Static task
static1
Behavioral task
behavioral1
Sample
cc9b52778fcca659b98dd0b256bbe13bfa5ce156f884155f678bca9296b7d40d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
cc9b52778fcca659b98dd0b256bbe13bfa5ce156f884155f678bca9296b7d40d.exe
Resource
win10v2004-20221111-en
General
-
Target
cc9b52778fcca659b98dd0b256bbe13bfa5ce156f884155f678bca9296b7d40d
-
Size
9KB
-
MD5
518476c3c42239bf40374aec85898cc1
-
SHA1
ba084634701b7df6c8769dc0ae191d6702551d10
-
SHA256
cc9b52778fcca659b98dd0b256bbe13bfa5ce156f884155f678bca9296b7d40d
-
SHA512
5ed8291a5036f15afe931081c8088044919a944499274d96e8802a39a3c778c6c456eec9b950f91519475373e4944ad4457cf38b33ca0cb139b1dc1d8805ae86
-
SSDEEP
96:0ZGdhUMnAnvG6IazIfEF6mk1Hid1IWb8xQIuZ4LZxO4KX7LvYBQKNCC/DvKh/Oko:uGZS7w1Yzbc77xO4SLvYBT7Chzk9
Malware Config
Signatures
Files
-
cc9b52778fcca659b98dd0b256bbe13bfa5ce156f884155f678bca9296b7d40d.exe windows x86
b65a57e6e2da6903db4edb39847694dd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateKey
ZwClose
ZwOpenKey
ZwSetValueKey
wcslen
ZwQueryValueKey
ExAllocatePool
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
ExFreePool
ZwCreateFile
ZwSetInformationFile
ZwOpenFile
ZwQueryInformationFile
memset
ZwReadFile
ZwWriteFile
KeGetCurrentThread
KeQueryPriorityThread
KeSetPriorityThread
KeInitializeTimerEx
KeSetTimerEx
KeWaitForSingleObject
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
KeCancelTimer
PsTerminateSystemThread
IoDeleteSymbolicLink
IoDeleteDevice
PsCreateSystemThread
ObReferenceObjectByHandle
IoCreateDevice
IoCreateSymbolicLink
ObfDereferenceObject
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 320B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 468B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ