Static task
static1
Behavioral task
behavioral1
Sample
f6646f7835e668bd42ca80c2d735ccda90992c95e5bca7371db236899275d957.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f6646f7835e668bd42ca80c2d735ccda90992c95e5bca7371db236899275d957.exe
Resource
win10v2004-20220812-en
General
-
Target
f6646f7835e668bd42ca80c2d735ccda90992c95e5bca7371db236899275d957
-
Size
826KB
-
MD5
05d08a2aec89156742e04bb8da535995
-
SHA1
60d35e3657b93f09b4d4b125b3bd2e349ec6ba32
-
SHA256
f6646f7835e668bd42ca80c2d735ccda90992c95e5bca7371db236899275d957
-
SHA512
2d2ebe686b7ff68e67527f2b5816fd1c28d9eb3073953dfefe872aea2e943745a3befba7e5ce13e85b29cd00fa083246b7656e0cd195af1ac94861b00c98ded5
-
SSDEEP
24576:+cM7l4iAkCs+9iS0SYhTXOB1t9Tt9exNMwDTJKvSGrbY:tM7CiTCsPxT41t9TvOkvSsb
Malware Config
Signatures
Files
-
f6646f7835e668bd42ca80c2d735ccda90992c95e5bca7371db236899275d957.exe windows x86
9e94ae1cfeaaa36692a1a1a16c98342d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
sqlunirl
_GetDlgItemText@16
_NDdeShareDel_@12
_MoveFileEx_@12
_FindAtom_@4
_AppendMenu_@16
_RegLoadKey_@12
_BackupEventLog_@8
_GetCurrentHwProfile_@4
_GetGlyphOutline_@28
_OpenBackupEventLog_@8
_ExpandEnvironmentStrings_@12
_RegisterClassEx_@4
kernel32
PostQueuedCompletionStatus
GetLocaleInfoA
GetEnvironmentVariableA
GlobalUnWire
SignalObjectAndWait
GetCurrentThread
GetModuleHandleW
lstrcpyW
WriteFileGather
CreateJobObjectW
HeapWalk
GetHandleContext
LoadLibraryW
RtlZeroMemory
ole32
CreateClassMoniker
HENHMETAFILE_UserSize
OleQueryLinkFromData
StgPropertyLengthAsVariant
HMETAFILEPICT_UserMarshal
ProgIDFromCLSID
StgOpenStorageOnHandle
StringFromCLSID
CoCancelCall
CoPopServiceDomain
STGMEDIUM_UserSize
CoCopyProxy
CoGetInstanceFromFile
CreateStdProgressIndicator
MkParseDisplayName
wldap32
ldap_modrdn2_sA
ldap_delete_sW
ldap_modify_sA
ldap_controls_freeW
ber_flatten
ldap_get_paged_count
ldap_get_values_lenW
ldap_extended_operation_sW
ldap_result2error
ldap_compare_ext_s
ldap_compare_ext_sW
ldap_next_reference
ldap_abandon
ldap_openW
ldap_delete_ext_sW
ldap_cleanup
ldap_extended_operation
ldap_free_controlsA
ldap_get_optionA
ldap_compare_extW
ldap_extended_operationA
ldap_delete_extA
ldap_control_freeA
ber_bvecfree
ldap_perror
ldap_count_valuesW
ldap_value_free
ldap_next_attributeA
ldap_modify_s
ldap_control_freeW
ldap_escape_filter_elementW
ldap_search_ext_sA
ldap_initW
ldap_search_stA
ldap_simple_bind_sW
ldap_modrdn2
ldap_sasl_bind_sA
cmutil
??0CmLogFile@@QAE@XZ
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?Stop@CmLogFile@@QAEJXZ
GetOSBuildNumber
?GPPB@CIniA@@QBEHPBD0H@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
?GetRegPath@CIniA@@QBEPBDXZ
?SetWriteICSData@CIniW@@QAEXH@Z
CmAtolW
?SetReadICSData@CIniA@@QAEXH@Z
?SetEntry@CIniA@@QAEXPBD@Z
ntdll
NtCreateWaitablePort
RtlTimeToTimeFields
ZwCreateJobSet
_stricmp
RtlInitUnicodeStringEx
LdrFindResourceEx_U
CsrCaptureTimeout
ZwSaveKey
LdrLoadAlternateResourceModule
_wtoi
RtlEnumProcessHeaps
NtInitiatePowerAction
RtlSetUserValueHeap
RtlDeregisterWait
NtOpenSymbolicLinkObject
NtAccessCheckByTypeResultList
RtlDeactivateActivationContextUnsafeFast
ZwAssignProcessToJobObject
bsearch
RtlClearAllBits
_wcsnicmp
NtSetDebugFilterState
ZwQueryIntervalProfile
ZwSetBootEntryOrder
advapi32
CredGetTargetInfoA
GetMultipleTrusteeOperationW
LsaLookupSids
RegSetValueW
LookupAccountNameW
GetInheritanceSourceW
GetInheritanceSourceA
AllocateLocallyUniqueId
GetFileSecurityA
SystemFunction015
ComputeAccessTokenFromCodeAuthzLevel
WmiOpenBlock
LsaICLookupNames
ChangeServiceConfigA
GetServiceKeyNameW
Sections
.text Size: 369KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 181KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 151KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ