Static task
static1
Behavioral task
behavioral1
Sample
a39d6cd04d0f822e7d297fe0a7c5af1ec161bb5efe2b1b2997ce7a1f3eecb17d.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
a39d6cd04d0f822e7d297fe0a7c5af1ec161bb5efe2b1b2997ce7a1f3eecb17d.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
a39d6cd04d0f822e7d297fe0a7c5af1ec161bb5efe2b1b2997ce7a1f3eecb17d
-
Size
206KB
-
MD5
823423a0f51a736860dd9dd571339010
-
SHA1
5d1d4590b55eab16d176ca82781e33ba828f8c0d
-
SHA256
a39d6cd04d0f822e7d297fe0a7c5af1ec161bb5efe2b1b2997ce7a1f3eecb17d
-
SHA512
b9eb8dd4dda022e8c0ccd68d33c80d4f7cc7516a71976b94e95cea3afd2008de89eb3809b85fb1c48ccfb7404c9dc37a0e2703fa0a13c7eca645473398e894a5
-
SSDEEP
6144:+L19Tn7DcM37Md7IiXoeeJM11D7bIGd53Ro3+Ojp/lT3LuM:+59T7YMwdR97bP5hG7/lT3K
Malware Config
Signatures
Files
-
a39d6cd04d0f822e7d297fe0a7c5af1ec161bb5efe2b1b2997ce7a1f3eecb17d.exe windows x86
879efc7d46c856f90a759554d9d96889
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
dwutility
?loadFromData@DWJsonDocument@@QAE_NPBD@Z
?getObject@DWJsonDocument@@QBE?AVDWJsonObject@@H@Z
??1DWJsonObject@@QAE@XZ
??0DWJsonDocument@@QAE@XZ
?toNarrowString@DwUtility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBGHI@Z
?send@DwIpcCoreWrapper@@QAEXIIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?splitWString@DwUtility@@YAXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@3@@Z
?toWideString@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBDHI@Z
??0DWEncrypt@@QAE@W4Algorithm@0@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?addData@DWEncrypt@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?result@DWEncrypt@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?BinToHex@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
??1DWEncrypt@@QAE@XZ
?addPort@DwIpcCoreWrapper@@QAEXIPAUIIpcPort@@@Z
?setIpcCoreName@DwIpcCoreWrapper@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?getIpcCoreWrapper@@YAPAVDwIpcCoreWrapper@@XZ
?openUrl@DwUtility@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?URLEncode@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@@Z
??1DWJsonRW@@UAE@XZ
?save@DWJsonRW@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setarray@DWJsonRW@@QAE_NPBDW4json_value_type@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABH0@Z
?set@DWJsonRW@@QAE_NPBDW4json_value_type@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0DWJsonRW@@QAE@XZ
?get@DWJsonObject@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBD@Z
??1DWJsonDocument@@QAE@XZ
?load@DWJsonRW@@QAE_NPBD_N@Z
?get@DWJsonRW@@QAE_NPBDAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?getarraycount@DWJsonRW@@QAEHPBD@Z
?getarray@DWJsonRW@@QAE_NPBDHAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
dwbase
?DoLog@@YAXGPBD0G0PBG@Z
kernel32
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
Sleep
GetStartupInfoW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetLastError
MultiByteToWideChar
CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
GetModuleHandleW
TlsAlloc
TlsFree
TlsGetValue
TerminateProcess
SetProcessWorkingSetSize
GetCurrentProcess
CreateProcessW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
InterlockedDecrement
lstrlenW
ReadFile
GetFileSize
CreateFileW
LocalFree
GetCommandLineW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
RaiseException
InterlockedIncrement
lstrcmpiW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GlobalUnlock
GlobalLock
GetFileSizeEx
FlushInstructionCache
lstrcmpW
MulDiv
GlobalAlloc
GetCurrentThreadId
SetLastError
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsSetValue
user32
PostQuitMessage
DefWindowProcW
GetWindowLongW
DestroyWindow
SetWindowLongW
CreateWindowExW
GetMessageW
CharNextW
SetFocus
FindWindowExW
MoveWindow
InvalidateRect
ShowWindow
UnregisterClassA
TranslateMessage
DispatchMessageW
PostMessageW
SetTimer
GetParent
MessageBoxW
GetKeyState
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
GetSysColor
GetClientRect
GetSystemMetrics
IsWindow
SendMessageW
SetParent
gdi32
BitBlt
CreateSolidBrush
GetObjectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
advapi32
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
shell32
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
DragQueryFileW
ShellExecuteExW
ole32
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
oleaut32
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantCopy
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
GetErrorInfo
VarUI4FromStr
msvcp90
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEPAGXZ
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
msvcr90
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_purecall
wcscmp
memcpy_s
_wtoi
memset
??_V@YAXPAX@Z
memcpy
_snwprintf_s
wcslen
strlen
_beginthreadex
towlower
memmove_s
atoi
_endthreadex
wcsrchr
wcsncat_s
wcsstr
malloc
free
wcsncpy_s
_recalloc
wcstoul
wcspbrk
swprintf_s
rand
vswprintf_s
_wcsnicmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
memcmp
wininet
InternetReadFile
HttpEndRequestW
HttpSendRequestExW
InternetWriteFile
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
HttpQueryInfoW
Sections
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 58KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE