Static task
static1
Behavioral task
behavioral1
Sample
c18c9809734c6d2833a5844c6e8b479d7cfb86b01b2fe81ca846f015f0517b0a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c18c9809734c6d2833a5844c6e8b479d7cfb86b01b2fe81ca846f015f0517b0a.exe
Resource
win10v2004-20220812-en
General
-
Target
c18c9809734c6d2833a5844c6e8b479d7cfb86b01b2fe81ca846f015f0517b0a
-
Size
56KB
-
MD5
5796005746a18d63645f2f51ee5d0659
-
SHA1
97c5784d6bec11ecc83d4d7719fb7881b99fee2f
-
SHA256
c18c9809734c6d2833a5844c6e8b479d7cfb86b01b2fe81ca846f015f0517b0a
-
SHA512
afa1ac33df59e172006007a90e5acd90f8f6016ade9190d1cb5f7f9d026e4e49d3c674e1aafddbbd89d3a8dbb8e1ade872175b71f1951d671399de44724ad5e0
-
SSDEEP
768:8sI6h4v9cclr5ZbyGVTEV0wmwthQfEgppdqJfLrQ:ph4vSUvyGVTjdGQNpXwfLrQ
Malware Config
Signatures
Files
-
c18c9809734c6d2833a5844c6e8b479d7cfb86b01b2fe81ca846f015f0517b0a.exe windows x86
0af9a46b1bcaec4cb2b8a41bd6450d0d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
CreateMutexW
WaitForSingleObject
TerminateThread
GetExitCodeThread
CreateThread
WaitForMultipleObjects
CloseHandle
CreateFileMappingW
HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
GetVersionExW
MapViewOfFile
UnmapViewOfFile
lstrlenW
lstrcmpW
lstrcmpiW
lstrcatW
lstrcpyW
OpenEventW
Sleep
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringA
MultiByteToWideChar
LCMapStringW
InterlockedDecrement
LoadLibraryA
InterlockedIncrement
GetOEMCP
GetACP
GetProcAddress
WriteFile
GetCPInfo
TlsGetValue
EnterCriticalSection
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetLastError
WideCharToMultiByte
GetEnvironmentStrings
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetFileType
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
TlsAlloc
GetCurrentThreadId
TlsSetValue
user32
SendMessageW
CharNextW
wsprintfW
advapi32
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
InitializeSid
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
rpcrt4
RpcNetworkIsProtseqValidW
RpcServerUseProtseqEpW
RpcEpRegisterW
RpcBindingVectorFree
RpcServerListen
RpcEpUnregister
NdrFullPointerXlatInit
RpcServerInqBindings
RpcMgmtStopServerListening
NdrConformantArrayBufferSize
NdrConformantArrayUnmarshall
NdrPointerUnmarshall
NdrPointerFree
NdrConformantArrayMarshall
NdrPointerMarshall
NdrConvert
NdrFullPointerXlatFree
NdrServerInitializeNew
I_RpcGetBuffer
NdrConformantStringUnmarshall
RpcRaiseException
RpcServerRegisterIf
RpcServerUseProtseqW
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE