�����+ܚ��q�*K�v�����,/^!��d��냉D�p�� i܌�?e՜�bf��?�G�j�[k4;��O dmO��]�>��#��Of���2����u��5F�ߐ�Ӡzu�[k�m�߉�X�z����xF �ɐ�I�*�+dғ�.nc�G� {,.I���4��Fe���|������Y����6�Hv�$?����t�Jo:�bK~d���t����@�ь���*����pC�\�O �����.�ٺ�<���@z��wvʭ�+�*ɚJ�B�b���i\ҬO`�{^+���%�xj��StB�a����?�W���" �ٍ3ﻒ�J���!���.�R��2�C�e�.�P5T#C{���pJ� |�M�CDKw �����ټ�� �49�>|���Zm�� :��gu�AJ�'N��\,��(�,[^���P��n�P2E!�XJ�i�E<�o~B� S�dT�����yn�����{��O�4�M��N�jjtD��]ҷBW+c�=��`�c���<�j���[�vf��}�S�6��?4b�����)�T=K�7�z���[���Rא�z9�~_ڂ4;H�SU�5�v��v!� �j,H�-��.9�I{!oʹ�j�\_M���t�����D�������,U��uP5in|��L�� -����9,j� _I�t��,�� a�O��C�d�D���!n��i�`�̖_{��\'-�j>1�iG<���2%MH��H�6���,��Q�|����-'g5�В����\8`���I���ӵ�S��pO�$�[�e�;���/�X{��H���9)!�dO����=�"S z��`����U�a��*=���Ip����t��y���i?��{�=xn�y^k}!�֚�f��fr?�KPnӮ� v���}M�ߪ��=�I�r���Ĩ�qxS���砓�Ӊ�xk��*��������kD��Mi��!�<��S�|�c��k�&O�=���jM�J9ݨ��,��MD%2)O;��<����z����p�S4��r�d5s���R�� $SJGa\$=����6�P,��f+��Ր3��0�o+{��K�G@Ckv^�&�H�҆%,�Kg)���Q�l�<�$�i(?`����߶L���L}�i�Z��K����OMgH�N+LYQ�JK��a�)�*"�j�/0SxZ�Wj�����;�;�d�*�ls���_a�]D�� $��o~T�u�Ux�k0W��xLU��S���U#TO��E:�]�h@g��w���̟�I�τ����,��q k���VW����ᛐ��2�ީcX�H3d��I�8�P�-�1'|A���%����s��E(8X����D9WE���}�H����v<�MG c�(�W���J��,!_����7~`"hW�4��u ���I� 1�vB,��'xJ�X��_9DJ(4@���ҕs���2�&��{ubw��z3N3���Y2B,J�f�[��m0&�ដN��;��R���7,�A%�u��8T@B�i���w�;����\7[�h��wv��(d���>Q����\+8�M��dV~9�Aβ$|zr���I��c�{;�f6] )#K����p����x�B��K�WFw�Zt��Q�z�QA+�z�0�Z�q<b�N�Z�Ƭ?,{ � �e#����@@5}"G�Ķ�x��H���p��%3�9�z���Т:]㢸�Kی��D�0��K�D� .�������T�'E�8�����y%tDS�f�x�-j��b6���g4���������n�h��}����灱���l֥�?�����Ƒ4��X�}��������O3�vP�;�!��k��<RF5$C�Dh/�5�L�*�6[02#����Vx�˶�~�ې$O%d�g&�o:Yz�j���L`����˼��T�<y);]�n �B��E!�#}BY�9����[JV��[+!���*\���۬1h�����'���� �䫽��)�9������;�o��I�����S��p-�\Ȉ�GŞ��, 3q=�\SE��>�H&��uL�������ݧzX��~�� �O2>�p���+g){��n�CM�^��K/����a�Y$��zH���1�t�C��������ZZ�p��������k�Þ�"��'uت�o&jk��1���Pi�{�ߧ��ޑ�/��خ�P��]�~��F��7�� �������X�ÒK������̙�'y �g$"nF��{iw��B�����C��:1בY��a�w�|v �?`���.�T�V�����)�g��(��*�J�֊�X�C��(��=�NǪ ��.�ˌ-I��FYb����ՠ�95.�������&Mv�)��#�;[�2���$Q�W�R#O/�`�&�{��>|�l�^���?<Cx� gc��r�`ɛaң����O���t������r�U1�X���������X�ߑ��$���C�.�jii�|��xm<pŔJ���S8}dO�bL�r��{�7���'>���w��D��Ê|����zȖ�;����XQ��e�Hm�/����T$���!1 �JL�����/{2�k�$��\�OR_<G���l�P��U�d�_�RIdvq�S�c.���Y4 �=�D�6��9��q��,���t^���x�3��cƂ9�D�B��,8�f���ۅ�8��dث&��Df�mp��5ACu]9n�Z=�LJ������С��p�j&�dТp���|�{C���X�!"e��,�CEtci��D�i� �t�Ȱ�^;�@i��#>��5�wJ({��$��� �5���q�ͳ^���~��ԪB �������� 7��n(��ß9^�.�5�,��v�&(�.���[�W������o�hQ'@.��J�ȑ(Zt�#�������N�������_��v^> �:�:�-�KP��;�������]��a`-�phs���DŽ��Z4����!��.Q�N�y�2/�w⢳5.�$-E}���-�����Zm�C�J���>�R�Z���3�]�'�!���I������� �$�(�-OLJ �R���*x �o�,�mmG)�8
Static task
static1
Behavioral task
behavioral1
Sample
3b822967f63a8d76290da1b90f886adf27531c651cefd5bc9b988e80ae8b5d09.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3b822967f63a8d76290da1b90f886adf27531c651cefd5bc9b988e80ae8b5d09.exe
Resource
win10v2004-20221111-en
General
-
Target
3b822967f63a8d76290da1b90f886adf27531c651cefd5bc9b988e80ae8b5d09
-
Size
1.7MB
-
MD5
60b9b549416e4998360ecff00f8e352d
-
SHA1
8d7f16567914d45d8f45f190aa176f7e5eb7ad29
-
SHA256
3b822967f63a8d76290da1b90f886adf27531c651cefd5bc9b988e80ae8b5d09
-
SHA512
9290603d0fd164a75bb3b15d32c1de4dc1dacaa0997a5a9cfa10cb0e988351a53eb14f552c6b7dac86ac4b903c999fdc0051b8264ed9228cee351521c0262b0c
-
SSDEEP
49152:PhHV44YKHC7c/ePRtWH7W9WTatYwYYkb1P/4Mw273WR416uqLw:tO/RREbW2aywfkZP//B73a416uq
Malware Config
Signatures
Files
-
3b822967f63a8d76290da1b90f886adf27531c651cefd5bc9b988e80ae8b5d09.exe windows x86
870d6e7b07af7e7cf7de237fd0c054ab
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
rpcrt4
UuidCreate
qqpro
?unsetHook@@YAXXZ
mfc42
ord4080
msvcrt
_mbsicmp
kernel32
GetProcessHeap
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
EqualRect
MessageBoxA
gdi32
GetDeviceCaps
advapi32
RegOpenKeyExA
shell32
ShellExecuteA
comctl32
ImageList_GetIcon
iphlpapi
GetAdaptersInfo
msvcp60
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
Exports
Exports
Sections
.text Size: - Virtual size: 200KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text0 Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text1 Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE