Static task
static1
Behavioral task
behavioral1
Sample
db29548d0ac185d730ed5b95704713a169459291333259c5e2571f5f82a5381a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
db29548d0ac185d730ed5b95704713a169459291333259c5e2571f5f82a5381a.exe
Resource
win10v2004-20221111-en
General
-
Target
db29548d0ac185d730ed5b95704713a169459291333259c5e2571f5f82a5381a
-
Size
57KB
-
MD5
b41cc15d71fe5c5902409a90d8f2a7ab
-
SHA1
23d0dd0140584c5a71484c4a309a11c245b2fb31
-
SHA256
db29548d0ac185d730ed5b95704713a169459291333259c5e2571f5f82a5381a
-
SHA512
ca6a931975d2a4b2dbabfd68362f028794e1f43cb5d3047175c5b65833a106ce3aefc554f4ec172ac08f6f92104c494507678ca2d1f02142d3cf943172a7fbaa
-
SSDEEP
768:Uc5OVV98H3iLDlgurzJeszKekoMM1mHTr/j1/Bz//PTBPfildO:Uc+H8Klhxx8oMM1gr1Pfiv
Malware Config
Signatures
Files
-
db29548d0ac185d730ed5b95704713a169459291333259c5e2571f5f82a5381a.exe windows x86
d9f003f5e368ee158deac32d43d18d4e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddUsersToEncryptedFile
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
BackupEventLogA
BackupEventLogW
authz
AuthziAllocateAuditParams
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziSourceAudit
AuthzFreeAuditEvent
avicap32
capCreateCaptureWindowA
capGetDriverDescriptionA
msvcrt
fread
fopen
rasman
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
IsRasmanProcess
RasActivateRoute
RasSetDialParams
RasSetEapUserInfo
RasPortSetInfo
RasAllocateRoute
RasBundleClearStatistics
RasBundleClearStatisticsEx
RasBundleGetPort
RasBundleGetStatistics
RasBundleGetStatisticsEx
RasCompressionGetInfo
RasCompressionSetInfo
RasConnectionEnum
RasConnectionGetStatistics
RasCreateConnection
RasDeAllocateRoute
RasDestroyConnection
RasFreeBuffer
kernel32
SetErrorMode
SetFilePointer
DecodePointer
CreateMutexA
GetOEMCP
ExitProcess
GetCommState
GetCommandLineA
GetSystemDirectoryA
dnsapi
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx
nddeapi
NDdeGetErrorStringA
iassvcs
IASGetDictionary
regapi
RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW
atl
AtlAxAttachControl
AtlComPtrAssign
mprapi
MprAdminInterfaceCreate
netapi32
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW
quartz
AmpFactorToDB
Sections
code Size: 3KB - Virtual size: 16KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
.DATA Size: 10KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.RSRC Size: 38KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
reloc Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.date Size: 1KB - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ