Static task
static1
Behavioral task
behavioral1
Sample
f8f0bbbbe202c0f76e846beb15a455c1d375c5a3dceb043a41cf460ea3ab7e21.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f8f0bbbbe202c0f76e846beb15a455c1d375c5a3dceb043a41cf460ea3ab7e21.exe
Resource
win10v2004-20221111-en
General
-
Target
f8f0bbbbe202c0f76e846beb15a455c1d375c5a3dceb043a41cf460ea3ab7e21
-
Size
152KB
-
MD5
ffb175e9ebe25db3fb50dfe632bfcf12
-
SHA1
b59b8f8f8c60083a47c44676be7a4cb89dc880b9
-
SHA256
f8f0bbbbe202c0f76e846beb15a455c1d375c5a3dceb043a41cf460ea3ab7e21
-
SHA512
1ce138d24abbab3394bf43729a5b5934c7e6cbfac79d33452b4c6089ffc3e60e6b20cd5f9e5254592dd4a1c493bdb30cc26ba84b96a7d33d7d6456b000985874
-
SSDEEP
3072:7m3PESrt9/J2WkAvVyc0gAYQ5y19KqYar/wbtABhJozScUsAcfB0c:7m3PP9/W0VyvXX5y12kwZEcecUSBp
Malware Config
Signatures
Files
-
f8f0bbbbe202c0f76e846beb15a455c1d375c5a3dceb043a41cf460ea3ab7e21.exe windows x86
59fcaaaa660a016fdd8f64d1e1aaf2b7
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateEventA
GetLocalTime
MoveFileA
ExitProcess
CreateProcessA
SetFilePointer
ReadFile
Sleep
WriteFile
RemoveDirectoryA
LocalAlloc
LocalFree
GetDriveTypeA
CreateDirectoryA
GetVersionExA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetModuleHandleA
GetStartupInfoA
SetErrorMode
ReleaseMutex
GlobalUnlock
GetProcAddress
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
SetEvent
lstrcpyA
VirtualAlloc
VirtualFree
CloseHandle
LoadLibraryA
GlobalFree
user32
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
MessageBoxA
CharNextA
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
LoadCursorA
GetMessageA
WindowFromPoint
TranslateMessage
DispatchMessageA
IsWindow
SetCapture
SendMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
SetRect
ReleaseDC
gdi32
DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
advapi32
OpenProcessToken
RegQueryValueA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation
shell32
SHGetSpecialFolderPathA
SHGetFileInfoA
ole32
CoCreateInstance
CoInitialize
CoUninitialize
msvcrt
exit
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
_errno
atoi
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
_CxxThrowException
ceil
_ftol
strstr
strchr
malloc
free
_except_handler3
strrchr
rename
ws2_32
WSAStartup
sendto
recvfrom
__WSAFDIsSet
gethostname
listen
accept
getpeername
bind
getsockname
inet_addr
inet_ntoa
send
select
closesocket
socket
gethostbyname
htons
connect
setsockopt
WSACleanup
ntohs
msvcp60
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
msvfw32
ICSeqCompressFrameEnd
ICSendMessage
psapi
EnumProcessModules
wtsapi32
WTSQuerySessionInformationA
WTSFreeMemory
Sections
.data Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ