Z�13����a�Q�S�+�F����)�]��z���Sp� F�<��Gi@�]�K;ۜo_>�4c�a��+P3�l�gq3g��PրA�Ibl!\-�K�r���q˯�oW�gS�=����@�8��c��-2����3��'�>A�-�ч+L�v#�n~ �M��(�;��V��@��P>Uʿ�����)�����qKQG?-��(�m���s����'s��^?-�d P|쇍�G�7Y�3y���U��|ya, +�J�@ȯ(�I$��VI��ڦ�or4�y1 �9|��(z%�z?&�� ��ky �K��X6O�nTr�D~Q�i�N5x���ړ��F R���%t(ʥ��߬��Vt�E|\��ԇ���`i�|�������?��Vgy `(�l#���p`b��+�g���Y}DTa���ݱ��9)?�{�+� ���-��;�J[��ZNQ E����L �U��]� u}F�3qN�����d�5Z]���5[E��\��gҒK�� ���Za�Q��s�LSiJ���e�q{�����i��o�V�?�����a�a��'��C��Plk�C聥���iY�G�t�(� �W�������M���E ��H�а7r �+?hD r���1]��0��)�I�|ΡY���o� e�9r����s*Q�;e��lT�+5�n�a�?=�jQDT(bt�N�֦$�@��{�P8>�"�(u tw�D���i�����b�2U����@^�O�O���0�ݰ��� �v����5P�lu;���sB�MN�M��ܴ����[2�J7�)�7�R��t)n>�q$ ��ͼz5F�Q��h���1�XP��N�ظ��������/�b�@�kd߿v\�7z9W���ނ�L��-�/� 8���p�b��ݑO�Be����Yf%����?� �4�oCYG��d8Ö5��e�-��-��BN�b�;c�\�_���lьO!"6�XL(��������/O�k�B�����<��yoT�����Za�;�XA�P\<g���N�KϮ,�Z�N��oU�Ѕ����������;�R��;�"��I��]C�Z@���K�A�p��5��/Ŀs�#m�̹))��u�z{����'�?��pNͷ����\3\ڼ� [<�^�<�A#�e�b�����@�L9F�Z �h���\�s�ɷh�+G��EK�D�o�l�BO���HեJ�{W�������!z���ø��ؠ<���Kz�Fz�'�q]ٛ�7f���+�+�P1z���%ӎ%�My��M�zn{��J0o����h����'څ/�ٛ��d����;�Z�*.�5�"c(�>�牸X��_Q�x�M'��@�o��� Wǂ���4_�����!�9��r����g�W��l��=��,'&H�ɿˊ}X��J�D��<�B�t���`M�O��P'7��o=��������0��m��͒��_�+sX�����$Ӝ�0)?҃�[VGrKk��J�G=̅+�3�#�n��'�"-w/ed�i��f6ԳUG<�\#l�G�}��Ǹ�/�>=$5!& �<�䷛ފM. �XǬ�u|��k�2L���1×�gc��pa�cD��F��3#����Z�\�ۃ͜ �i 2iB� 7Z��#���\�yrW��2�O�|2|�\A������-�T�-��Q֥`P�����qD32x$���*����d��쪲���~�W� �.H�K1���E#8�oq}�q$(Y��<�������c��<}�g$?Q��v,��%��;�s��䲚К�(�^O:���z3�6���ҞC.=^��<�@v3R����BO���w�_zX��Kl"p��*).��gdLKe����@�j�^i�m��]�ig|b�p�-������&r�a(z� ��a#�v��u~��S����u_�o�D��������[��#N��Wf�b`Zg�#�z���J՛���d4#U,�+���ׯ�s�l�`8��hR�������� oL���і�M.�:�P�{5F�j-�Ź�q��c7Ľ��E]qC�WK�g4^��yӞ��29�:��p�>ݶ���n�'��� �e���d�""��0�1�T�uH�=}������+o̙mA����u.�[��0��̌�_���jY<i�iy_��0xʙ�J�2�7�Ѐ�>\��袳x4��&��Z����Gb,ym�εwE�7��\� ���OWN��k�פ�� q ��^���3,�P�q�RB�Rx���t�Xɤf�j��7cr4E�mw��@\F.>���e�LC�D��lG����y�M=�t����-q�/.��W���*&Ub�6xSφ B��5��'�.*�Ŝ]��� 1t�l)�q?]=��X:g�e���T=��t�6W�FC�D��;���Q5�����4�< O>��]z���P����S|v����@p�Q~��a��B���ۯ*BTx8a�`b����;��@��t/rz�6�Y�H��c�� ]��խ�Ο^��^"BM��r �i���uKz��B��Yd��v9�������cX��E�b�X�2 �B/*���>)l�k�(&�q���c���ދ��|������7�6�r��u�>��X�E����� �C�3�M�1֥2��dS�q��[��.�����m!ԉ��w�W��s��/�%���T�9��_��#�۩^���HU����]M=ß���p�flw�-��!��7$��j?�c#�ܪ���O��~�&$�}��N�gz��^���$~�0�0��Jd�) 2C�~9Ȧ�8 ��_᩷��1� W��blp��xA�����]�7Y�zF+��j��,�,dۿ���~����I� ���"�FA��(����b�W �֤)�OmN�~��GU��)�ZW\�m��\�w+�$(�����*�[#ǥ��X�gp�D��{p�%l�,� Ў����Ԙű�_F?�x�����2��HA���X������]j���"� 4�p���5����#�G<y�_�K}C�})�M����R#O�_I�W8�����)@v~,�&b�yPI].\��X̀ү�Lp��)T�F���J�I4
Static task
static1
Behavioral task
behavioral1
Sample
f0121e7002360fab8505673a75fc6b819cb425f90b43b2cc5783b77bd1c2621e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f0121e7002360fab8505673a75fc6b819cb425f90b43b2cc5783b77bd1c2621e.exe
Resource
win10v2004-20220812-en
General
-
Target
f0121e7002360fab8505673a75fc6b819cb425f90b43b2cc5783b77bd1c2621e
-
Size
2.3MB
-
MD5
ba58d91429a8fb7ef08dfe3d43a53483
-
SHA1
c3d2fe1048b824b9126ee0a75177d7b54d20860c
-
SHA256
f0121e7002360fab8505673a75fc6b819cb425f90b43b2cc5783b77bd1c2621e
-
SHA512
1ca9ca56fdc3b9b5cf0cc5ff56dee952f363930a39d4ec0e2da07cb269c16230f776fced21c05e176984c8d5854ded53184e409a41f743bd9de518ae3c5e0c08
-
SSDEEP
49152:md+RDcqB/yfd8eZSfusrbEZE3F0wNu2Fxgp4YHD9oSP+0zB4ebfrAX5ee2Y:vRDcVfZSfugbEZE3FLN9xwHHD6CznbDy
Malware Config
Signatures
Files
-
f0121e7002360fab8505673a75fc6b819cb425f90b43b2cc5783b77bd1c2621e.exe windows x86
6d781f7c61afaf0de8911cd580864854
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_adj_fdiv_m32i
kernel32
ReadFile
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
winmm
waveOutReset
user32
MessageBoxA
Exports
Exports
Sections
.text Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.VCrypt0 Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.VCrypt1 Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE