Static task
static1
Behavioral task
behavioral1
Sample
3ae416677fd80c73b52e6434e8bd870bab82b0d8325895755d6a56ecbf0c7405.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
3ae416677fd80c73b52e6434e8bd870bab82b0d8325895755d6a56ecbf0c7405.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Target
3ae416677fd80c73b52e6434e8bd870bab82b0d8325895755d6a56ecbf0c7405
Size
1.7MB
MD5
7d898d4ae0b134c221bc3c0d316d295a
SHA1
831c5ebe1f59dea917e07af2c4af7f95ce6e4b73
SHA256
3ae416677fd80c73b52e6434e8bd870bab82b0d8325895755d6a56ecbf0c7405
SHA512
d0704886092a91f04a469840422063143f2ff12c2ae19cd86b22a03f14517d52db04527a1d53854f3ef1b65c5d9883f22e750b6fe1b1bae34c7016b5963486d1
SSDEEP
24576:uZB9z57XhlycPvX8vI1Uu2WLKjMbpBm715vJNURTFtu8bmTuLSrAH9DFhwee0CHs:hc0UY2pBm715LUxEueAH+eCHLTU
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
RtlAnsiCharToUnicodeChar
MmProbeAndLockPages
ExAcquireRundownProtectionCacheAwareEx
ExReleaseRundownProtectionCacheAwareEx
RtlSetBits
RtlInitializeBitMap
RtlSetBit
RtlWriteRegistryValue
MmIsThisAnNtAsSystem
KeGetProcessorIndexFromNumber
KeQueryHighestNodeNumber
KeQueryNodeActiveAffinity
MmUnlockPagableImageSection
RtlSetGroupSecurityDescriptor
ExAcquireRundownProtection
ExReleaseRundownProtection
ExReInitializeRundownProtection
ExWaitForRundownProtectionRelease
ExInitializeRundownProtection
ExInitializeLookasideListEx
ExDeleteLookasideListEx
InterlockedExchange
SeQueryInformationToken
ObOpenObjectByPointer
ZwQueryInformationToken
SeTokenFromAccessInformation
SeAccessCheckFromState
ExAllocatePoolWithQuotaTag
ExUuidCreate
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
ExGetPreviousMode
KeDelayExecutionThread
ZwQueryLicenseValue
NtClose
NtQuerySecurityObject
MmIsVerifierEnabled
IoUninitializeWorkItem
IoInitializeWorkItem
IoSizeofWorkItem
SeReportSecurityEventWithSubCategory
SeSetAuditParameter
RtlEqualSid
KeQueryTimeIncrement
MmBadPointer
MmSizeOfMdl
MmUnmapLockedPages
KeExpandKernelStackAndCalloutEx
SeReleaseSubjectContext
SeUnlockSubjectContext
IoGetFileObjectGenericMapping
SeAccessCheck
SeLockSubjectContext
SeCaptureSubjectContextEx
ObLogSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
RtlLengthSid
SeExports
RtlCreateSecurityDescriptor
KeInsertQueueDpc
ExAllocatePoolWithTagPriority
RtlContractHashTable
RtlExpandHashTable
RtlCreateHashTable
KeInitializeSemaphore
RtlDeleteHashTable
KeFlushQueuedDpcs
ExGetCurrentProcessorCounts
KeCancelTimer
KeSetTimerEx
KeInitializeTimerEx
KeSetTargetProcessorDpcEx
KeGetProcessorNumberFromIndex
KeInitializeDpc
IoFreeWorkItem
IoQueueWorkItem
ExReleaseRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAware
ExFreeCacheAwareRundownProtection
ExAllocateCacheAwareRundownProtection
ExWaitForRundownProtectionReleaseCacheAware
ExReInitializeRundownProtectionCacheAware
ZwQueryValueKey
ZwOpenKey
MmBuildMdlForNonPagedPool
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlInitializeGenericTableAvl
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
PsGetProcessSessionId
RtlLookupElementGenericTableFullAvl
KeIsExecutingDpc
ExNotifyCallback
KeQuerySystemTime
InterlockedPopEntrySList
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
InterlockedPushEntrySList
ObDereferenceSecurityDescriptor
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPagesSpecifyCache
KeBugCheckEx
ZwQuerySystemInformation
KeReleaseSemaphore
ObReferenceSecurityDescriptor
KeInitializeSpinLock
RtlGetVersion
KeTestSpinLock
KeReleaseInStackQueuedSpinLockFromDpcLevel
RtlEndWeakEnumerationHashTable
RtlWeaklyEnumerateEntryHashTable
RtlInitWeakEnumerationHashTable
KeAcquireInStackQueuedSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PsGetProcessId
IofCallDriver
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
EtwWrite
KeGetCurrentProcessorNumberEx
KeQueryDpcWatchdogInformation
KeQueryInterruptTime
ExFreePoolWithTag
ExAllocatePoolWithTag
KeQueryMaximumProcessorCountEx
RtlVerifyVersionInfo
VerSetConditionMask
PsGetThreadProcess
PsIsSystemThread
KeGetCurrentThread
PsGetCurrentProcess
KeInitializeEvent
KeSetEvent
MmLockPagableDataSection
MmUnlockPages
MmUserProbeAddress
RtlIpv6StringToAddressA
KeQueryMaximumGroupCount
RtlTimeToTimeFields
KeGetRecommendedSharedDataAlignment
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlCreateHashTableEx
RtlEnumerateGenericTableLikeADirectory
KeSetCoalescableTimer
KeInitializeTimer
ZwEnumerateKey
RtlQueryRegistryValuesEx
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlUnicodeStringToInteger
RtlCompareUnicodeString
RtlIntegerToUnicodeString
RtlCopySid
RtlSubAuthorityCountSid
ExfTryToWakePushLock
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExfAcquirePushLockExclusive
PoUnregisterPowerSettingCallback
ExCreateCallback
ExRegisterCallback
PoRegisterPowerSettingCallback
ExUnregisterCallback
EtwWriteTransfer
EtwRegister
EtwUnregister
IoCreateDevice
ObfDereferenceObject
RtlCompareMemory
KeWaitForSingleObject
ObReferenceObjectByHandle
KeQueryActiveProcessorCountEx
ZwClose
IoGetCurrentProcess
KeReleaseMutex
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
KeInitializeMutex
KeReadStateEvent
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
PcwUnregister
PcwRegister
PcwAddInstance
IoQueueWorkItemEx
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
PsGetCurrentProcessId
RtlValidSid
RtlGetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlAddAccessAllowedAce
RtlMapGenericMask
RtlInitializeSid
RtlLengthRequiredSid
ObSetSecurityObjectByPointer
KeIsAttachedProcess
PsSetCreateProcessNotifyRoutineEx
ZwCreateFile
SeLocateProcessImageName
RtlSubAuthoritySid
KeUnstackDetachProcess
ZwDuplicateToken
KeStackAttachProcess
ZwOpenProcess
IofCompleteRequest
IoDeleteSymbolicLink
IoCreateSymbolicLink
KeTickCount
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
PsReferencePrimaryToken
PsReferenceImpersonationToken
ObCloseHandle
RtlQueryPackageIdentity
IoAllocateWorkItem
SeOpenObjectAuditAlarmForNonObObject
RtlFindClearBits
RtlAreBitsClear
RtlFindSetBits
RtlClearBits
ExInitializeResourceLite
ExDeleteResourceLite
RtlClearAllBits
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExAcquireResourceSharedLite
RtlTestBit
RtlClearBit
PsQueryProcessAttributesByToken
RtlPrefixUnicodeString
IoWMIRegistrationControl
RtlDowncaseUnicodeString
ZwOpenEvent
_alldiv
_allmul
_allshr
_aulldiv
_aullrem
memcmp
RtlUnwind
NetioNcmNotificationChannelContextRequest
NsiAllocateAndGetTable
NsiFreeTable
RtlInitializeToeplitzHash
RtlCleanupToeplitzHash
NetioAllocateNetBufferMdlAndDataPool
NetioAllocateNetBufferListNetBufferMdlAndDataPool
NetioFreeNetBufferMdlAndDataPool
NetioFreeNetBufferListNetBufferMdlAndDataPool
FsbFree
RtlIndicateTimerWheelEntryTimerStart
RtlResumeTimerWheel
RtlIsTimerWheelSuspended
FsbAllocateAtDpcLevel
NetioNcmFastCheckIsAoAcCapable
NetioNcmFastActiveReferenceRequest
NetioFreeMdl
NetioFreeNetBufferList
NetioExtendNetBuffer
NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData
NetioAllocateNetBufferMdlAndData
NetioFreeNetBuffer
NetioDereferenceNetBufferListChain
NetioNcmTlObjectRequest
RtlComputeToeplitzHash
NetioNcmNotifyRedirectOnInterface
FsbAllocate
RtlInsertElementGenericTableBasicAvl
RtlDeleteElementGenericTableBasicAvl
RtlInitializeTimerWheelEntry
RtlSuspendTimerWheel
RtlGetNextExpirationTimerWheelTick
RtlCleanupTimerWheelEntry
RtlUpdateCurrentTimerWheelTick
RtlGetNextExpiredTimerWheelEntry
RtlReturnTimerWheelEntry
RtlCopyMdlToMdlIndirect
NetioAdvanceToLocationInNetBuffer
RtlCopyMdlToMdl
NmrClientAttachProvider
NmrRegisterClient
NmrDeregisterClient
NmrWaitForClientDeregisterComplete
NetioRegSyncDefaultChangeHandler
NetioRegSyncInterface
NetioNcmHandlePatternEviction
NetioSqmWriteEvent
NetioAllocateOpaquePerProcessorContext
NetioFreeOpaquePerProcessorContext
RtlCleanupTimerWheel
RtlInitializeTimerWheel
RtlInitializeTimerWheelEnumeration
RtlEnumerateNextTimerWheelEntry
RtlEndTimerWheelEnumeration
NsiSetAllParameters
NmrProviderDetachClientComplete
RtlCopyMdlToBuffer
NetioFreeNetBufferAndNetBufferList
RtlCopyBufferToMdl
NetioAllocateAndReferenceNetBufferAndNetBufferList
NetioCompleteCopyNetBufferListChain
NetioAllocateAndReferenceCopyNetBufferListEx
NetioCopyNetBufferListInformation
NetioInitializeNetBufferListContext
NetioFreeCopyNetBufferList
NetioRetreatNetBufferList
NmrRegisterProvider
NmrDeregisterProvider
NmrWaitForProviderDeregisterComplete
NmrClientDetachProviderComplete
TlDefaultRequestQueryDispatch
TlDefaultRequestMessage
TlDefaultRequestQueryDispatchEndpoint
NetioReferenceNetBufferList
TlDefaultRequestListen
TlDefaultRequestConnect
TlDefaultRequestCancel
TlDefaultRequestIoControl
NetioNcmGetAllNotificationChannelContextParameters
NetioShutdownWorkQueue
NetioNcmCleanupState
NetioNcmInitializeState
NetioNcmSignalNcContextWorkQueueRoutine
NetioInitializeWorkQueue
FsbDestroyPool
FsbCreatePool
KfdRegisterRscIncompatCalloutNotify
NetioInsertWorkQueue
WfpStreamInspectRemoteDisconnect
WfpStreamInspectReceive
NetioInitializeNetBufferListAndFirstNetBufferContext
NetioInitializeNetBufferListLibrary
NetioUnInitializeNetBufferListLibrary
NetioRegisterProcessorAddCallback
NetioUnRegisterProcessorAddCallback
NetioSqmTerminate
RtlInvokeStopRoutines
NetioSqmInitialize
NsiReferenceDefaultObjectSecurity
NsiRegisterChangeNotification
NsiDeregisterChangeNotification
NetioCompleteNetBufferListChain
NetioAllocateAndReferenceFragmentNetBufferList
IoctlKfdSetBfeEngineSd
IoctlKfdResetState
IoctlKfdQueryLayerStatistics
IoctlKfdAbortTransaction
IoctlKfdCommitTransaction
IoctlKfdDeleteCache
IoctlKfdAddCache
IoctlKfdBatchUpdate
IoctlKfdDeleteIndex
IoctlKfdAddIndex
SetWfpDeviceObject
NetioGetStatsForQoSFlow
NetioDeleteQoSFlow
NetioCreateQoSFlow
NetioAssociateQoSFlowWithNbl
KfdIsActiveCallout
FwpmEventProviderFireNetEvent0
FwpmEventProviderIsNetEventTypeEnabled0
FwpmEventProviderDestroy0
FwpmEventProviderCreate0
KfdAleUpdateEndpointContextStatus
WfpNblInfoAlloc
WfpPacketTagCountIncrement
WfpNblInfoDestroyIfUnused
NetioAllocateAndReferenceNetBufferList
NetioAllocateNetBuffer
HfDestroyFactory
HfCreateFactory
NetioNcmActiveReferenceRequest
PtGetNumNodes
PtCreateTable
PtDestroyTable
NetioCompleteNetBufferAndNetBufferListChain
NsiSetParameter
PtGetNextShorterMatch
PtGetLongestMatch
PtEnumOverTable
PtGetKey
PtDeleteEntry
PtInsertEntry
PtGetExactMatch
PtSetData
PtGetData
RtlCompute37Hash
NetioQueryNetBufferListTrafficClass
NetioExpandNetBuffer
NetioUpdateNetBufferListContext
NetioAllocateAndReferenceVacantNetBufferList
NetioAllocateAndReferenceCloneNetBufferList
NsiSetObjectSecurity
NsiResetPersistentSetting
NsiGetParameter
KfdIsDiagnoseEventEnabled
KfdCheckAndCacheAcceptBypass
KfdCheckAcceptBypass
KfdQueueLruCleanupWorkItem
KfdCheckAndCacheConnectBypass
KfdCheckConnectBypass
KfdGetLayerActionFromEnumTemplate
WfpExpireEntryLru
WfpSetBucketsToEmptyLru
KfdAleRemoveFlowContextTable
WfpScavangeLeastRecentlyUsedList
WfpLruProcessExpiredEndpoint
WfpInsertEntryLru
WfpDeleteEntryLru
WfpLruQueueLruCleanupWorkItemForContext
WfpUninitializeLeastRecentlyUsedList
WfpInitializeLeastRecentlyUsedList
KfdAleInitializeFlowTable
MatchCondition
KfdFreeEnumHandle
KfdDerefFilterContext
KfdGetNextFilter
KfdEnumLayer
KfdToggleFilterActivation
WfpStreamIsFilterPresent
NsiGetAllParameters
KfdAleAcquireEndpointContextFromFlow
KfdBfeEngineAccessCheck
FeReleaseCalloutContextList
FwppStreamDeleteDpcQueue
KfdAleNotifyFlowDeletion
KfdAleUninitializeFlowHandles
KfdAleInitializeFlowHandles
NetioUnInitializeFlowsManager
NetioInitializeFlowsManager
NetioFlowRemoveContext
NetioFlowRetrieveContext
NetioFlowAssociateContext
WfpNblInfoSetFlags
WfpNblInfoClearFlags
NetioReleaseFlow
NetioCreateForwardFlow
NetioRefreshFlow
NetioLookupForwardFlow
KfdAuditEvent
KfdDiagnoseEvent
KfdGetOffloadEpoch
KfdIsLsoOffloadPossibleV6
KfdIsLsoOffloadPossibleV4
KfdDirectClassify
KfdIsV6InTransportFastEmpty
KfdIsV4InTransportFastEmpty
KfdIsV6OutTransportFastEmpty
KfdIsV4OutTransportFastEmpty
WfpRefreshEntryLru
NetioAllocateAndReferenceCloneNetBufferListEx
NetioFreeCloneNetBufferList
KfdReleaseCachedFilters
NetioAdvanceNetBufferList
KfdCheckClassifyNeededAndUpdateEpoch
KfdAleReleaseFlowHandleForFlow
KfdClassify
KfdAleAcquireFlowHandleForFlow
KfdDeregisterLayerEventNotify
KfdSetWfpPerProcContextPtr
WfpNblInfoDispatchTableClear
KfdRegisterLayerEventNotify
WfpNblInfoDispatchTableSet
FwppTruncateStreamDataAfterOffset
FwppAdvanceStreamDataPastOffset
FwppCopyStreamDataToBuffer
FwppStreamContinue
FwppStreamInject
FeGetWfpGlobalPtr
KfdGetLayerCacheEpoch
RtlInvokeStartRoutines
NetioAllocateAndInitializeStackBlock
NetioFreeStackBlock
NetioStackBlockProcessorAddHandler
WfpNblInfoGet
WfpStartStreamShim
WfpStopStreamShim
NetioAllocateMdl
NetioDereferenceNetBufferList
KfdIsLayerEmpty
WfpStreamEndpointCleanupBegin
WfpStreamInspectSend
NsiGetParameterEx
WfpStreamInspectDisconnect
NdisOffloadTcpDisconnect
NdisInvalidateOffload
NdisQueryOffloadState
NdisOffloadTcpForward
NdisTerminateOffload
NdisOffloadTcpReceiveReturn
NdisOffloadTcpReceive
NdisDeregisterProtocolDriver
NdisUpdateOffload
NdisFreeRWLock
NdisAllocateRWLock
NdisFreeGenericObject
NdisAllocateGenericObject
NdisGetSessionToCompartmentMappingEpochAndZero
NdisAcquireRWLockWrite
NdisReleaseRWLock
NdisAcquireRWLockRead
NdisInitiateOffload
NdisOffloadTcpSend
NdisIfQueryBindingIfIndex
NdisOpenAdapterEx
NdisCloseAdapterEx
NdisGetRssProcessorInformation
NdisCompleteNetPnPEvent
NdisDirectOidRequest
NdisCancelDirectOidRequest
NdisOidRequest
NdisCloseNDKAdapter
NdisOpenNDKAdapter
NdisCancelSendNetBufferLists
NdisReturnNetBufferLists
NdisRegisterProtocolDriver
NdisSendNetBufferLists
NdisGetDataBuffer
NdisSetOptionalHandlers
NdisFreeNetBufferList
NdisGetSessionCompartmentId
NdisAdjustNetBufferCurrentMdl
NdisGetThreadObjectCompartmentId
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
FltGetFileNameInformationUnsafe
FltReleaseFileNameInformation
FwpsProxiedEndpointWasRedirectedToProxy
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateSubscribeChangesWithoutDevice0
FwpmEngineOpen0
FwpmEngineClose0
FwpsClassifyOptionSet0
FwpmSecureSocketDeleteByKeyAsync0
FwpmSecureSocketAddAsync0
FwpsInjectNetworkReceiveAsync0
FwpsForceReclassifyLayer0
FwpsCancelEndpointDeleteNotification0
FwpsRequestEndpointDeleteNotification0
FwppDispatchDevCtl0
IPsecDriverProcessClearTextResponse
IPsecDriverExpire
IPsecDriverInitiateAcquire
FwpsFreeNetBufferList0
FwpsReassembleForwardFragmentGroup0
FwppAllocateNetioCloneNetBufferList
FwpsNetBufferListRetrieveContext0
FwppProcessorAddHandler
FwpsIPSecGetPacketListSecurityInformation
FwppNetBufferListAssociateContext
FwpsQueryPacketInjectionState0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpsInjectTransportSendAsync1
FwpsConstructIpHeaderForTransportPacket0
FwpsAllocateCloneNetBufferList0
FwpsFreeCloneNetBufferList0
FwpsTcpIpDispatchTableAndGlobalsSet0
FwpsTcpIpDispatchTableClear0
FwppNetBufferListEventNotify
FwpsCalloutUnregisterByKey0
FwpsCalloutRegisterWithoutDevice0
FwpsProxiedEndpointUnRegisterForExitingEndpoint
FwpsProxiedEndpointClassifiableFieldGet
FwpsProxiedEndpointMetadataValueGet
FwpsProxiedEndpointRegisterForExitingEndpoint
KeGetCurrentIrql
KfLowerIrql
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
AcquireCredentialsHandleW
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle
BCryptGenRandom
BCryptCreateHash
BCryptSetProperty
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptEncrypt
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
QuerySecurityContextToken
NdrMesTypeDecode2
MesHandleFree
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ