Static task
static1
Behavioral task
behavioral1
Sample
df1070b80d5c5784190295d3843996668707058e030547b792d252ef7e972216.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df1070b80d5c5784190295d3843996668707058e030547b792d252ef7e972216.exe
Resource
win10v2004-20220812-en
General
-
Target
df1070b80d5c5784190295d3843996668707058e030547b792d252ef7e972216
-
Size
878KB
-
MD5
f5a3c8c06d338f3ca301c69d7e44dd52
-
SHA1
47eae1e227a26ee448639239fe4fc5e496807a39
-
SHA256
df1070b80d5c5784190295d3843996668707058e030547b792d252ef7e972216
-
SHA512
25653dab08d195e978b096eb8ae849c2513f7cf46f6da2236fa3329e7a07e69cd137457dc0d15ad6ee85f105c170f89d58c2450870091526a14d0015f3cbac21
-
SSDEEP
24576:ihxL1EppKzCKYMNHIon7rKiSi9Y2uwVmXMI:61CwjigYPwVoMI
Malware Config
Signatures
Files
-
df1070b80d5c5784190295d3843996668707058e030547b792d252ef7e972216.exe windows x86
d01fc7b62182b09ed67a9192855980a8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
SHGetFileInfoA
StrNCmpW
SHPathPrepareForWriteW
SHAppBarMessage
ExtractIconW
SHCreateQueryCancelAutoPlayMoniker
Control_RunDLLAsUserW
ExtractAssociatedIconW
SHHelpShortcuts_RunDLLA
FreeIconList
SHCreateDirectoryExW
DoEnvironmentSubstW
OpenAs_RunDLL
Shell_NotifyIconA
StrCmpNW
SHEmptyRecycleBinW
PrintersGetCommand_RunDLLA
Control_RunDLL
SHHelpShortcuts_RunDLLW
StrChrW
PrintersGetCommand_RunDLLW
DragQueryFile
Shell_NotifyIcon
StrChrIW
DllGetVersion
Control_RunDLLA
SHIsFileAvailableOffline
ExtractIconExW
RealShellExecuteExA
SHFileOperationW
wininet
InternetTimeFromSystemTimeA
GopherCreateLocatorW
InternetInitializeAutoProxyDll
InternetSetStatusCallbackA
SetUrlCacheConfigInfoW
DeleteUrlCacheContainerW
InternetConfirmZoneCrossingA
InternetGetCookieExA
DeleteIE3Cache
InternetGetCertByURL
FtpFindFirstFileW
RetrieveUrlCacheEntryStreamA
InternetGetPerSiteCookieDecisionW
FtpGetFileA
InternetUnlockRequestFile
InternetSetCookieA
InternetEnumPerSiteCookieDecisionA
InternetSetCookieExA
InternetFortezzaCommand
InternetDialA
InternetSetCookieExW
InternetSetDialState
GopherOpenFileW
IsHostInProxyBypassList
InternetSetOptionExW
InternetSetPerSiteCookieDecisionA
UrlZonesDetach
FtpCommandA
clusapi
CanResourceBeDependent
PauseClusterNode
ClusterGroupControl
GetClusterNotify
RegisterClusterNotify
ClusterResourceCloseEnum
ClusterRegDeleteValue
OpenClusterNetwork
ClusterResourceTypeCloseEnum
CloseClusterNode
ResumeClusterNode
AddClusterResourceDependency
GetClusterNodeState
ClusterEnum
DeleteClusterGroup
GetClusterInformation
GetClusterFromNetInterface
ClusterResourceGetEnumCount
EvictClusterNode
ClusterRegSetValue
ClusterOpenEnum
OnlineClusterResource
ClusterNetworkEnum
ClusterRegEnumKey
esent
JetCloseFileInstance
JetFreeBuffer
JetAttachDatabaseWithStreaming
JetSetDatabaseSize
JetCloseDatabase
JetOpenFile
JetRenameTable
JetBackupInstance
JetSetCurrentIndex4
JetInit2
JetReadFileInstance
JetCloseTable
JetRetrieveColumns
JetRestore
JetSeek
JetCommitTransaction
sqlsrv32
SQLStatisticsW
BCP_exec
WizDatabaseDlgProc
SQLSetScrollOptions
SQLGetConnectOptionW
SQLBindCol
SQLSpecialColumnsW
SQLParamData
SQLNumParams
SQLGetDiagRecW
SQLSetStmtAttrW
ConnectDlgProc
SQLFetchScroll
BCP_control
SQLNumResultCols
SQLSetPos
SQLExecute
BCP_batch
SQLFreeHandle
kernel32
GetSystemWindowsDirectoryA
InterlockedFlushSList
GetTempPathW
GetBinaryTypeA
SetSystemTime
InitializeCriticalSection
GetVolumeNameForVolumeMountPointW
GetPriorityClass
GetLogicalDriveStringsA
GlobalGetAtomNameW
OutputDebugStringA
LoadLibraryA
CreateProcessInternalW
FindFirstChangeNotificationW
MoveFileWithProgressA
GetConsoleCommandHistoryLengthW
GetSystemInfo
SetupComm
SuspendThread
PrivMoveFileIdentityW
GlobalMemoryStatus
CreateIoCompletionPort
GetConsoleAliasesA
CreateThread
GlobalAlloc
BaseDumpAppcompatCache
GetMailslotInfo
RtlMoveMemory
GetDiskFreeSpaceExA
GetCPInfo
GetSystemDirectoryA
DeleteVolumeMountPointA
DeleteVolumeMountPointW
CreateActCtxW
GetTickCount
ReadConsoleInputExW
crtdll
mblen
_matherr
_flushall
memset
_strcmpi
_getcwd
_pclose
_popen
ceil
swscanf
fputc
_futime
_mbsnbcpy
rand
fputwc
_strupr
_mbsnccnt
Sections
.text Size: 414KB - Virtual size: 413KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 141KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 166KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ