Static task
static1
Behavioral task
behavioral1
Sample
e3c6563977453a03e8e85caa9a46819c7089e0cf052e415bfd9f31fe4265567a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e3c6563977453a03e8e85caa9a46819c7089e0cf052e415bfd9f31fe4265567a.dll
Resource
win10v2004-20220812-en
General
-
Target
e3c6563977453a03e8e85caa9a46819c7089e0cf052e415bfd9f31fe4265567a
-
Size
200KB
-
MD5
8ddedd8632004e11efd36c9f46bca164
-
SHA1
565513702f50070c227254d7cf491aa5cb61ff70
-
SHA256
e3c6563977453a03e8e85caa9a46819c7089e0cf052e415bfd9f31fe4265567a
-
SHA512
255a71b086297f53eee9e394e0832f17b72fe102a760668a8ecbd71ae0b80638c04bbcfbe4c1d77d09f5a445067a9f9d0fa3ad9045443c6689924c637376c46d
-
SSDEEP
3072:JlmqxvfGFUPygjbQJoo8UniZ5dFGzlKA:JlmIfhK0bQJz8giZ5PGh
Malware Config
Signatures
Files
-
e3c6563977453a03e8e85caa9a46819c7089e0cf052e415bfd9f31fe4265567a.dll windows x86
53c27c1c924c374c38dda8c8bf65fa22
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TerminateProcess
Sleep
WideCharToMultiByte
GlobalUnlock
DeleteFileA
WriteFile
GetTempPathA
ReadFile
GetFileSize
CreateFileA
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
SetThreadPriority
CreateEventA
OpenEventA
GetTickCount
OutputDebugStringA
GetCommandLineA
GetWindowsDirectoryA
Process32Next
Process32First
GetVersionExA
GetLocalTime
CreateProcessA
OpenProcess
MoveFileExA
GetSystemDirectoryA
GetCurrentThreadId
DeviceIoControl
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
GlobalAlloc
GetLastError
SetErrorMode
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
SetFilePointer
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GlobalLock
GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalFree
GetModuleFileNameA
GetCurrentProcess
CreateThread
CloseHandle
ReadProcessMemory
ExitProcess
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetVersion
HeapFree
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
user32
wsprintfA
GetWindowThreadProcessId
PostMessageA
GetWindowTextA
EnumWindows
GetMessageA
PostThreadMessageA
GetInputState
ClipCursor
wininet
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetOpenUrlW
InternetOpenW
ws2_32
getpeername
inet_ntoa
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
Sections
.text Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vdata Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ