a�����3���eҩ�xk�Sx��*V��(G�7�W�p���{wh���gO{�� �������'�?�� m���o�I3�x��������u4���x�g��J����n~���:�k�N"���=�&�6�����V3�:��gHr�@S���C"���RM9����bh,7D�F'�!���7\���#��!�A|����uŬ 7\��V��7��*O�~ y���P9��bk�V��vc��J�Ӛ١���^iM�T��6U�9�8�o�D�?������p��u5�?���27b���#ؔ��d�T����B��U�$�����:M���9�[��!tr�UGQ>f`9ŀ�uN��Fl��ƂFW���Hw�j�Y5 �jM������s�S�x�j� �Im�d}�`Dɓ��6-���2�������/�_G��z��U����F�Z'���6��9�J7xEQ���x������X��`�J "Hk��pYFC\�Z?�����a�N�OW����H@Q-I[�be�8KP�m���0C���Qi��6��ۛ��g���/��Y!I3�V�$;�]D�����m8�Iv��O ��d.'^I�T�� ��Ɲ��P��L������V���� [�%<��/v��!�ad�ѯ �)(E������$�~�^�f��.��W�b����{>�H.�k��r8�bAP�-�V��*��ojj�?�4��F���.馛�7=W+��C���K�c���͂pI����L���I��<����9˿,Y��hxN%PU`�%(�F�ہ&W�q��*,Z����D0P��⤬��Mk�� �X���8� W_Ɔ�V���2�p�0�y%pG���=)�W���YK��)�d�����c���S��� g��]O�����o������>��_�j 6���!�WC���)R��q���jdn���-�aZ��t��(%¸�r�@�s�8g��M�I�{'���jK��� ����7� 4���2�U���t;Z�P �T�������P��������/��NP��qA?��=t��"�����yy6�r�6٪��0���-iG�Q_����ŦS<%�9�h�C����* �T��,���0�Bx�nw��Ԡ�~�/_D���:Uq�ԴN��e^��c�F���ȵ�#�\��$^��V�`��H���|ApW�l��;����z,���#e���zhT\Ԙ�L�����!�*;F��M��5�`�d_�L���R��Đ�r'ž'�AK�� �:��M�]+�]$�X��3���kņk�.�NNA�|#�������$c!�9�"����(��e��ǖ�s���B�ִ3r��U��x7�,ɑɺ0w�b�H�WI��/����G����7h;�� Z�d�%���<��z��}Ṯj���RLb�4���b�#�r(���Z#� ��`��0��lG�gG9f�<俲�Q(I��Ɉ?ø�ρ����i���Y^�{��Y¿��<�5Jh���I$O��& �j@�E���A�'��r�`�oL���D��i���:�j�i:K��=E�����f�f� �K������3� ��ê��lH��8���1�p��Kql���Q����hd���W����ϵz�w��>}{�3���V~m����|D/�Zh&���8�� �r*M�"RҺK��(�N�!��8��P|hǒ��/D��0�~p��l�}�&7���j�& 3r�o=A��7�%�������αk�R�)�I�uc�>��hb:� J��%#O��M{$��h��Xqq�M'�g}�*�ە������Zܕ��rh%S?U�M5T�vW��*��6!S����S���g�p8He�*�G�9e tE�a��#����b�����~<�F�V���{�����k6"V����� �[u�j�ᨳ������1@Mڬ^���fz�J,��_#:���X�?x���.��#��@�|�ԕ i�H_N���Y�>;T�3ޚA�r��-0��)`�k`Y'���}I�0G@���W����W�Ju�� ����ֶ�Ɓ$��㻸����yȂ����.UB��j�g%�ѧ�]���ղ̑�K�R�4{�]��y�_Y�<��e�#���L�9��L��/1k� ��Ӿ2�2fr�E,''������]�gz̏_���X�M��8�Za�h��S�%�� �.4�-�}�e9��$����g���My��U���hO�֮z���C��E��`����-�1p������-2[�8�ME�g ��yŹ�'[���-�x$�X���!�˗S'E�/��0r��P�&v1��$Z�@�m��1�� �K�]4k<9r�>�m��pg��A�3�XXU��a��*� }������P�8Ԃ��*8m�Zpm�PD��Lsn@,�uN�_1�}���34HgLUW�|&���C���,���m�T�q��� �2�4��b[@�\����Ӧ��xR�.�<���ɴEv'Q��SKN�azF�mE��~�B�G3�V�}����Ƀ�����ݝ�4���q.�����5�W�K�%��fεODܲN��+!��Zܕk�>�>�V�v�l05�(]붥�����=�,p;ϲ��(�tI��_I?�vE��٫g�\K�Tw��~���5,-S�R��������3I ��#��CVU���,N�%k�`f�T��0X�mq�u$'_�i�?'�����gЏg�J�;w��,���,��#5�#�R7�)�bné=)���� EW�zi�G�dcQ���S1.��A�Β�G�� S[Bپ �9�T�뾉a�cy�6㧡��^(� �8�J�<���Q7�bd��H�s�4�����T�ַ�Ż�.c���G��0��Ē��E����)-ׅ�g���F2=�<����2���7!)�gB�)����o��Q��:ʃs?Д�#-e�C�pC��k�:*e�����h�Ub���<|���,��R�)�)ID�.01�/34\}J��]�Ȋ5<�%���Q�����G)TF7�(;q�6�j#!kU�X�D�N�"m��f\����oї��ڂ���%� ����Dw�/�M� ��&�
Static task
static1
Behavioral task
behavioral1
Sample
cc931350a9f5cfa9d0de5b5476d9a47e6c72c33db00588c07de2e40b7f4740ed.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cc931350a9f5cfa9d0de5b5476d9a47e6c72c33db00588c07de2e40b7f4740ed.exe
Resource
win10v2004-20220812-en
General
-
Target
cc931350a9f5cfa9d0de5b5476d9a47e6c72c33db00588c07de2e40b7f4740ed
-
Size
556KB
-
MD5
0a8edf23303160e1fe6120921c3f3b84
-
SHA1
68defa9ec250af7d436dfe2c50ee78968cface8d
-
SHA256
cc931350a9f5cfa9d0de5b5476d9a47e6c72c33db00588c07de2e40b7f4740ed
-
SHA512
f6d268f34488008fc755c282a62b2db477f6db6d0c7d2cf8fe29a26373fb46e79c72bacb51994ec330d27118352c21110655044db1767b887002ce53cdc93031
-
SSDEEP
12288:Z9XavCU4XMggb9/fk32hTypDDKcTPxiCJR3beH3:/2CU4XMggb9/Q2hGpDDKcTJiaRra3
Malware Config
Signatures
Files
-
cc931350a9f5cfa9d0de5b5476d9a47e6c72c33db00588c07de2e40b7f4740ed.exe windows x86
07da013ab8cc339bd842de6d77e2f5ae
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_controlfp
kernel32
GetStartupInfoA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
user32
MessageBoxA
MessageBoxA
advapi32
RegOpenKeyExA
shell32
SHChangeNotify
ole32
CoCreateInstance
shlwapi
PathFileExistsA
Exports
Exports
Sections
.text Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bad0 Size: - Virtual size: 416KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bad1 Size: 540KB - Virtual size: 537KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ