00ebbcdb3093be4fd54.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
35e9577c1b1866c95500fcc5cdc65b81b1427304f7e2c00ebbcdb3093be4fd54.exe
Resource
win10v2004-20220812-en
General
-
Target
35e9577c1b1866c95500fcc5cdc65b81b1427304f7e2c00ebbcdb3093be4fd54
-
Size
1022KB
-
MD5
56705f5419ce36381b7810036178127b
-
SHA1
7e443503c6fcb27cb1e1490193f3de9fc0521832
-
SHA256
35e9577c1b1866c95500fcc5cdc65b81b1427304f7e2c00ebbcdb3093be4fd54
-
SHA512
75e24d38b13f9555204cdb00f3dbfffb63e46a1cb96bbf119731fb571836a07e7a427dd77d40e8d8265efa76342a549bdf3d2ae04139b87d4d0cc3aade988c45
-
SSDEEP
24576:Gw2HbTdtBtmf7fkhukDrA1HhUMYE9/0wuZ0:GwSbTdtBm7YwJhUMYEt9uZ0
Malware Config
Signatures
Files
-
35e9577c1b1866c95500fcc5cdc65b81b1427304f7e2c00ebbcdb3093be4fd54.exe windows x86
23d13c7ba47e8293dd3c19d5a7abb3ac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteAtom
GetProcAddress
GetPrivateProfileSectionA
GetFileAttributesA
GetProcessAffinityMask
GetModuleHandleA
GetDiskFreeSpaceExA
GetStringTypeW
SwitchToThread
FreeEnvironmentStringsA
BindIoCompletionCallback
FormatMessageA
SetConsoleMode
ExpandEnvironmentStringsW
SetFileAttributesW
OpenThread
GetVolumeNameForVolumeMountPointA
GetProcessVersion
ReadDirectoryChangesW
GetConsoleAliasesW
GetPrivateProfileStringA
SetEvent
GetModuleFileNameW
ChangeTimerQueueTimer
FlushViewOfFile
CreateMutexW
CreateFileW
GetPrivateProfileStructW
MoveFileWithProgressW
GetStdHandle
GetFileSizeEx
PrepareTape
GetDiskFreeSpaceA
FindResourceExA
DeleteTimerQueueEx
OpenMutexA
GetNamedPipeHandleStateA
GlobalDeleteAtom
FindFirstVolumeA
SetCurrentDirectoryA
LCMapStringA
ReadProcessMemory
LockFile
GetFileAttributesExW
FormatMessageW
FreeUserPhysicalPages
SetConsoleActiveScreenBuffer
GetTimeFormatW
GetWindowsDirectoryW
GetVolumeInformationW
SetConsoleDisplayMode
SetCalendarInfoA
FoldStringW
DebugBreak
GetPrivateProfileStructA
TlsAlloc
GetDateFormatA
PostQueuedCompletionStatus
MultiByteToWideChar
CreateNamedPipeA
CopyFileExW
OpenJobObjectA
SetProcessAffinityMask
GetSystemDefaultLangID
lstrcpyW
WideCharToMultiByte
GetCPInfoExA
QueueUserWorkItem
GetBinaryTypeW
GetLongPathNameW
HeapCreate
GetConsoleAliasExesLengthW
GetShortPathNameA
SetWaitableTimer
DeviceIoControl
SetThreadAffinityMask
ReleaseMutex
CreateFileMappingW
CopyFileW
ExpandEnvironmentStringsA
GetFileAttributesW
WriteConsoleA
GetComputerNameW
FindFirstVolumeMountPointA
Toolhelp32ReadProcessMemory
MoveFileWithProgressA
GlobalUnlock
lstrcatW
CreateTimerQueue
DeleteVolumeMountPointA
GetTempFileNameA
SetCurrentDirectoryW
GetVolumePathNameW
CreateDirectoryA
GetCurrentDirectoryA
ResetEvent
SetThreadIdealProcessor
SetThreadContext
GetConsoleMode
GetStringTypeA
TryEnterCriticalSection
ConvertThreadToFiber
GetProcessTimes
GetDiskFreeSpaceExW
CancelIo
CreateSemaphoreW
GetFileTime
SearchPathA
SetUnhandledExceptionFilter
CreateHardLinkW
CreateSemaphoreA
FindFirstVolumeW
GetCalendarInfoA
GetFileInformationByHandle
GetOEMCP
SetHandleCount
CreateEventW
GetModuleHandleW
Module32First
CreateHardLinkA
GetMailslotInfo
FindResourceA
lstrcmpiA
GetStringTypeExA
SetConsoleOutputCP
SetProcessWorkingSetSize
SystemTimeToTzSpecificLocalTime
GetConsoleScreenBufferInfo
VerifyVersionInfoW
lstrcpynW
FindFirstFileExA
GetACP
GetHandleInformation
CreateNamedPipeW
GetStartupInfoW
GetCurrencyFormatW
CreateTimerQueueTimer
GetLocaleInfoA
GetVersion
GetLogicalDriveStringsA
GetProcessIoCounters
SetThreadExecutionState
GetVolumeNameForVolumeMountPointW
GetCPInfoExW
CreateDirectoryExA
RtlUnwind
GetSystemDefaultLCID
GetWindowsDirectoryA
OpenProcess
FileTimeToLocalFileTime
GetNumberOfConsoleInputEvents
ReleaseSemaphore
SetConsoleCtrlHandler
GetStringTypeExW
HeapSetInformation
SetNamedPipeHandleState
GetEnvironmentStrings
CancelWaitableTimer
FreeLibraryAndExitThread
SetVolumeMountPointA
GetProfileStringA
SetThreadPriority
GlobalMemoryStatus
Module32Next
FoldStringA
CompareStringA
FindAtomA
GetPrivateProfileSectionNamesW
GetLogicalDrives
FindVolumeMountPointClose
RemoveDirectoryW
VirtualQuery
GetCalendarInfoW
GetFullPathNameA
GetConsoleCP
SetComputerNameExW
DuplicateHandle
EraseTape
GetCPInfo
IsDebuggerPresent
GetTempPathW
GetProfileIntA
GetCurrentThread
GetBinaryTypeA
TerminateThread
DefineDosDeviceA
GetUserDefaultUILanguage
SetProcessPriorityBoost
SetFileTime
OpenEventW
GetNamedPipeInfo
CreateTapePartition
GetDriveTypeA
GetSystemWindowsDirectoryA
DnsHostnameToComputerNameA
MapViewOfFile
TlsSetValue
LCMapStringW
GetCurrencyFormatA
ConvertDefaultLocale
GetCommandLineW
IsDBCSLeadByteEx
CopyFileA
GetTimeFormatA
FindNextFileA
OpenFileMappingA
GetConsoleOutputCP
ReplaceFileA
CreateToolhelp32Snapshot
SetMailslotInfo
EnumCalendarInfoExW
GlobalReAlloc
GetTapeStatus
GetThreadPriority
GetFullPathNameW
GetModuleFileNameA
GetUserDefaultLangID
GetPriorityClass
HeapReAlloc
HeapAlloc
CreateMutexA
GetEnvironmentVariableA
GetConsoleAliasExesLengthA
CopyFileExA
AreFileApisANSI
GetConsoleCursorInfo
Module32NextW
GetAtomNameA
GetEnvironmentVariableW
GetShortPathNameW
CreateMailslotA
OpenJobObjectW
IsSystemResumeAutomatic
AssignProcessToJobObject
OpenFileMappingW
PeekNamedPipe
CompareStringW
SetErrorMode
GetLocaleInfoW
VirtualAlloc
SetTapeParameters
FindVolumeClose
SetCalendarInfoW
SetConsoleCP
GetCurrentConsoleFont
CreateWaitableTimerA
GetAtomNameW
SetSystemPowerState
GetCompressedFileSizeA
SetInformationJobObject
FindFirstFileA
SetTapePosition
DosDateTimeToFileTime
CreateEventA
GetConsoleAliasesA
FindResourceExW
OpenSemaphoreW
GetThreadLocale
HeapSize
IsValidCodePage
Sleep
HeapFree
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsGetValue
EncodePointer
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetCommandLineA
ExitProcess
DecodePointer
IsProcessorFeaturePresent
user32
RedrawWindow
advapi32
CryptGetHashParam
RegSetValueW
OpenServiceW
InitializeAcl
RegCreateKeyW
RegQueryInfoKeyW
CryptGenRandom
OpenProcessToken
CheckTokenMembership
RegEnumKeyExA
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
EqualSid
CryptHashData
SetNamedSecurityInfoW
OpenThreadToken
CryptReleaseContext
OpenServiceA
IsValidSecurityDescriptor
GetUserNameW
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
LookupAccountSidW
FreeSid
CryptAcquireContextW
RegDeleteKeyW
RegCreateKeyA
SetSecurityDescriptorGroup
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
DeregisterEventSource
SetFileSecurityW
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryValueW
RegQueryValueExA
shell32
ShellExecuteW
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
SHBindToParent
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetFileInfoW
oleaut32
SafeArrayPtrOfIndex
SysReAllocStringLen
SafeArrayGetLBound
GetErrorInfo
GetActiveObject
SafeArrayGetUBound
SysStringLen
VariantCopyInd
VariantChangeTypeEx
SysAllocStringByteLen
SysFreeString
SafeArrayCreate
VariantCopy
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
Sections
.text Size: 403KB - Virtual size: 403KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 599KB - Virtual size: 599KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 484KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ