Static task
static1
Behavioral task
behavioral1
Sample
5339ac17248e1f0dadf8cf235598e40817535e84706cb2fc03a0ce53d64e598f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5339ac17248e1f0dadf8cf235598e40817535e84706cb2fc03a0ce53d64e598f.exe
Resource
win10v2004-20221111-en
General
-
Target
5339ac17248e1f0dadf8cf235598e40817535e84706cb2fc03a0ce53d64e598f
-
Size
86KB
-
MD5
415045a4a7ed0a8e2a861af923fe0db9
-
SHA1
7323d6b888e2f7febe2a837e6d4a819428b6cb28
-
SHA256
5339ac17248e1f0dadf8cf235598e40817535e84706cb2fc03a0ce53d64e598f
-
SHA512
4e6ada0e46671195395880cfb5f070d39ba7b2a3be7c0bd2eccd3910383bbc7be592faad483548bb688b67118c979cc07c32ba5ee9fbec806db646fb99155b15
-
SSDEEP
1536:wPvmx5MkF00H817/OZArSuEw6pvnAKYgDlAS6ik0x0oAwcFlnQ+Y:ZM600WjIA+BvnAK9Dlp6ik0x0oAwcFlY
Malware Config
Signatures
Files
-
5339ac17248e1f0dadf8cf235598e40817535e84706cb2fc03a0ce53d64e598f.exe windows x86
0d4a565ed75d195afe5d9fa896bbd286
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetDriveTypeW
VirtualAlloc
RtlFillMemory
GetPrivateProfileIntW
CreateSemaphoreW
GlobalGetAtomNameA
GetACP
FlushConsoleInputBuffer
OutputDebugStringW
VirtualQuery
GetCommandLineW
UnlockFileEx
SetCommConfig
GetEnvironmentVariableW
GetLargestConsoleWindowSize
EraseTape
VirtualLock
GetLongPathNameA
ReadConsoleOutputCharacterA
LocalFlags
GlobalGetAtomNameW
GetLastError
DeleteFiber
SetCommMask
GetTapeStatus
GetPrivateProfileSectionA
HeapLock
GetAtomNameW
Heap32Next
GetModuleHandleW
GlobalFlags
WaitForMultipleObjects
VirtualFreeEx
WaitForSingleObject
FindClose
GetComputerNameA
GetVersionExW
GetDriveTypeA
CreateDirectoryW
Beep
lstrcpyW
SetFileTime
SetTapeParameters
GetCommProperties
GlobalAddAtomA
PurgeComm
GetEnvironmentStrings
GetFileAttributesExA
WritePrivateProfileStructA
FormatMessageW
GetProfileStringA
ReadFileEx
WriteFile
VirtualProtect
GlobalAddAtomW
GetLocaleInfoA
GetBinaryTypeW
GetStartupInfoA
CreateEventW
GetSystemDirectoryA
SystemTimeToFileTime
FindResourceW
ReadConsoleOutputW
GetTimeFormatW
SetStdHandle
BeginUpdateResourceA
CreatePipe
SetSystemPowerState
GetConsoleCP
SleepEx
VirtualFree
FlushViewOfFile
OpenSemaphoreW
QueryPerformanceCounter
GetVolumeInformationA
GetPrivateProfileStructA
GetThreadTimes
ReadConsoleOutputCharacterW
HeapCompact
lstrcmpiW
EnumTimeFormatsA
DuplicateHandle
GetAtomNameA
FindFirstFileA
GetNumberFormatW
LocalHandle
InitAtomTable
Module32First
SetConsoleCursorPosition
FillConsoleOutputCharacterW
OpenFile
GetCurrentDirectoryA
LocalLock
DeleteFileA
SetErrorMode
LocalReAlloc
QueryPerformanceFrequency
BuildCommDCBAndTimeoutsW
GetProfileStringW
GetNamedPipeHandleStateW
DebugActiveProcess
OpenWaitableTimerW
CreateThread
OpenEventW
MoveFileW
GetStringTypeA
IsBadStringPtrW
SetThreadPriorityBoost
GlobalLock
GetThreadContext
SetEnvironmentVariableA
OpenMutexA
SetComputerNameA
TerminateThread
GetCommTimeouts
GenerateConsoleCtrlEvent
GetLogicalDriveStringsA
SetConsoleTitleW
QueryDosDeviceW
HeapUnlock
HeapValidate
OutputDebugStringA
SizeofResource
CommConfigDialogW
FindNextFileA
lstrcatA
ClearCommError
GetStartupInfoW
FindResourceExA
Process32First
WritePrivateProfileStringW
FindAtomW
CallNamedPipeW
EndUpdateResourceW
SetProcessWorkingSetSize
GetSystemTimeAdjustment
lstrcmpi
ReadProcessMemory
FreeLibrary
SetProcessShutdownParameters
SetWaitableTimer
SetCommTimeouts
GetProcessHeaps
user32
UnhookWindowsHook
OpenWindowStationW
RegisterClassA
WindowFromDC
AdjustWindowRectEx
GetWindowLongA
DlgDirListW
SetScrollPos
GetThreadDesktop
SetPropA
SendMessageTimeoutW
DdeConnect
PeekMessageA
SetUserObjectInformationA
ChangeMenuA
OpenDesktopA
MessageBeep
DrawIconEx
SetClassLongW
GetSysColor
EnumDesktopsW
DdeUninitialize
GetSubMenu
DrawStateW
InvalidateRgn
SetWindowRgn
GetOpenClipboardWindow
WaitForInputIdle
PostMessageW
SendInput
OemToCharBuffA
SetMenuDefaultItem
RemovePropA
DdeKeepStringHandle
CreateDialogParamW
GetUpdateRect
PtInRect
DdeFreeDataHandle
SetCursorPos
CreateDesktopA
DdeDisconnectList
GetQueueStatus
CallNextHookEx
GetDlgItemTextA
EnumWindows
GetKeyNameTextW
RegisterHotKey
CharUpperW
LoadBitmapW
LoadBitmapA
CheckDlgButton
SetTimer
GetClassLongA
GetUserObjectInformationA
SetWindowTextA
GetClipboardFormatNameW
GetMenuItemRect
DlgDirSelectComboBoxExA
MessageBoxA
SetCaretBlinkTime
SwitchDesktop
CreatePopupMenu
GetDesktopWindow
CloseDesktop
PostQuitMessage
CreateDialogIndirectParamW
EnableScrollBar
ChangeDisplaySettingsExW
CreateIconIndirect
GetMenuItemID
ShowWindowAsync
CreateWindowStationA
GrayStringW
VkKeyScanExW
GetKeyState
GetWindowDC
MessageBoxW
GetMessageExtraInfo
PostThreadMessageW
GetNextDlgTabItem
AttachThreadInput
GetProcessWindowStation
GetClipboardData
IsWindowUnicode
GetWindowInfo
SystemParametersInfoW
ChangeDisplaySettingsA
DrawTextExW
CharToOemBuffW
TrackPopupMenu
GetNextDlgGroupItem
CallWindowProcW
BroadcastSystemMessageA
FrameRect
SetWindowsHookExA
CloseWindow
GetAsyncKeyState
GetMonitorInfoA
ShowOwnedPopups
ShowCaret
SetMessageExtraInfo
LoadStringA
DlgDirListComboBoxA
DispatchMessageW
DdeCreateStringHandleA
MapDialogRect
GetDialogBaseUnits
FlashWindow
EnableWindow
SetWindowsHookW
GetTabbedTextExtentW
MessageBoxExW
GetWindowThreadProcessId
GetScrollInfo
GetTabbedTextExtentA
CreateMenu
PeekMessageW
TrackPopupMenuEx
IsDialogMessageA
InternalGetWindowText
NotifyWinEvent
FindWindowExA
CallMsgFilterW
LoadIconW
ole32
CoReleaseMarshalData
CoCreateGuid
CoGetClassObject
CoIsOle1Class
OleCreateLinkFromData
OleSetMenuDescriptor
CoGetMalloc
CreateStreamOnHGlobal
StgCreateDocfile
CoSuspendClassObjects
CoRegisterMallocSpy
StringFromCLSID
StringFromIID
CoRegisterClassObject
OleCreateLinkToFileEx
CreateAntiMoniker
StgOpenStorageEx
CoSetProxyBlanket
CoRegisterSurrogate
CreatePointerMoniker
OleConvertOLESTREAMToIStorage
CoUnmarshalInterface
GetClassFile
ReadClassStg
ReadClassStm
CoQueryReleaseObject
CoFreeUnusedLibraries
OleQueryLinkFromData
OleCreate
UtGetDvtd16Info
CreateItemMoniker
OleCreateFromFile
OleDoAutoConvert
CoGetPSClsid
OleCreateDefaultHandler
CoLockObjectExternal
IsEqualGUID
CreateDataCache
GetRunningObjectTable
DoDragDrop
CoTaskMemAlloc
CoRevertToSelf
CoUninitialize
OleRegEnumVerbs
WriteClassStm
OleCreateFromFileEx
CoReleaseServerProcess
CoTaskMemFree
GetHookInterface
OleRegGetUserType
UtConvertDvtd32toDvtd16
OleLoad
StgIsStorageFile
CoGetCurrentProcess
CoGetMarshalSizeMax
SetConvertStg
CoMarshalInterThreadInterfaceInStream
CLSIDFromProgID
OleLockRunning
OleDraw
GetHGlobalFromStream
CreateObjrefMoniker
CoFileTimeToDosDateTime
StgCreateStorageEx
OleSaveToStream
MkParseDisplayName
CreateFileMoniker
UtConvertDvtd16toDvtd32
UtGetDvtd32Info
ReleaseStgMedium
CoRevokeMallocSpy
RegisterDragDrop
OleCreateEmbeddingHelper
StringFromGUID2
CoQueryClientBlanket
CoRegisterChannelHook
CoTaskMemRealloc
OleRegEnumFormatEtc
OleCreateFromData
CoGetCurrentLogicalThreadId
BindMoniker
CoRegisterMessageFilter
CoBuildVersion
SetDocumentBitStg
CreateGenericComposite
OleCreateLink
CoTreatAsClass
IsAccelerator
CoGetObject
StgOpenAsyncDocfileOnIFillLockBytes
CoUnmarshalHresult
OleCreateStaticFromData
CoGetInstanceFromIStorage
OleConvertOLESTREAMToIStorageEx
OleGetIconOfFile
OleRegGetMiscStatus
WriteClassStg
OleCreateEx
advapi32
BuildSecurityDescriptorW
CryptGetProvParam
IsValidSecurityDescriptor
GetSecurityDescriptorControl
RegEnumValueA
RegDeleteKeyW
SetNamedSecurityInfoA
SetSecurityInfo
ConvertSecurityDescriptorToAccessW
LogonUserA
RegUnLoadKeyA
QueryServiceObjectSecurity
EqualSid
RegUnLoadKeyW
RegQueryInfoKeyA
IsTextUnicode
RegCreateKeyExA
CryptSetProviderExA
ClearEventLogA
GetAce
InitializeSid
GetSecurityDescriptorDacl
CreateServiceA
StartServiceCtrlDispatcherA
SetSecurityInfoExW
CryptEnumProviderTypesA
CryptEncrypt
GetServiceDisplayNameA
CloseServiceHandle
QueryServiceLockStatusA
CryptAcquireContextA
EnumServicesStatusA
PrivilegedServiceAuditAlarmA
GetKernelObjectSecurity
StartServiceCtrlDispatcherW
GetSidIdentifierAuthority
LookupPrivilegeDisplayNameW
SetServiceStatus
SetSecurityDescriptorDacl
AllocateLocallyUniqueId
GetServiceKeyNameA
GetExplicitEntriesFromAclW
GetSidSubAuthorityCount
SetSecurityInfoExA
OpenServiceW
CryptHashData
EnumDependentServicesA
FindFirstFreeAce
ObjectOpenAuditAlarmW
SetEntriesInAuditListA
ObjectDeleteAuditAlarmA
GetTrusteeTypeA
RegDeleteValueA
InitializeSecurityDescriptor
StartServiceW
CryptAcquireContextW
CryptVerifySignatureW
IsValidSid
AddAuditAccessAce
RegisterEventSourceW
SetPrivateObjectSecurity
InitiateSystemShutdownA
RegCreateKeyExW
GetEffectiveRightsFromAclW
RegEnumValueW
CryptGetUserKey
AccessCheckAndAuditAlarmA
SetSecurityDescriptorSacl
BuildTrusteeWithNameA
QueryServiceConfigW
CryptGenRandom
GetSecurityDescriptorLength
GetMultipleTrusteeA
PrivilegeCheck
RegOpenKeyW
RegCloseKey
LookupPrivilegeNameA
LogonUserW
OpenBackupEventLogA
LookupPrivilegeValueA
DuplicateTokenEx
RegOpenKeyExA
LookupSecurityDescriptorPartsA
CryptDeriveKey
GetSecurityDescriptorGroup
DeleteService
QueryServiceStatus
RegQueryValueExW
RegLoadKeyW
SetEntriesInAccessListA
GetAccessPermissionsForObjectW
SetThreadToken
LookupAccountNameW
GetNamedSecurityInfoExA
BackupEventLogA
QueryServiceLockStatusW
RegRestoreKeyW
ObjectOpenAuditAlarmA
GetEffectiveRightsFromAclA
CryptExportKey
ReadEventLogA
CreateProcessAsUserA
RegSaveKeyA
LookupPrivilegeValueW
shlwapi
SHIsLowMemoryMachine
SHEnumKeyExA
StrChrA
SHRegDeleteEmptyUSKeyA
StrRChrW
IntlStrEqWorkerW
PathAddBackslashW
PathRelativePathToA
PathCommonPrefixA
PathAddExtensionA
StrSpnA
SHDeleteKeyW
PathGetDriveNumberW
PathAddExtensionW
PathFindSuffixArrayA
SHEnumValueW
PathCanonicalizeA
PathCreateFromUrlW
StrIsIntlEqualA
StrNCatW
UrlEscapeW
PathFindFileNameW
StrTrimW
SHCreateStreamOnFileA
StrPBrkA
PathUnmakeSystemFolderW
PathSetDlgItemPathA
PathFindOnPathW
SHCopyKeyA
PathIsFileSpecW
PathRemoveExtensionW
PathIsDirectoryW
SHRegGetUSValueW
PathSearchAndQualifyW
SHSkipJunction
UrlApplySchemeW
PathCanonicalizeW
SHOpenRegStreamW
SHRegSetUSValueW
ColorRGBToHLS
UrlGetLocationA
SHQueryInfoKeyA
StrToIntExW
SHRegEnumUSKeyA
UrlGetPartA
PathParseIconLocationA
UrlCreateFromPathA
StrCSpnA
PathQuoteSpacesA
PathRemoveBlanksA
PathGetArgsW
SHRegGetBoolUSValueA
StrFormatByteSize64A
PathRelativePathToW
PathIsURLW
PathRemoveFileSpecW
SHDeleteEmptyKeyA
PathRemoveFileSpecA
SHDeleteValueA
StrStrIW
SHQueryValueExW
PathCombineA
StrCpyNW
UrlCreateFromPathW
UrlIsNoHistoryA
SHCopyKeyW
SHGetThreadRef
StrFormatByteSizeA
StrDupA
IntlStrEqWorkerA
PathStripToRootW
SHStrDupA
PathStripPathW
PathGetCharTypeA
PathIsUNCServerA
UrlCanonicalizeW
StrCpyW
PathSetDlgItemPathW
HashData
SHRegGetBoolUSValueW
SHRegOpenUSKeyA
StrCmpNA
PathGetDriveNumberA
PathIsNetworkPathW
PathCompactPathExA
PathFindNextComponentW
PathIsSystemFolderW
SHDeleteKeyA
ChrCmpIW
PathFileExistsW
StrDupW
PathRemoveBlanksW
SHRegQueryUSValueA
PathIsLFNFileSpecA
SHRegGetUSValueA
StrCSpnW
SHGetInverseCMAP
wvnsprintfW
StrChrIW
PathStripToRootA
PathRemoveExtensionA
StrPBrkW
PathIsUNCServerShareA
StrTrimA
UrlCanonicalizeA
AssocQueryStringByKeyW
PathCompactPathExW
StrChrW
StrCmpW
PathUndecorateA
PathRemoveBackslashW
PathRenameExtensionA
SHSetThreadRef
GetMenuPosFromID
StrCmpNIW
StrRChrIA
Sections
.text Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 33B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE