Static task
static1
Behavioral task
behavioral1
Sample
5563c09af8f3c20651aae06e8d2db31512e95b407b74248a4bd2e18d17ba3d1b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5563c09af8f3c20651aae06e8d2db31512e95b407b74248a4bd2e18d17ba3d1b.exe
Resource
win10v2004-20220901-en
General
-
Target
5563c09af8f3c20651aae06e8d2db31512e95b407b74248a4bd2e18d17ba3d1b
-
Size
3.2MB
-
MD5
41cda259b9db50ba9dd7d6d1238d6f11
-
SHA1
0875d1a6f9353d267638c26b937609abdc0ced81
-
SHA256
5563c09af8f3c20651aae06e8d2db31512e95b407b74248a4bd2e18d17ba3d1b
-
SHA512
a842d73f7744a87b74802abc565664f62d40c7cbfc09ab8d94e0685ed46602d2dac95592cd571b43f98034a7cd749a10ed7a1502ae8f44a3f78a5a08033fe4b0
-
SSDEEP
49152:Waki/WhwzUvt+A0yvZX8BZ5vHW77TZt64RESNdwq/1JFG78ovZBh5l2ZNrqNK/eH:nknJvt/FvZc1EHdFZMQrlfU55v9Cy
Malware Config
Signatures
Files
-
5563c09af8f3c20651aae06e8d2db31512e95b407b74248a4bd2e18d17ba3d1b.exe windows x86
e2d4d1742bb946dea58001aca1b04ce2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
RemoveDirectoryW
Sleep
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
TerminateThread
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatusEx
LockResource
FreeResource
InterlockedExchange
LoadLibraryExW
GetProcAddress
CopyFileW
DeleteFileW
MoveFileW
GetShortPathNameW
GetCurrentDirectoryW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetCurrentDirectoryW
lstrcmpiW
DecodePointer
FreeLibrary
LoadLibraryW
WriteFile
GetVersionExW
GetDiskFreeSpaceExW
OpenEventW
CreateMutexW
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetPrivateProfileStringW
lstrlenW
FindClose
SetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CloseHandle
ReadFile
GetFileSize
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLocalTime
DeleteTimerQueue
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetTickCount
InterlockedCompareExchange
GetCurrentProcess
LocalFree
GetSystemPowerStatus
GetFileAttributesW
FindResourceExW
SetFileAttributesW
GetWindowsDirectoryW
GlobalMemoryStatus
FindResourceW
GetCommandLineW
InterlockedIncrement
GetModuleHandleW
GetModuleFileNameW
CreateEventW
OpenMutexW
CompareFileTime
GetSystemInfo
SizeofResource
WriteConsoleW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
InterlockedDecrement
LoadResource
CreateSemaphoreW
ResetEvent
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
DeviceIoControl
SetThreadContext
FlushInstructionCache
GetThreadContext
GetCurrentThread
SuspendThread
VirtualProtect
ReadProcessMemory
DuplicateHandle
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleExW
ResumeThread
AssignProcessToJobObject
GetSystemDefaultLangID
FlushFileBuffers
QueryPerformanceCounter
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
UnlockFile
DeleteFileA
GetVersionExA
LoadLibraryA
CreateFileA
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
InitializeCriticalSection
ReleaseSemaphore
GetStdHandle
SetEndOfFile
SetFileTime
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
VirtualQuery
GlobalFree
LocalAlloc
ExpandEnvironmentStringsW
FormatMessageW
WritePrivateProfileStringW
CreateProcessW
lstrcatW
lstrcpyW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
OpenProcess
FileTimeToLocalFileTime
GetFileInformationByHandle
lstrcpynW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetTempFileNameW
GetTempPathW
GlobalAlloc
GlobalLock
GlobalUnlock
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
MulDiv
VirtualFree
VirtualAlloc
MoveFileExW
CreateDirectoryW
GetSystemDirectoryW
SetFilePointer
SearchPathW
user32
GetSystemMetrics
GetWindowLongW
SetWindowLongW
LoadCursorW
InvalidateRect
CopyRect
SendMessageTimeoutW
ShowWindow
SetWindowTextW
SendMessageW
GetActiveWindow
EnableWindow
GetWindowTextW
GetSysColor
GetParent
PtInRect
DestroyWindow
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SetWindowPos
GetFocus
ClientToScreen
GetWindowDC
ReleaseDC
GetDC
GetWindowTextLengthW
ShowCaret
CreateCaret
GetCursorPos
SetCaretPos
IsWindowVisible
SendInput
GetForegroundWindow
SetForegroundWindow
EnumWindows
SetWindowRgn
UpdateLayeredWindow
IsZoomed
IsIconic
LoadStringW
PostThreadMessageW
CreateIconFromResourceEx
GetDesktopWindow
MessageBoxW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
RedrawWindow
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
MoveWindow
wsprintfW
CharLowerW
SetFocus
DrawFocusRect
DrawTextW
FrameRect
CharUpperW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
GetMessageW
DestroyIcon
GetIconInfo
SetRectEmpty
LoadImageW
IsRectEmpty
EqualRect
OffsetRect
KillTimer
SetTimer
SetCapture
ReleaseCapture
UnionRect
GetWindowRect
ScreenToClient
IntersectRect
IsWindowEnabled
BeginPaint
EndPaint
GetClientRect
EnumChildWindows
SetCursor
UpdateWindow
GetAsyncKeyState
CharPrevExA
gdi32
CreatePen
GetObjectW
DeleteDC
CreateCompatibleDC
SetViewportOrgEx
CreateDIBSection
BitBlt
GetClipBox
RectVisible
GetViewportOrgEx
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetTextMetricsW
SetBkMode
SetTextColor
CreateSolidBrush
ExtSelectClipRgn
GetObjectA
GetBitmapBits
SetBitmapBits
ExtTextOutW
MoveToEx
SetBkColor
SelectObject
LineTo
DeleteObject
SelectClipRgn
GetTextExtentExPointW
GetTextExtentPoint32W
GetCurrentObject
GetDeviceCaps
GetPixel
CreateBitmap
GetDIBits
SetDIBColorTable
CombineRgn
advapi32
GetSidSubAuthority
RegOpenKeyExA
GetLengthSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
ConvertSidToStringSidW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
IsValidSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegEnumValueW
RegNotifyChangeKeyValue
RegEnumKeyW
CreateProcessAsUserW
GetSidIdentifierAuthority
LookupAccountNameW
GetUserNameW
SetTokenInformation
GetSidSubAuthorityCount
DuplicateTokenEx
RegQueryValueExA
shell32
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
ord165
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
SHGetFolderLocation
ord75
ShellExecuteW
SHGetDesktopFolder
CommandLineToArgvW
ole32
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
PropVariantClear
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
oleaut32
SysFreeString
VarUI4FromStr
SysAllocStringByteLen
SysAllocString
VariantClear
VariantCopy
VariantInit
shlwapi
PathFileExistsW
PathMatchSpecW
SHDeleteKeyW
SHDeleteValueW
PathRemoveFileSpecW
PathRemoveBackslashW
PathRemoveBlanksW
PathRemoveExtensionW
PathFindExtensionW
SHStrDupW
PathIsDirectoryW
PathCanonicalizeW
PathAppendW
SHCopyKeyW
PathCombineW
StrRetToBufW
PathIsDirectoryEmptyW
PathRenameExtensionW
PathFindFileNameW
comctl32
_TrackMouseEvent
InitCommonControlsEx
msimg32
AlphaBlend
urlmon
URLDownloadToCacheFileW
wininet
DeleteUrlCacheEntryW
gdiplus
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateLineBrush
GdipCreatePen1
GdipDeletePen
GdipSetPenWidth
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawEllipseI
GdipCloneBrush
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromResource
GdipFree
GdipAlloc
GdipFillEllipseI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImageThumbnail
GdipCreateBitmapFromHICON
GdipCreateHICONFromBitmap
GdipBitmapGetPixel
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipFillPath
GdipCreateHBITMAPFromBitmap
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneBitmapAreaI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageGraphicsContext
netapi32
NetApiBufferFree
NetGetJoinInformation
NetWkstaTransportEnum
Netbios
psapi
GetProcessImageFileNameW
GetMappedFileNameW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
winhttp
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
ws2_32
htons
ntohl
ntohs
htonl
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 337KB - Virtual size: 336KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ