+��p�S���6n7�b4��n��Qm@�fEI��#�� ����G��F�0;�y2�;�BH�����đ�ʒΰ�����7ϱ�]eF����b�n9�rL�&$�k��j&Goy~�4H\>��HS�K(������Ob�c@� ]�Qq�6��K�p~n���H�(�M�\�������X�� ������ҋ�w�Ʃ����c<+����B`^\� �D�ĝ�1��T��,bѣ�^(�s�ϥ8$Q�/ɘ,0���V��L����x�Z�r���.qrO���m�YoH�OJ v��/�R�ҷ *�w�'sj��D�,��щ�Jfl[1r��0L�����&���ۅ"�͏K#�+8����d�Cfi{Շ`�5��ഋ4���Y�B��g2��NXI���CW�e�U|@��k�yS���ú|�V��Y�.ho]�j�h���{1�-�ʙW��_l� ��{���`&Jf�>o��Qnù����6��©�~z�7���k�k.__`��R��Lv>�n4O�bp7�~�����u������L��1��Rd!g �!���gB-G\�{�i hd�6���Ɣ�����f�?; �Z��T��m�������'۟=�Uܘ��������&�G�=�Ɓ��.��%�$���| ��_�Q��Gi $��� ?:����ر)��W�*C"��\����Y=���=�C&�����%FO�,��J/��ԭ���`� z�ag�DKս٧�\�����~9�J����� ����b>/t*+��a�Z ��n�օ4��eS��Hƛ���ɰ���N�tN���)��Je^H+氞��Ƽ���y@N��yS�W9FnɭYH��>�a�q�9b=W]�:H�%���M/!�B0�`x"��0Hݤ�J:�]ej�6^{�p���x����'�PZ�mg{\ (�u���i �Y�9�|���=�q�ME���:���%Jyk�2R"�z���OpL��#��..`v�����d��DL�Hy��L�9�(�HF��6�iwݕ�s}�}&��Ǖ$FjPV2�b������o8�'����#Fx�(�S1-|�fC_�������^BR����[Rr5��� cv9� �kD©f ���Ǯ�� d=�xl��3�`Իጴ�*��29��$���e${(�oCu(�t U��DyBn�ʂ.��l��;�HȦ2�F9���!�&��ބu�R&�x����LKԼ�.�C�4�i�����N��]��]�n�X�gM����m�V] ���ajT4��ԪGFG/�h�tc�3z�h���[�۳�#\$�?���O�!��"�j\#����C1�b>;1i*�����mV�� c%:z;����´m"4d�GA��id�u�w���Hl]�@ ,��huRu�b����Y��+�7�A.�}�Q߃� _nk��蹋!��%�; Y;�����2b��$�3� ���ڏ,{��N���ܺ�1�:J���U����3P�^�z������w���mp���ǥS�#:�0���A}�X'q�H[<��`��1��cBۻ����`��ι�5�C���ϧ��R�_X]�rzC{]F϶,�#�E�Ȇ�ϥ��a�;��E�5ƪ���ց����� ����d�ƗS������T��ݰS���r^�'3@48/[gc�VYID����� 5V�%�u���ʌ� �� Ll��~��@؍�� Y���o\��T濿��u�ij��T�����]��b)��<�H~� f s@:d"-)_� �]0#3�y��D���Xr懲������T&zC��DÕz"9�[�5v���I�������ŝ�FW���1�Q�;���0 �����0�E� ������+��5��[��k"a���#�M2���6nƖ��&E�n|�}6�ϸ �$��n�Sx��f�|��2Kt<>�z��"�n2q�\��G0�J��å�)E�8����y�|y��^Rl��ۦ/c��>���8|�V`s��a+�Fw���i@�q�hcCIk|hw���`�άC����eY�|��i$��7��&r)����vl�}�Y������"�~���/k��/!Vp�p�9E5�'��������j� gQY0"#���' �^�-V��Z��"�{ȁ��#-��u���9^��S�3�������i������Dq�����������S�$[�ni����ޥ�ea�i�S-q�.sM=q�KHr�8��������n"qs�%A�5ս�#ؚC?V��Ф�'�x<ث#�u#|k�s�X�{��`ıI%(�D�2d��{����%��Ge�f�klB2>�j@y�m}�r��Ķ��x���@�M��̦��k눸�z�u�n\�Y�������E�����6��Ix��"sp��]��̃3�OƷDR��&+�Kx$�=/�e�^Y{93Y�b�)i�x�_���+�Wޞ{�+W��9���'"�,bg���jQ�,�r���'n���6.\Kp�B�2��Z��� D�/��%jt���=z��7qSś�U=����ڟ%�>�i���?��x(���b�V1��r�( "5�)�}K��M�Ӌ�>�u������N�[8�h�P��)T���U��s��EN��To�/OJ N�N%&bm&b�W��y�%�ry�r��F'��W0@5�ҬG��? ���Ñ�&.��Z�������8���x7�[b3S}�3��r#Ai���+�Z�.���-5l��C9o>:���D�!��CAmW%�e��{8 >}��� �r���-|`��Dz������G0vu�>֚Z8��G��u��c�zl�B-���N���W0�!�;�/��-��\��C�j�a��,^e������9�E�U��y�U٩��T���Tb��?�F��>Ol�]wۀ)�h�G���,���Ų��[RH�J�cY�{aW�.0�H��H�1����d?������o���Ri _I�%5{}�Udd]E�%A,��zmu�M�����WIٸ�{�]��Z%|O�������C/Z�!�����֢����u���P��)�j���jVÇ)��ˣ��ߙ�ᛋ�t7��G�F?$���%D�
Static task
static1
Behavioral task
behavioral1
Sample
e771f8ef2c2ec5f41cd217ee285c28f2000c0770d238640a39e8fe2119bcb6a5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e771f8ef2c2ec5f41cd217ee285c28f2000c0770d238640a39e8fe2119bcb6a5.exe
Resource
win10v2004-20220812-en
General
-
Target
e771f8ef2c2ec5f41cd217ee285c28f2000c0770d238640a39e8fe2119bcb6a5
-
Size
1.2MB
-
MD5
a9db006ec1c0c0e25a16557e1524ac03
-
SHA1
22e92e966f597d164fe971a9b4a12fefeb4fe3c6
-
SHA256
e771f8ef2c2ec5f41cd217ee285c28f2000c0770d238640a39e8fe2119bcb6a5
-
SHA512
020a409184be895e34c530c3dc6371a15e0dda3bc13745d9423f63e877d1cb9086ac412ef22d015c740d9d1382b90026dfeae19411ac007d43c2745eb5d49a2e
-
SSDEEP
24576:UOr0/iRb6NM6hqBCZAqJeZNMMbSn8R8rBuL3gNTgQSwEg/nTmzy:eK8NM6c4+NpSn1C0TzEg2
Malware Config
Signatures
Files
-
e771f8ef2c2ec5f41cd217ee285c28f2000c0770d238640a39e8fe2119bcb6a5.exe windows x86
6f2e82ee6d1568593b530b7de03c4392
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
waveOutOpen
ws2_32
WSAAsyncSelect
kernel32
GetFileType
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
TabbedTextOutA
gdi32
CreatePalette
winspool.drv
ClosePrinter
advapi32
RegCreateKeyExA
shell32
Shell_NotifyIconA
ole32
CoFreeUnusedLibraries
oleaut32
SysAllocStringByteLen
comctl32
ord17
oledlg
ord8
comdlg32
ChooseColorA
Exports
Exports
Sections
.text Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 327KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 374KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE