Static task
static1
Behavioral task
behavioral1
Sample
bc6f7a8ea86eb8d0cd94558b9adf47e5fcb8457f8e7dab79f4c6215e6e2dcfb6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bc6f7a8ea86eb8d0cd94558b9adf47e5fcb8457f8e7dab79f4c6215e6e2dcfb6.exe
Resource
win10v2004-20220901-en
General
-
Target
bc6f7a8ea86eb8d0cd94558b9adf47e5fcb8457f8e7dab79f4c6215e6e2dcfb6
-
Size
136KB
-
MD5
3e7bfce2725c8f9eb8c0f29d9dcdbbd4
-
SHA1
53967bd0a7dba1a657b3b70cb5d8a3ec4e211f54
-
SHA256
bc6f7a8ea86eb8d0cd94558b9adf47e5fcb8457f8e7dab79f4c6215e6e2dcfb6
-
SHA512
acaead19858bce51144cdcf1aa1373cc2d72957a04d1b0bc56473af797483708bfe2a8f79ea3dff6d0c22f29693aa8f2545030a1411bae29595d8b2aa22aad36
-
SSDEEP
3072:J8TgErxYyPH54aVTQHi+dyvZpGW2fOgmygR/qItGQR4E:Jw1fH5xAiZvLGWi9mZqIhR4
Malware Config
Signatures
Files
-
bc6f7a8ea86eb8d0cd94558b9adf47e5fcb8457f8e7dab79f4c6215e6e2dcfb6.exe windows x86
cf2a2ca75ae9741c0a8b8f3081090a04
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
wod32Message
midiStreamClose
timeGetTime
waveOutSetVolume
waveOutSetPitch
midiOutSetVolume
midiOutGetNumDevs
mciDriverYield
mmioOpenW
waveInAddBuffer
mmioSeek
mmTaskBlock
joyGetNumDevs
midiOutCachePatches
CloseDriver
wid32Message
WOW32DriverCallback
mmioFlush
mmioAdvance
DriverCallback
midiStreamPause
waveOutGetDevCapsA
mmTaskCreate
midiInOpen
midiInReset
mmioAscend
joyGetPos
midiInClose
mixerGetLineInfoW
sndPlaySoundA
midiInGetDevCapsA
waveInGetErrorTextA
waveOutMessage
timeSetEvent
NotifyCallbackData
midiStreamRestart
mciSendStringW
waveOutGetPosition
midiOutClose
kernel32
FindFirstChangeNotificationA
GetPrivateProfileIntA
PulseEvent
GlobalMemoryStatusEx
UnlockFileEx
FreeUserPhysicalPages
BaseUpdateAppcompatCache
ReadConsoleOutputW
BaseDumpAppcompatCache
ExpungeConsoleCommandHistoryA
GetStartupInfoA
SetupComm
IsBadWritePtr
ExitProcess
LZOpenFileA
WriteFileGather
VerifyVersionInfoW
_lopen
GetConsoleMode
ReadDirectoryChangesW
VirtualFree
DefineDosDeviceW
EnumLanguageGroupLocalesW
GetFileType
GetSystemWindowsDirectoryW
FindResourceExA
DeleteCriticalSection
SetConsoleScreenBufferSize
OpenConsoleW
CopyLZFile
GetFileAttributesExA
CreateFileMappingA
GetProcessTimes
RtlMoveMemory
WriteConsoleInputW
LeaveCriticalSection
GetNumberFormatA
LoadLibraryA
OpenFileMappingA
GetGeoInfoW
BaseFlushAppcompatCache
UnregisterWaitEx
ContinueDebugEvent
SetCommState
SetEnvironmentVariableW
VirtualAlloc
EnterCriticalSection
GetEnvironmentVariableW
iphlpapi
InternalSetIpNetEntry
_PfRemoveFilterHandles@12
CreateIpNetEntry
InternalGetIfTable
GetAdapterOrderMap
NotifyAddrChange
GetIpAddrTable
GetAdapterIndex
_PfTestPacket@20
EnableRouter
NhGetGuidFromInterfaceName
SendARP
_PfBindInterfaceToIndex@16
DeleteProxyArpEntry
GetTcpStatisticsEx
NTPTimeToNTFileTime
GetNetworkParams
InternalSetIpForwardEntry
SetTcpEntry
DeleteIPAddress
SetIfEntry
GetIcmpStatistics
GetBestInterface
do_echo_req
_PfMakeLog@4
ntdll
NtOpenKeyedEvent
ZwDeleteFile
NtGetWriteWatch
RtlUnicodeStringToAnsiSize
NtQueryMultipleValueKey
ZwDuplicateObject
RtlUnlockBootStatusData
ZwCreateJobObject
NtCreateWaitablePort
wcspbrk
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtUnloadKeyEx
RtlAddAccessAllowedAceEx
_ltoa
ZwQueryTimer
NtListenPort
NtTerminateProcess
ZwYieldExecution
RtlAcquireResourceExclusive
NtRemoveProcessDebug
NtRegisterThreadTerminatePort
_aulldiv
NtFilterToken
ZwQueryBootOptions
NtAllocateUuids
NtSetTimer
RtlDuplicateUnicodeString
RtlxUnicodeStringToOemSize
RtlZeroHeap
RtlDestroyAtomTable
ZwUnloadKey
NtQueryOpenSubKeys
RtlNewSecurityObject
NtAcceptConnectPort
NtOpenSection
RtlPopFrame
RtlDosSearchPath_U
RtlActivateActivationContext
sqrt
RtlCreateTagHeap
LdrDisableThreadCalloutsForDll
NtAccessCheckByTypeResultList
ZwWriteFileGather
ZwWriteRequestData
RtlClearBits
NtReadRequestData
ZwAccessCheckAndAuditAlarm
NtAreMappedFilesTheSame
bsearch
RtlFreeUnicodeString
RtlEqualSid
RtlConvertExclusiveToShared
wcslen
RtlQueueApcWow64Thread
RtlCaptureStackContext
ZwQueryVirtualMemory
RtlDumpResource
RtlpWaitForCriticalSection
NtTranslateFilePath
qsort
ZwSetIntervalProfile
wcsncmp
RtlExtendedLargeIntegerDivide
RtlUnicodeToMultiByteN
RtlLengthRequiredSid
ZwCreateSymbolicLinkObject
NtClearEvent
NtDeviceIoControlFile
NtQuerySystemEnvironmentValueEx
RtlAnsiStringToUnicodeSize
RtlGetUserInfoHeap
tan
RtlApplyRXact
DbgUiConnectToDbg
ZwSetTimerResolution
RtlImageRvaToSection
RtlTraceDatabaseLock
RtlReleaseActivationContext
NtNotifyChangeDirectoryFile
NtDeleteBootEntry
ZwQueryInformationJobObject
RtlpNtMakeTemporaryKey
mapi32
ScRelocNotifications@20
WrapProgress@20
MAPIOpenFormMgr
MAPIDetails
HrGetOneProp@12
ScMAPIXFromCMC
EnableIdleRoutine@8
FGetComponentPath@20
HrGetOmiProvidersFlags@8
BMAPIReadMail
HrQueryAllRows@24
HrComposeEID@28
HrValidateIPMSubtree@20
HrSzFromEntryID@12
MAPIOpenLocalFormContainer
MAPIAllocateMore@12
MapStorageSCode@4
MAPISendDocuments
CbOfEncoded@4
SwapPword@8
MAPIInitialize@4
UlFromSzHex@4
HrValidateParameters@8
MAPIUninitialize@0
FBadRglpNameID@8
HrAddColumnsEx@20
CreateTable@36
ScRelocProps@20
FtMulDw@12
msscp
DllGetClassObject
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 65KB - Virtual size: 196KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ