Static task
static1
Behavioral task
behavioral1
Sample
19870ef370bff5ae4b853440fb9e4fa339a4ac4a7ed5eeada1c55e62768f01ac.exe
Resource
win7-20220901-en
General
-
Target
19870ef370bff5ae4b853440fb9e4fa339a4ac4a7ed5eeada1c55e62768f01ac
-
Size
1.4MB
-
MD5
31cbddc2dc168ed87f5d7d597f6d054e
-
SHA1
d3c21ac8038e48c4c53b96c1d37921e28222ddcc
-
SHA256
19870ef370bff5ae4b853440fb9e4fa339a4ac4a7ed5eeada1c55e62768f01ac
-
SHA512
014e9562a764f01c29e71556df2c9ae9768e2547e83056d3f5eb3f82693aade10f437c75eee29b8eb841f11019e491408b2ef77fa990c5e239d960f4c605bdb0
-
SSDEEP
24576:Gwa2WYC3X9ovTzB4uOG6A4Sgt8G0+j4OHISDWjb5IsEi0cTG0tV0EZ:pd8X9Szd76A4S68o31DOm6TG0tV0EZ
Malware Config
Signatures
Files
-
19870ef370bff5ae4b853440fb9e4fa339a4ac4a7ed5eeada1c55e62768f01ac.exe windows x86
33750815e329ca40359b527b3c3f9520
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RegEnumValueW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
DuplicateToken
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
GetTokenInformation
ConvertSidToStringSidW
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityInfo
CopySid
IsValidSid
GetLengthSid
InitializeAcl
AddAce
GetUserNameW
kernel32
CreateEventW
ResetEvent
InterlockedCompareExchange
InterlockedExchangeAdd
OpenMutexW
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
GetFileAttributesW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
ReleaseMutex
WritePrivateProfileStringW
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
GetTempFileNameW
CreateFileW
LockFileEx
UnlockFileEx
DeleteFileW
EnumResourceNamesW
FindResourceExW
LockResource
GetComputerNameExW
GetExitCodeProcess
CreateProcessW
SetEnvironmentVariableA
CompareStringA
ReadFile
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
CopyFileW
CreateSemaphoreW
IsProcessorFeaturePresent
ExitThread
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
GetStdHandle
WriteFile
ExitProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
HeapFree
GetStartupInfoW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
RaiseException
lstrlenW
InterlockedIncrement
InterlockedDecrement
LocalFree
GetLastError
FormatMessageW
CompareStringW
CloseHandle
WaitForSingleObject
CompareFileTime
SystemTimeToFileTime
QueueUserWorkItem
ReleaseSemaphore
WaitForMultipleObjects
ExpandEnvironmentStringsW
VerifyVersionInfoW
SetEnvironmentVariableW
GetEnvironmentVariableW
OpenProcess
FlushInstructionCache
SetWaitableTimer
GetTempPathW
GetExitCodeThread
CreateWaitableTimerW
GlobalFree
GetFullPathNameW
GetFileSizeEx
GetFileSize
GetLocalTime
QueryFullProcessImageNameW
GetLocaleInfoEx
CreateMutexW
lstrlenA
CreateNamedPipeW
GetNamedPipeServerProcessId
UnmapViewOfFile
MapViewOfFile
FreeLibraryAndExitThread
DuplicateHandle
GetSystemTimeAsFileTime
SetThreadPriority
FreeLibrary
FreeResource
GetThreadPriority
FileTimeToSystemTime
GetLongPathNameW
OpenFileMappingW
GetProcessHeap
GetUserDefaultLocaleName
GetNativeSystemInfo
GetThreadUILanguage
GetProcAddress
LoadLibraryW
GetModuleHandleW
lstrcmpiW
GetProductInfo
TerminateThread
GetFileAttributesExW
GetTickCount64
CreateTimerQueueTimer
DeleteTimerQueueTimer
LoadLibraryExW
GetModuleFileNameW
GetCurrentProcessId
GetSystemDirectoryW
Sleep
HeapSetInformation
FileTimeToLocalFileTime
SetDllDirectoryW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
SetLastError
WaitForMultipleObjectsEx
GetComputerNameW
GetSystemDefaultLocaleName
GlobalMemoryStatusEx
WerRegisterFile
GetVersionExW
GetSystemDefaultUILanguage
GetSystemDefaultLCID
GetShortPathNameW
GetTempFileNameA
CreateDirectoryA
SetFilePointerEx
RemoveDirectoryA
GetTempPathA
GetFullPathNameA
DeleteFileA
GetFileInformationByHandle
LocalAlloc
SetEvent
OpenEventW
MulDiv
GetSystemTime
CreateFileMappingW
GetFileAttributesA
FileTimeToDosDateTime
GetModuleFileNameA
CreateThread
gdi32
SetTextColor
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
CreateFontIndirectW
GetTextMetricsW
SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
Rectangle
GetDeviceCaps
GetTextExtentPoint32W
ExcludeClipRect
IntersectClipRect
GetClipRgn
CreateRectRgn
CreateRoundRectRgn
DeleteObject
RestoreDC
SaveDC
SetLayout
SetBkColor
user32
SetWindowLongW
ChangeWindowMessageFilter
NotifyWinEvent
CreateAcceleratorTableW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
InflateRect
RedrawWindow
MapDialogRect
GetLayeredWindowAttributes
SetLayeredWindowAttributes
PostQuitMessage
SendNotifyMessageW
DestroyWindow
PostMessageW
GetSysColor
IsWindowVisible
EnableWindow
GetParent
ShowWindow
GetWindowLongW
AdjustWindowRectEx
GetDesktopWindow
FillRect
DrawTextW
LoadIconW
ReleaseDC
GetDC
EndDialog
SendMessageW
GetClientRect
GetSystemMetrics
RegisterWindowMessageW
EndPaint
BeginPaint
GetWindowInfo
GetShellWindow
GetClassNameW
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
IsWindowEnabled
UpdateWindow
PtInRect
GetClassInfoExW
DefWindowProcW
RegisterClassExW
CallWindowProcW
GetAncestor
SetWindowPlacement
DefDlgProcW
EnumChildWindows
CreateDialogIndirectParamW
DialogBoxIndirectParamW
EnableScrollBar
SetScrollInfo
GetScrollPos
GetScrollInfo
IntersectRect
GetScrollRange
GetFocus
TrackMouseEvent
EnableMenuItem
GetSystemMenu
DrawFocusRect
GetDCEx
ScreenToClient
WindowFromPoint
PostThreadMessageW
MsgWaitForMultipleObjects
BringWindowToTop
GetNextDlgTabItem
MoveWindow
InvalidateRect
SetWindowTextW
SetWindowPos
SetWindowRgn
SetRect
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
IsWindow
SystemParametersInfoW
GetWindowPlacement
CopyRect
GetWindowRect
LoadCursorW
SetCursor
ExitWindowsEx
GetWindowThreadProcessId
SetFocus
CharNextW
SetProcessDefaultLayout
SetTimer
KillTimer
LoadStringW
CreateWindowExW
UnregisterClassA
sensapi
IsNetworkAlive
urlmon
CreateAsyncBindCtx
IsValidURL
CoInternetGetSession
CreateURLMoniker
msi
ord270
ord48
ord266
ord150
ord78
ord195
ord92
ord32
ord159
ord205
ord113
ord190
ord141
ord254
ord70
ord203
ord173
ord118
ord115
ord244
ord242
ord116
ord88
ord238
ord240
ord8
ord286
ord285
ord160
ord171
comctl32
ord17
wintrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx
userenv
UnloadUserProfile
secur32
GetUserNameExW
crypt32
CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW
uxtheme
SetWindowTheme
psapi
EnumProcesses
shlwapi
StrRChrW
PathFindFileNameW
SHDeleteValueW
StrRChrA
StrStrA
SHSetValueW
SHCreateStreamOnFileW
PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
StrStrIW
PathCombineW
SHCreateStreamOnFileEx
SHGetValueW
PathAppendW
PathRemoveFileSpecW
UrlCanonicalizeW
PathStripToRootW
PathStripPathW
PathUnquoteSpacesW
PathRemoveArgsW
UrlCreateFromPathW
PathCreateFromUrlW
PathFindFileNameA
PathFileExistsA
SHCreateStreamOnFileA
PathGetDriveNumberA
PathIsDirectoryA
StrCmpNIW
StrCmpNW
ord437
wininet
InternetCreateUrlW
InternetCombineUrlW
InternetCrackUrlW
gdiplus
GdipDrawImageRectRect
GdipCloneImage
GdipGetLogFontW
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipCreateFont
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipDeleteFont
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateFromHWND
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipDrawImageI
winhttp
WinHttpOpen
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpTimeFromSystemTime
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReadData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpSetCredentials
cabinet
ord11
ord14
ord13
ord10
ntdll
RtlAllocateHeap
RtlUnwind
RtlFreeHeap
NtQuerySystemTime
VerSetConditionMask
oleacc
LresultFromObject
AccessibleObjectFromWindow
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wer
WerReportCreate
WerReportSubmit
WerReportAddFile
WerReportSetParameter
WerReportCloseHandle
WerReportSetUIOption
rstrtmgr
RmShutdown
RmRestart
RmCancelCurrentTask
RmEndSession
RmStartSession
RmAddFilter
RmRegisterResources
wsock32
inet_addr
gethostbyname
WSACleanup
WSAGetLastError
WSAStartup
shell32
SHGetFolderPathAndSubDirW
ord165
ord43
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetKnownFolderPath
ShellExecuteExW
SHGetFolderPathA
ole32
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoQueryProxyBlanket
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoInitializeSecurity
CoSetProxyBlanket
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance
oleaut32
LoadRegTypeLi
VariantCopy
SysAllocStringLen
VariantChangeType
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysFreeString
LoadTypeLibEx
LoadTypeLi
Sections
.text Size: 923KB - Virtual size: 922KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 251KB - Virtual size: 250KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PACK Size: 164KB - Virtual size: 424KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE