Static task
static1
Behavioral task
behavioral1
Sample
9edc7d0f332a118554b65440e520ee606c1302bc73208b0d4d5174fcac408425.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9edc7d0f332a118554b65440e520ee606c1302bc73208b0d4d5174fcac408425.exe
Resource
win10v2004-20221111-en
General
-
Target
9edc7d0f332a118554b65440e520ee606c1302bc73208b0d4d5174fcac408425
-
Size
265KB
-
MD5
4d7acd52da8be5cb870a671f054b7eda
-
SHA1
add1830b68b3c31604af327b77508dd86b0bda93
-
SHA256
9edc7d0f332a118554b65440e520ee606c1302bc73208b0d4d5174fcac408425
-
SHA512
1a75fdec528320ad839ee973a328e95ec91f9c3f0340168bb72be51511e581a4eccc7096c332b0dcaea06d85b3ef2e98589e1f53d59ed25dd366c615720566cf
-
SSDEEP
3072:8wZkJve+puefuzpKmTXIMYftdo7o5FXMAf4J9XIuCe165q+vqRcIlEl:8wT+puvQtS7oLMAf4LIurgxvqRcIlEl
Malware Config
Signatures
Files
-
9edc7d0f332a118554b65440e520ee606c1302bc73208b0d4d5174fcac408425.exe windows x86
c66d77838b231a8b69799bef6e86e832
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
crypt32
CertOpenSystemStoreA
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertNameToStrA
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
ntdll
NtQueryInformationThread
_strcmpi
strtoul
NtQueryObject
NtDuplicateObject
NtQuerySystemInformation
RtlAdjustPrivilege
NtQueryInformationProcess
strncpy
_itoa
_alldiv
_allmul
isalnum
strncmp
_strlwr
NtAllocateVirtualMemory
atoi
NtUnmapViewOfSection
RtlInitUnicodeString
NtOpenFile
NtCreateSection
NtMapViewOfSection
NtClose
sprintf
memmove
NtQueryInformationFile
NtReadVirtualMemory
NtWriteVirtualMemory
NtProtectVirtualMemory
sscanf
memcpy
NtTerminateThread
memset
_chkstk
_snprintf
_vsnprintf
wcsstr
strstr
NtFreeVirtualMemory
LdrFindEntryForAddress
ws2_32
inet_addr
inet_ntoa
WSAGetLastError
ntohs
getpeername
htons
wininet
InternetSetStatusCallback
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionA
InternetSetCookieA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetQueryOptionA
shlwapi
SHGetValueA
StrCmpNA
StrCmpNIA
SHRegSetUSValueA
StrSpnA
StrPBrkA
StrStrA
StrStrIA
PathCombineA
SHDeleteValueA
msimg32
AlphaBlend
urlmon
ObtainUserAgentString
kernel32
TerminateProcess
VirtualQuery
SetErrorMode
OpenThread
CreateEventA
lstrcpyW
FindFirstFileW
FindNextFileW
GetVersionExA
GetUserDefaultLangID
GetTickCount
GetWindowsDirectoryA
CreateProcessA
GetModuleHandleA
IsBadWritePtr
SetFileTime
LoadResource
SizeofResource
GetTimeZoneInformation
CreateSemaphoreA
ReleaseSemaphore
VirtualQueryEx
VirtualAllocEx
TryEnterCriticalSection
ResumeThread
FlushInstructionCache
OpenMutexA
CreateMutexA
OpenProcess
lstrlenW
GetFileInformationByHandle
GetLocalTime
FileTimeToSystemTime
lstrlenA
lstrcpyA
DuplicateHandle
CreateDirectoryW
CreateDirectoryA
LocalFileTimeToFileTime
lstrcmpA
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
OutputDebugStringA
GetCurrentThreadId
GetLastError
CloseHandle
CreateThread
Sleep
HeapFree
HeapValidate
HeapAlloc
GetProcessHeap
IsBadReadPtr
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
SuspendThread
SetThreadPriority
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
GetModuleFileNameA
InitializeCriticalSection
GetExitCodeThread
HeapReAlloc
GetThreadPriority
WriteFile
WaitNamedPipeA
MultiByteToWideChar
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
WriteProcessMemory
VirtualProtectEx
DeleteFileW
SetFileAttributesW
CreateFileW
SetLastError
SetEvent
GetTempFileNameA
ExitThread
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
MoveFileExA
FindFirstFileA
QueryDosDeviceA
GetLogicalDriveStringsA
GetFileAttributesW
WideCharToMultiByte
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
user32
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
GetKeyState
WindowFromPoint
CallWindowProcA
GetWindowDC
GetWindowRect
GetCursorPos
ReleaseDC
LoadStringW
LoadStringA
EnumWindows
wsprintfA
CharLowerA
PeekMessageW
TranslateMessage
DispatchMessageW
GetKeyboardState
ToUnicode
MsgWaitForMultipleObjects
gdi32
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
SetPixel
CreateDIBSection
SetBitmapBits
advapi32
CryptGetUserKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
CryptGetKeyParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA
ole32
CreateStreamOnHGlobal
Sections
.text Size: 256KB - Virtual size: 256KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ