Static task
static1
Behavioral task
behavioral1
Sample
969570904d7099a26bb65f75921a76112f8c23eba80efd2e477188acdad4f2cd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
969570904d7099a26bb65f75921a76112f8c23eba80efd2e477188acdad4f2cd.exe
Resource
win10v2004-20221111-en
General
-
Target
969570904d7099a26bb65f75921a76112f8c23eba80efd2e477188acdad4f2cd
-
Size
867KB
-
MD5
35e52a090620d2683418e2cde18d7979
-
SHA1
7584c0ac184e8d978d76c7625589d9f3ac2aaba4
-
SHA256
969570904d7099a26bb65f75921a76112f8c23eba80efd2e477188acdad4f2cd
-
SHA512
32b57867eabeb4c385b87bdcc0ddcfa8688b8d513d0dcb8a2af5fa380a23038e9ce5d649305e102370df2fca94e4606802fab8aa3899e9655642894ecbe59c42
-
SSDEEP
24576:21nOXJPgdwRW3d4Mcrg70IpQZ7f5GaYTKM5H:JXdqwM3dkrkpA7f5kn
Malware Config
Signatures
Files
-
969570904d7099a26bb65f75921a76112f8c23eba80efd2e477188acdad4f2cd.exe windows x86
0bcae3608d068e671365f1255886f200
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
LsaLookupNames
RegDisablePredefinedCache
InitializeSecurityDescriptor
QueryServiceConfigW
IsValidSid
SetServiceStatus
BuildExplicitAccessWithNameA
I_ScSetServiceBitsW
EnableTrace
GetTraceEnableLevel
LsaFreeMemory
CreateWellKnownSid
AddAccessDeniedAce
SetFileSecurityW
RegisterEventSourceA
SetSecurityDescriptorDacl
PrivilegeCheck
DuplicateToken
SystemFunction018
CryptSetKeyParam
AbortSystemShutdownA
RegCreateKeyW
AddAccessDeniedObjectAce
RegQueryInfoKeyA
LookupAccountSidA
RegDeleteKeyA
GetUserNameA
ElfRegisterEventSourceW
msvcrt
_wfullpath
??_U@YAPAXI@Z
_strcmpi
_mbstrlen
_stat
strtoul
wcschr
_getcwd
wcslen
iswctype
rand
_wfsopen
_i64toa
_Strftime
_winmajor
kernel32
SetErrorMode
HeapAlloc
GetFileType
FindNextFileW
lstrcpynA
SetConsoleMaximumWindowSize
SetCommState
UpdateResourceW
GetOEMCP
FindNextVolumeW
SetConsoleCtrlHandler
GetLastError
AssignProcessToJobObject
IsBadStringPtrA
OpenSemaphoreW
MapViewOfFile
SetThreadLocale
ReadDirectoryChangesW
MoveFileA
CreateWaitableTimerW
GetUserDefaultLangID
VirtualAlloc
PurgeComm
EnumResourceLanguagesA
crypt32
CryptSIPLoad
oleaut32
SysFreeString
SysAllocStringByteLen
VariantChangeTypeEx
SafeArrayPtrOfIndex
VariantInit
VariantCopyInd
GetErrorInfo
GetActiveObject
VariantCopy
VariantChangeType
SysAllocStringLen
SafeArrayGetLBound
SafeArrayCreate
VariantClear
SysReAllocStringLen
SysStringLen
SafeArrayGetUBound
setupapi
CM_Get_Next_Res_Des
SetupCommitFileQueueW
SetupDiGetDeviceInstanceIdA
SetupDiOpenDeviceInterfaceW
pSetupStringTableEnum
pSetupStringTableAddStringEx
SetupCloseLog
CM_Get_Device_ID_Size
SetupDiOpenClassRegKey
SetupGetLineTextA
SetupDiCreateDeviceInterfaceRegKeyW
SetupInstallServicesFromInfSectionW
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassImageIndex
SetupGetBinaryField
SetupDiCreateDeviceInfoW
SetupFindFirstLineA
CM_Query_And_Remove_SubTreeW
ntdsapi
DsCrackNamesW
DsMapSchemaGuidsW
DsFreePasswordCredentials
DsFreeNameResultW
DsMakePasswordCredentialsW
DsFreeSchemaGuidMapW
DsBindW
DsUnBindW
DsQuoteRdnValueW
DsMakeSpnW
DsCrackSpnW
DsBindWithCredW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
shlwapi
PathGetCharTypeW
UrlCombineA
PathUnquoteSpacesA
ChrCmpIA
wnsprintfA
PathFindFileNameW
PathCreateFromUrlA
PathFileExistsA
UrlIsOpaqueW
StrRChrIA
PathParseIconLocationW
IntlStrEqWorkerW
PathFindOnPathW
SHRegQueryInfoUSKeyW
PathStripPathW
UrlCreateFromPathW
PathStripToRootW
Sections
.data Size: 1024B - Virtual size: 343B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1024B - Virtual size: 549B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 53KB - Virtual size: 495KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 343KB - Virtual size: 516KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 248KB - Virtual size: 364KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 124KB - Virtual size: 274KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 958B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ