Static task
static1
Behavioral task
behavioral1
Sample
e855a72e8e762e0b8f6e2a7baae92c41bb76f2131c53aade8adf64e1ee18a4ad.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e855a72e8e762e0b8f6e2a7baae92c41bb76f2131c53aade8adf64e1ee18a4ad.exe
Resource
win10v2004-20221111-en
General
-
Target
e855a72e8e762e0b8f6e2a7baae92c41bb76f2131c53aade8adf64e1ee18a4ad
-
Size
303KB
-
MD5
17d0f3a43ddfbd9972b85fc82afcc7cf
-
SHA1
959ccb51a5cbb6a1a36b0318ca4358d4b0a6cd1a
-
SHA256
e855a72e8e762e0b8f6e2a7baae92c41bb76f2131c53aade8adf64e1ee18a4ad
-
SHA512
a0128bc83b90b76ad6b03a18c12bbac98cff4a9b2d83f56b2bcd2d0a75ff01d943afe415b2f579c86030b8b223957ede17f40c72325b70b5b3a8e9ae05797514
-
SSDEEP
6144:D6I4f+Ub8DwRb18eFesZXXGDW2rNr6iaGE2YpVkF0CAvEO4:+UIb1uFHRdaGE2Y8F0dsO4
Malware Config
Signatures
Files
-
e855a72e8e762e0b8f6e2a7baae92c41bb76f2131c53aade8adf64e1ee18a4ad.exe windows x86
8c1922b888e15213202263a793861964
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_ltoa
_itoa
isdigit
_stricmp
_chmod
_snprintf
isspace
qsort
atoi
strrchr
atol
sprintf
strstr
_mbspbrk
calloc
free
malloc
bsearch
strtoul
_ultoa
_fullpath
tolower
strncmp
fclose
fprintf
fopen
strncpy
strtok
rename
_strnicmp
time
_filelength
_spawnv
_except_handler3
_adjust_fdiv
_initterm
strspn
_strcmpi
strchr
_mbscspn
_mbstrlen
strpbrk
memmove
toupper
strcspn
_chdrive
_chdir
_getdrive
_fstat
ntdll
RtlAdjustPrivilege
RtlInitializeBitMap
RtlFindClearBits
RtlSetBits
RtlClearBits
RtlFreeUnicodeString
NtCreateEvent
NtOpenEvent
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtClose
NtWaitForMultipleObjects
NtSetEvent
DbgPrint
DbgPrompt
DbgUserBreakPoint
NtOpenFile
RtlDosPathNameToNtPathName_U
NtDeviceIoControlFile
RtlExtendedLargeIntegerDivide
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
NtQuerySystemEnvironmentValue
NtSetSystemEnvironmentValue
RtlEqualUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtQueryDirectoryObject
RtlCopyUnicodeString
NtOpenDirectoryObject
NtAdjustPrivilegesToken
NtOpenProcessToken
NtSetDefaultLocale
kernel32
GetCurrentProcess
GetEnvironmentVariableA
OpenProcess
GetCurrentProcessId
GetVersion
ExpandEnvironmentStringsA
CopyFileA
GetComputerNameA
SetComputerNameA
WriteProfileStringW
GetLocaleInfoW
GetTempFileNameA
GlobalMemoryStatus
GetSystemInfo
GetSystemTime
GetACP
GetOEMCP
FlushFileBuffers
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
MoveFileExA
lstrcpynA
FindNextFileA
CreateFileA
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
lstrcmpiA
GetTickCount
InterlockedIncrement
GetModuleFileNameA
GetSystemDirectoryA
lstrlenA
GetCommandLineA
ExitProcess
lstrcpyA
OpenFile
HeapDestroy
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
IsDBCSLeadByte
OutputDebugStringA
lstrcatA
lstrcmpA
GetLastError
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
QueryDosDeviceA
GetDriveTypeA
MoveFileA
WinExec
GetVolumeInformationA
GetPrivateProfileStringA
GetWindowsDirectoryA
FileTimeToDosDateTime
GetFileTime
DeleteFileA
SetFileTime
CompareFileTime
SetErrorMode
RemoveDirectoryA
WritePrivateProfileStringA
WriteProfileStringA
GetProfileStringA
GetModuleHandleA
GetDiskFreeSpaceA
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetCurrentThreadId
GetFullPathNameA
user32
ReleaseCapture
GetCapture
CharLowerBuffA
SetCapture
CharLowerA
LoadKeyboardLayoutA
SendMessageTimeoutA
PtInRect
FillRect
CharUpperBuffA
MoveWindow
GetWindowThreadProcessId
EnableWindow
GetMenuState
SetWindowsHookExA
UnhookWindowsHookEx
CreateWindowExA
IsWindowEnabled
ExitWindowsEx
DestroyWindow
SetActiveWindow
CallNextHookEx
KillTimer
FlashWindow
SetTimer
GetClientRect
UpdateWindow
InvalidateRect
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
LoadCursorA
GetSystemMetrics
SendMessageA
DefWindowProcA
SetWindowPos
SetCursor
PostQuitMessage
EndPaint
LoadStringA
LoadBitmapA
BeginPaint
MessageBeep
wsprintfA
IsWindow
PostMessageA
SetDlgItemTextA
EndDialog
MessageBoxA
DialogBoxParamA
ShowOwnedPopups
SetForegroundWindow
GetLastActivePopup
wvsprintfA
CharUpperA
CharNextA
SetFocus
GetFocus
PeekMessageA
CharPrevA
GetWindowRect
InflateRect
FrameRect
SetWindowWord
GetWindowWord
ShowWindow
CreateDialogParamA
SetWindowTextA
SendDlgItemMessageA
GetSysColor
GetWindowTextA
UnregisterClassA
RegisterClassA
DefDlgProcA
CheckDlgButton
IsDlgButtonChecked
GetKeyState
GetDlgItem
GetParent
DrawFocusRect
CheckRadioButton
WinHelpA
GetPropA
SetClassLongA
LoadIconA
GetClassLongA
SetPropA
SetWindowLongA
GetWindowLongA
EnumChildWindows
EnableMenuItem
GetSystemMenu
GetClassNameA
GetDesktopWindow
GetActiveWindow
AttachThreadInput
gdi32
CreateFontIndirectA
SetBkMode
GetObjectA
ExtTextOutA
GetDeviceCaps
PatBlt
DeleteObject
StretchBlt
SetBkColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextColor
CreatePatternBrush
GetNearestColor
RectVisible
CreateCompatibleBitmap
SaveDC
IntersectClipRect
SetStretchBltMode
RestoreDC
GetPixel
CreateBitmap
CreateSolidBrush
GetTextMetricsA
GetStockObject
GetTextExtentPointA
advapi32
RegDeleteValueA
SetFileSecurityA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
IsValidSecurityDescriptor
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
InitiateSystemShutdownA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
CreateServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupPrivilegeValueA
GetFileSecurityA
lz32
LZClose
LZInit
LZSeek
LZRead
shell32
ShellAboutA
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
imagehlp
CheckSumMappedFile
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 222KB - Virtual size: 242KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 47KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ