�)�l7��-�_Yq }�}z斨QF-ƖH? )�1(-U9>�cLc<%���FY�U�|��I����{՚nŚ��?~F`�`?��yd��y/�'=L3B-v=g�L7ͧjZ]j�������>��QÓ�D��Ua��C�i����T;6��e�:�]��)@J�ط�!Jd�~�G.�{����3�r�>�� /�r-$�� J}�O�嵳�5=�y[����v� _�_pȴ�nPad*h��$Ѿ��SLB���gyt�)�O��s; 5r���),%Ua�,2�\T:�m���eE�' Qw�4�q(L~��CE<�Y�!Z�:u���>A��O�7~���=���:zY��U��v����V���0ZB�i�=�Q $�N��cC�`J;0+�p&�m>d�GuA���sD{�k9NJ\{F��&���2p��g�Fj�r����Fq�o�a� �d���G�L��ݩaSISI��]�q#S�����D��X.�"?f�?G[����t�n�q~�S�9,N �ުlk*?<��Z��)-h_פlmh.5? �ցO�^ (�������s���3R����;��������.<����)�7MI��a`���6x�x+ط��h�~#��Q��O*+�u��rwY�bl��c�tl�Wq��;{���K��������;�2��-�T)���Q��"�+�YZ/�8L��#Cs��j��f�e+�ͽ|��S^�{l,�ONy���w�9y�� ���ȫͽhD��'P�<�H��RK��i×��p���Ĺ9h�1�ɡN�b}�^��sX���R�{$�(�#�i�v=��ngl���9,v���Q��� �н��_g=�lf̯~C��Q!�O��F�4�%�D\���'':4g��N_�%Z"Oi�'>���9m���T�SWYaN)��zU�V )8���x����N ���Z�:۷s3!��uΖ��/���A���/�9!��A�T��3��"��Je���}���6�j���5�Zl��n��Ϣ�0�.S���|ϕ ��FTޏ$r`���b���#��³ G��?��a17������m���ߘ�گ����!�T�s��_�D��7�n��T���b��yg�8 �����Z�_μ�qH��Ȉ�����Ų^?�:"xsF����|�cgB��w>e��'��,0�k���9%x����l�_&�����@���M6����>���e���C�vqh�t.��5�z�������&^"�|�������L�;�G| fV&� �!=Q�[��������2�Z��w�M�s5�CZ��n�~�A�%�^C2��j���q�$��繈�X���z\�e����L�����$�����P>��G!%a����{�#�lCw�N��g2L6���!�N�����:��t�\�=VūѮu��i��[���bԻ��B���t ����1�y��8�&����$+<��;c�}�$t�]���&5%t� ��VB4$ ����Q��)�X�F�����R�ȫ#�q�]���#��Gꗒ�=�X�pe���1Z�T�ŝS_����@Hn��1��� �����?vTr��;V�Ħ���qo��L�B���O:�sN�� 70����kW�~<�V4B��>a���Ld�8�Tb6j��[��qj��Q�V��ע�Ň<�n}��/�m86�����qE{���LRA|'�i.�r��v��N(j(R2v��j ]6�\Fu���AQ���>���?��c��\>=�����d�����F��'� ]L����a�>��k6����M���D�n1��=��?!�,�@)HӔ4���F�kt7�˂%NE��.NQ;wCV�{n"w����e��,�Ipz�ܾ1��t�L�5w,�2��`��m�ߝ~edP���?�i�ڀi��@P�o��T@uK��-mF���".�f��� ���8�>�����_5шYoL�u�WA�]�Ok��������a�B�m��@E �\��W�)*�U�)��I�Т}M0Q���#�J��ԩ���IX��6��nWy��j��p%�w������=�pY�w�`��1V��z��S�Ox6g���P��Q7�BoW�F����y*`�[v��(��'?B�}Tz��)�'�*�[�M����� �'c�^�щ�Хe}�*8s�Z锲ҷs�=,�>=m��:���O���ɇJ6���w��䋒�����F �`t�O�$�T�H���!�R�/nK���S���+i�& �1�o����:Y���O_���Yot�G.���tf�Qa8��nc����;���f��l�iB�d�f�e�U�Zw�x?\]Ae��"%�X�Q�4�R#7 ���&UcoL��T���J�)�x�p����k�j�`)�-1�_�k�4�č��9�\��]G��) �^���PI�N�#bm� �np���u <�WÝ�͚�c��k�e�<^(;����� :���f�=�l|�+P�b��ў8��u"=���1��VnMm7�آ�.�L�rj����9ט��� �Tbz���8�-,e��fӈ R2 16���G3�*�����#cG8�.���Q��Fޡ�C7�y���`i@Xp��z����7�����W�{�U¡]�V������W����HA��lZ䲧k�1,�Gm+�Im���d��n^z�h� ��:���3�tGLD�T`;�dlf��X�ʖ1q�߈�Q@�2/(����o��C>��g�5���gJ ��� r�U{R�E�30\���}`*o;/R�MF�(Fd���|߄��=���d,�?tV�p3^J5uow'�'3�����YC���Jk�,S��[�9���1r��npb��6I���5�#d�k`�ٜKx���� =�YӒ�ޘ5�ͩ�D�������*9:���U��r��*�$cn'4.UP�)X�E+��L�D�J�������-j�}]���~�R���rM\~���l9-���� ���JK��,��k���6epd:ײ�4���y������V�Q�=n�������,� ��[�=�gIf�a�tݧ"O�s�L����J���.�hеyt���
Static task
static1
Behavioral task
behavioral1
Sample
38a24ce71400f108f2af30099c32c35c2d55d48c59a7dcb6a47526230558a69d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
38a24ce71400f108f2af30099c32c35c2d55d48c59a7dcb6a47526230558a69d.exe
Resource
win10v2004-20220812-en
General
-
Target
38a24ce71400f108f2af30099c32c35c2d55d48c59a7dcb6a47526230558a69d
-
Size
2.0MB
-
MD5
bc2ed601e675ade9a37a3782ef68290e
-
SHA1
a2537ad8dc0646a294d392035d0ed866033d218e
-
SHA256
38a24ce71400f108f2af30099c32c35c2d55d48c59a7dcb6a47526230558a69d
-
SHA512
16cf6db227f1b17cc05299b956703b15f862e22d9d8e106711dd6723b21404d1d467439c138b2e400322f8a5f58fe9f86def548b06e2f38abc9270900b782407
-
SSDEEP
24576:mBKD+lv1pGK9JJDSyOK3hzJqxCPN1YgDHJjcJYcCMIZan+EwKygGgbK+fJwh19k8:mBNtJ2yOQpJtFCyJjLtIF++6h8dS+pq
Malware Config
Signatures
Files
-
38a24ce71400f108f2af30099c32c35c2d55d48c59a7dcb6a47526230558a69d.exe windows x86
51b809aefe489b6097ddbf785832d44e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
FileTimeToLocalFileTime
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
UnregisterClassA
MessageBoxA
advapi32
RegCreateKeyExA
oleaut32
SysFreeString
version
VerQueryValueA
gdi32
BitBlt
ole32
OleUninitialize
comctl32
ImageList_SetDragCursorImage
shell32
SHGetSpecialFolderLocation
wininet
InternetOpenUrlA
comdlg32
GetOpenFileNameA
msimg32
GradientFill
Exports
Exports
Sections
CODE Size: - Virtual size: 923KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.nester0 Size: - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 36KB - Virtual size: 643KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.nester1 Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.nester2 Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ