Static task
static1
Behavioral task
behavioral1
Sample
a5d1c2eee77c3e6fd1d56065a035384b20e0374b4923d55160f764784b25002d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a5d1c2eee77c3e6fd1d56065a035384b20e0374b4923d55160f764784b25002d.exe
Resource
win10v2004-20220901-en
General
-
Target
a5d1c2eee77c3e6fd1d56065a035384b20e0374b4923d55160f764784b25002d
-
Size
39KB
-
MD5
935a220b58d315d28efc647b6e45dda6
-
SHA1
19007b5c8aac7c1438054810c7a2831bef6eab1b
-
SHA256
a5d1c2eee77c3e6fd1d56065a035384b20e0374b4923d55160f764784b25002d
-
SHA512
9b0478fccd02a7b65e10c2d8dcfe97c57ada726d498001eb745065069c932a129762941e487a85936b4c19209f8269e3964a51f81f10ace6297148e9e9b182fe
-
SSDEEP
768:32V7agxY8eBasoNENPOopUOtM+hKgp2U2x3WbhpF3Z:3g7lr3APOopUO3KI2x3Wb5Z
Malware Config
Signatures
Files
-
a5d1c2eee77c3e6fd1d56065a035384b20e0374b4923d55160f764784b25002d.exe windows x86
3a986f971c1014ca7bb528f4c238e6e0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
IsBadCodePtr
GetModuleHandleW
GetSystemTime
VirtualAlloc
SetEnvironmentVariableA
UnmapViewOfFile
MultiByteToWideChar
ReleaseActCtx
CreateMemoryResourceNotification
MoveFileExW
lstrcmp
GetLogicalDrives
CompareStringW
ExpungeConsoleCommandHistoryA
GetStringTypeW
CloseHandle
GetModuleHandleA
LoadModule
SetThreadUILanguage
GetDiskFreeSpaceW
SetConsoleLocalEUDC
LoadLibraryA
WaitForMultipleObjects
GetConsoleWindow
GetTickCount
WaitNamedPipeW
MulDiv
GetNextVDMCommand
GetConsoleAliasExesW
GlobalCompact
regapi
RegGetMachinePolicyEx
RegWinStationEnumerateA
RegWinStationQueryA
RegWinStationQueryValueW
RegWdEnumerateW
RegWdDeleteW
RegWinStationAccessCheck
RegWdCreateA
RegCdQueryW
RegWdCreateW
RegOpenServerW
RegWinStationSetSecurityA
RegUserConfigRename
RegUserConfigDelete
RegBuildNumberQuery
RegWinStationSetSecurityW
RegCdEnumerateA
RegSAMUserConfig
RegPdQueryA
RegCdQueryA
RegPdCreateW
RegWinStationQuerySecurityA
RegUserConfigSet
RegCdCreateW
RegQueryUtilityCommandList
RegWinStationSetNumValueW
RegConsoleShadowQueryA
RegWdQueryW
user32
RegisterUserApiHook
CharLowerBuffW
FreeDDElParam
GetMonitorInfoW
GetKeyNameTextW
SetWindowsHookW
MapDialogRect
MessageBeep
DdeQueryStringW
GetLastInputInfo
DdeNameService
ModifyMenuA
DefDlgProcW
GetPropA
EnumDisplaySettingsA
GetClientRect
IsGUIThread
RealGetWindowClassW
SetUserObjectSecurity
CalcMenuBar
GetMessageExtraInfo
DeviceEventWorker
DrawTextW
DdeGetLastError
GetGUIThreadInfo
LoadAcceleratorsW
ntdsapi
DsUnBindA
DsFreeNameResultA
DsUnquoteRdnValueW
DsRemoveDsServerA
DsaopExecuteScript
DsFreeSchemaGuidMapW
DsFreeSpnArrayW
DsInheritSecurityIdentityW
DsListServersInSiteA
DsGetSpnW
DsMakePasswordCredentialsW
DsWriteAccountSpnA
DsIsMangledDnW
DsBindW
DsServerRegisterSpnA
DsReplicaUpdateRefsA
DsBindWithSpnA
DsReplicaSyncAllW
DsRemoveDsServerW
DsReplicaDelW
DsReplicaAddA
DsCrackSpnW
DsReplicaConsistencyCheck
DsServerRegisterSpnW
DsBindWithCredW
DsFreeSpnArrayA
DsFreeDomainControllerInfoA
DsRemoveDsDomainW
DsListServersForDomainInSiteW
DsReplicaSyncAllA
DsAddSidHistoryW
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ