Static task
static1
Behavioral task
behavioral1
Sample
76efded656a3a6ab4443843ff4bcb2efd4c6c89e45c6969bd2517bbf2ed45a5e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
76efded656a3a6ab4443843ff4bcb2efd4c6c89e45c6969bd2517bbf2ed45a5e.exe
Resource
win10v2004-20220901-en
General
-
Target
76efded656a3a6ab4443843ff4bcb2efd4c6c89e45c6969bd2517bbf2ed45a5e
-
Size
793KB
-
MD5
09dd6bb6718701b9d2b71b4b03f26752
-
SHA1
fde06c42221723713454e4ad501fa248a47ff12f
-
SHA256
76efded656a3a6ab4443843ff4bcb2efd4c6c89e45c6969bd2517bbf2ed45a5e
-
SHA512
4f1ad92a3118ae84c30ae79780712dc308f8d92c3f8d5c4484aa08978a42ac70ddde8878206b4033464b522e3c9757574a87c4dd0e3f0d45b360f4169495d77e
-
SSDEEP
12288:c7YRRG9TDcyGgN1eH1qgLzUsmZWKU/rojSya3sbX0pFZ2:ZRoTIyGgN1g1qcU5WKU/6SyQsbUZ2
Malware Config
Signatures
Files
-
76efded656a3a6ab4443843ff4bcb2efd4c6c89e45c6969bd2517bbf2ed45a5e.exe windows x86
8d56341f70936f140250cce5ef41fc76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
CryptGetDefaultProviderW
CryptExportKey
CreateProcessAsUserA
GetUserNameA
ReportEventW
QueryServiceStatusEx
RegCreateKeyExA
StartServiceCtrlDispatcherW
AccessCheck
RegDeleteValueW
LsaGetUserName
QueryServiceLockStatusA
CreateProcessAsUserW
GetWindowsAccountDomainSid
CryptGetHashParam
RegOpenKeyExW
SetSecurityDescriptorDacl
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegNotifyChangeKeyValue
BuildTrusteeWithSidW
RegEnumKeyExA
SystemFunction011
SystemFunction031
RegReplaceKeyA
RegSetValueExA
ulib
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?QueryWCExpansion@PATH@@QAEPAV1@PAV1@@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?Insert@LIST@@QAEEPAVOBJECT@@PAVITERATOR@@@Z
?Stricmp@WSTRING@@QBEJPBV1@@Z
??1MEM_ALLOCATOR@@UAE@XZ
??0FSN_FILTER@@QAE@XZ
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
??1HMEM@@UAE@XZ
?Stricmp@WSTRING@@SGHPAG0@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
??0LONG_ARGUMENT@@QAE@XZ
?SetName@PATH@@QAEEPBVWSTRING@@@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?Strcmp@WSTRING@@QBEJPBV1@@Z
?DeleteChAt@WSTRING@@QAEXKK@Z
??1DSTRING@@UAE@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?Initialize@KEYBOARD@@QAEEEE@Z
winspool.drv
DeletePrintProcessorW
DeviceCapabilitiesW
GetPrinterDriverDirectoryA
EnumPrinterDriversW
GetPrinterDriverW
GetJobW
SetPrinterDataExW
StartPagePrinter
WritePrinter
EnumFormsA
FindNextPrinterChangeNotification
EnumPrinterDriversA
DocumentPropertiesA
EnumPrintersA
DeleteFormW
SetJobW
EnumJobsW
FindClosePrinterChangeNotification
EnumMonitorsA
GetPrinterDataExW
AddFormW
EnumPortsA
AddPrinterDriverW
XcvDataW
DocumentPropertiesW
netapi32
NetGroupAdd
NetFileClose
NetRegisterDomainNameChangeNotification
NetUserModalsSet
NetUseAdd
I_NetServerReqChallenge
NetUserGetGroups
NetGroupDelUser
NetUseDel
NetConnectionEnum
NetServerSetInfo
NetGroupAddUser
NetJoinDomain
I_NetServerAuthenticate
NetRemoteTOD
NetUserGetInfo
NetServerEnum
NetUserSetInfo
NetLocalGroupAdd
NetLocalGroupGetInfo
Netbios
NetGroupDel
DsEnumerateDomainTrustsW
NetApiBufferAllocate
DsGetDcNameW
NetLocalGroupDel
NetGetAnyDCName
NetGroupSetInfo
NetShareEnum
rasapi32
RasGetEapUserDataW
RasGetEntryPropertiesW
RasSetEntryPropertiesW
RasEnumDevicesW
RasEnumEntriesW
RasGetEntryHrasconnW
RasGetHport
RasGetAutodialAddressW
RasEnumConnectionsW
RasGetErrorStringW
RasSetAutodialAddressW
RasConnectionNotificationW
RasHangUpW
RasSetCredentialsW
RasGetCredentialsW
RasGetEapUserIdentityW
RasSetEapUserDataA
RasGetSubEntryPropertiesW
msvcrt
_chdrive
_CIsqrt
wcstok
iswctype
rename
_wtoi
_lseeki64
_ismbstrail
isupper
_wsystem
iswascii
free
log
toupper
_unlock
_mbsupr
wctomb
kernel32
GetTempPathW
GetCurrentProcessId
BeginUpdateResourceW
SetupComm
GlobalLock
ReadProcessMemory
ReleaseMutex
SetFileAttributesA
CreateTimerQueueTimer
WriteProcessMemory
UnmapViewOfFile
IsBadStringPtrW
GetEnvironmentStrings
CreateMutexW
VirtualAlloc
_llseek
GetLocaleInfoA
GetFileInformationByHandle
FindFirstFileExW
gdi32
EngGradientFill
EngStrokeAndFillPath
ExtEscape
GetTextExtentPoint32A
TextOutA
GdiEntry1
PolyDraw
CombineTransform
GdiEndDocEMF
SetFontEnumeration
GetTextCharsetInfo
GetObjectType
CreateEnhMetaFileW
GdiStartDocEMF
EngDeletePalette
XLATEOBJ_iXlate
BRUSHOBJ_pvAllocRbrush
ResetDCA
CreateDIBSection
GetSystemPaletteEntries
RoundRect
PolyPolygon
PlgBlt
CreateCompatibleBitmap
SetDIBitsToDevice
EngLockSurface
user32
SystemParametersInfoW
DispatchMessageW
ModifyMenuA
DestroyCaret
ToAsciiEx
DlgDirSelectExA
RegisterDeviceNotificationW
EqualRect
SetWindowTextA
WindowFromPoint
SendNotifyMessageA
SetWindowLongA
ClipCursor
UnregisterUserApiHook
CreateMenu
DestroyMenu
RecordShutdownReason
DlgDirSelectComboBoxExA
GetMenuState
LockWindowUpdate
SetPropW
EnumDisplayDevicesA
SendMessageW
GetCursor
FindWindowExW
SendMessageTimeoutA
mscms
TranslateColors
CreateColorTransformW
InternalGetPS2CSAFromLCS
TranslateBitmapBits
OpenColorProfileA
GetColorProfileHeader
InternalGetPS2ColorSpaceArray
EnumColorProfilesW
UninstallColorProfileW
GetStandardColorSpaceProfileW
InstallColorProfileW
GetColorDirectoryW
GetColorProfileElement
EnumColorProfilesA
InternalGetPS2PreviewCRD
CreateColorTransformA
CloseColorProfile
InternalGetPS2ColorRenderingDictionary
DeleteColorTransform
GetColorDirectoryA
IsColorProfileValid
OpenColorProfileW
Sections
.text Size: 40KB - Virtual size: 434KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
CRT Size: 144KB - Virtual size: 424KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 463KB - Virtual size: 575KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ