Behavioral task
behavioral1
Sample
559f598e80070ebad11a8d02ff5994317d6d0bf04094438365d0cc0500433ce3.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
559f598e80070ebad11a8d02ff5994317d6d0bf04094438365d0cc0500433ce3.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
559f598e80070ebad11a8d02ff5994317d6d0bf04094438365d0cc0500433ce3
-
Size
375KB
-
MD5
fc7f7df82f4cae6c809f14ce7cf0c9ad
-
SHA1
750dc57e62c1cef56abb10862922d33c09228d61
-
SHA256
559f598e80070ebad11a8d02ff5994317d6d0bf04094438365d0cc0500433ce3
-
SHA512
ba6e80e9906a2c16201c621c2de1df5fd3dfbeed1a8195b9ef2538e60ff30e1b895e6a95286ad147b7716f14e1d566fea507e0f61b85ae2fc9530f938d8f58fa
-
SSDEEP
6144:EQbnodUNCL1doTTBuIcw93z98+r1TWsIH9uh1XWUJ:bbnoyNCL1+BuITaYIHIXb
Malware Config
Signatures
-
resource yara_rule sample upx
Files
-
559f598e80070ebad11a8d02ff5994317d6d0bf04094438365d0cc0500433ce3.exe windows x86
eb99e1e2181ff766a00608446734b71a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
pcscm
??1CPCSLInfoReader2@@UAE@XZ
??0CPCSLInfoReader@@QAE@XZ
?GetPCSL@CPCSLInfoReader@@QAEPBGXZ
??1CPCSLInfoReader@@UAE@XZ
??1CNbuuBarStaticSkin@@UAE@XZ
??1CNbuuButtonSkin@@UAE@XZ
??1CNbuuStaticGradientSkin@@UAE@XZ
??1CNbuuStaticBitmapSkin@@UAE@XZ
??1CNbuuTabSkin@@UAE@XZ
?LoadFromRes@CNbuuBitmap@@QAEXPAUHINSTANCE__@@I@Z
?GetVariantID@CPCSLInfoReader2@@QAEGXZ
??0CPCSLInfoReader2@@QAE@XZ
?IsRTL@CRTLHelper@@QAEHXZ
??1CNbuuBarStaticCtrl@@UAE@XZ
??1CNbuuButtonCtrl@@UAE@XZ
??1CRTLHelper@@UAE@XZ
?FlipDialog@CRTLHelper@@SAPAUDLGTEMPLATE@@PAUHINSTANCE__@@PBGH@Z
??0CRTLHelper@@QAE@PBG@Z
?PcsInitializeWER@@YAHXZ
??1CCommonAboutDlg@@UAE@XZ
?DoModal@CCommonAboutDlg@@QAEHXZ
?SetAboutBoxParams@CCommonAboutDlg@@QAEHPAUtagABOUTBOXPARAMS@@@Z
??0CCommonAboutDlg@@QAE@XZ
?GetPathName@CNFileDialog@@QBEPBGXZ
?SaveBitmap@CNBitmapUtil@@QAEHPBGW4BitmapFormat@@W4BitmapType@@H@Z
?Resize@CNBitmapUtil@@QAEHW4BitmapType@@HHHH@Z
??1CNFileDialog@@UAE@XZ
?DownloadFile@CNFileDialog@@SAJPBGPAUHWND__@@@Z
?GetFolderType@CNFileDialog@@SA?AW4CFD_FOLDER_TYPE@@PBG@Z
?DoModal@CNFileDialog@@UAEHXZ
?EnablePhoneFolders@CNFileDialog@@QAEXK@Z
??0CNFileDialog@@QAE@HPBG0K0PAUHWND__@@@Z
?Show@CNbuuMessageBox@@SAHPAUHWND__@@PBG1I@Z
?PCSCM_Finalize@@YAXXZ
?SetTextColor@CNbuuMessageBox@@SAXK@Z
?SetButtonSkin@CNbuuMessageBox@@SAXPAVCNbuuButtonSkin@@@Z
?SetButtonCaptions@CNbuuMessageBox@@SAXPAUHINSTANCE__@@IIII@Z
?Init@CNbuuLib@@SAXPAUHINSTANCE__@@0@Z
?PCSCM_LoadString@@YAHIPAGH@Z
?WindowProc@CNbuuButtonCtrl@@SGJPAUHWND__@@IIJ@Z
?Draw@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@UAEXPAVCNbuuGraphics@@HH@Z
?GetHWND@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@UAEPAUHWND__@@XZ
?DrawParentBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@@Z
?DrawBackBufferPart@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@11@Z
?DrawBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@1@Z
?DeleteBackBuffer@CNbuuBackBuffer@@UAEXXZ
?CreateBackBuffer@CNbuuBackBuffer@@UAEXHHPAVCNbuuGraphics@@@Z
?OnSize@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnTimer@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnGetCheck@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnSetCheck@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnRadioInfo@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnLButtonUp@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnLButtonDblClick@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnKillFocus@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnSetFocus@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnMouseLeave@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnMouseMove@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnDrawItem@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnEraseBkgnd@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnDestroy@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?OnCreate@CNbuuButtonCtrl@@MAEJPAUHWND__@@IIJ@Z
?SizeToContent@CNbuuButtonCtrl@@UAEXXZ
?Create@CNbuuButtonCtrl@@UAEPAUHWND__@@PAU2@AAUtagRECT@@IKK@Z
?SetToolTipText@CNbuuButtonCtrl@@UAEXPBG@Z
?OnPaint@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@MAEXPAUtagPAINTSTRUCT@@@Z
?UnsubclassWindow@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@UAEPAUHWND__@@H@Z
?SubclassWindow@CNbuuButtonCtrl@@UAEHPAUHWND__@@@Z
?SkinIsValid@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@UAE_NXZ
?SetSkin@?$CNbuuWindowImpl@VCNbuuButtonSkin@@@@UAEXPAVCNbuuButtonSkin@@@Z
?Create@CNbuuButtonCtrl@@MAEPAUHWND__@@PBGPAU2@AAUtagRECT@@0IKKPAX@Z
??0CCSDWrapper@@QAE@XZ
??_7CCSDWrapperListener@@6B@
??1CCSDWrapper@@UAE@XZ
?SetSupportedDevices@CCSDWrapper@@QAEXPBG@Z
?Initialize@CCSDWrapper@@QAEJPAUHWND__@@@Z
?NLoadBitmap@CNBitmapUtil@@QAEPAUHBITMAP__@@PBGW4BitmapType@@H@Z
?Attach@CNbuuBitmap@@QAEXPAUHBITMAP__@@@Z
??0CNbuuBitmap@@QAE@XZ
??0CNBitmapUtil@@QAE@XZ
??1CNbuuBitmap@@UAE@XZ
??1CNBitmapUtil@@QAE@XZ
??0CNbuuTabCtrl@@QAE@XZ
?m_dwLayout@CNbuuLib@@0KA
??1CNbuuTabCtrl@@UAE@XZ
??0CNbuuGraphics@@QAE@PAUHDC__@@@Z
?DrawImage@CNbuuGraphics@@QAEXPAVCNbuuBitmap@@HHHH@Z
??1CNbuuGraphics@@UAE@XZ
?LoadBitmapW@CNbuuResourceManager@@SA_NPAPAVCNbuuBitmap@@PAUHINSTANCE__@@IPBG@Z
?UnloadBitmap@CNbuuResourceManager@@SA_NPAPAVCNbuuBitmap@@@Z
?PcsLoadColor@@YAKPAUHINSTANCE__@@I@Z
?SetTextColor@CNbuuStaticCtrl@@QAEXK@Z
??0CNbuuButtonCtrl@@QAE@XZ
?AddListener@CCSDWrapper@@QAEXPAVCCSDWrapperListener@@@Z
?SelectDevice@CCSDWrapper@@QAEJH@Z
?GetDeviceCount@CCSDWrapper@@QAEHXZ
??0CNbuuBarStaticCtrl@@QAE@XZ
??0CNbuuStaticCtrl@@QAE@XZ
?SetSelectionMode@CCSDWrapper@@QAEXK@Z
??0CNbuuStaticGradientSkin@@QAE@XZ
?SetDefaultSkinDef@CNbuuBarStaticSkin@@SAXVCNbuuBarStaticSkinDef@@@Z
?SetDefaultSkinDef@CNbuuButtonSkin@@SAXVCNbuuButtonSkinDef@@@Z
??0CNbuuStaticBitmapSkin@@QAE@XZ
??0CNbuuTabSkin@@QAE@XZ
??0CNbuuButtonSkin@@QAE@XZ
??0CNbuuBarStaticSkin@@QAE@XZ
?Mirror@CNbuuBitmap@@QAEXXZ
?m_hInstRes@CNbuuLib@@0PAUHINSTANCE__@@A
?SetBackgroundSkin@CNbuuMessageBox@@SAXPAVCNbuuStaticBitmapSkin@@@Z
??1CNbuuStaticCtrl@@UAE@XZ
shlwapi
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
SHDeleteKeyW
PathFileExistsW
PathFindExtensionW
PathAddExtensionW
connapi
ord11
ord12
ord10
ord200
ord201
?StopListening@CCONADeviceNotify@@QAEKXZ
ord205
ord204
ord202
ord203
?StartListening@CCONADeviceNotify@@QAEKXZ
mfc71u
ord5971
ord2009
ord6302
ord566
ord3104
ord3103
ord6301
ord5096
ord1007
ord4320
ord1058
ord4121
ord4078
ord4100
ord5091
ord5342
ord1002
ord2460
ord5398
ord1118
ord5083
ord4733
ord2261
ord5485
ord2121
ord1476
ord1547
ord2468
ord2986
ord1548
ord2266
ord2085
ord3635
ord1079
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord605
ord3829
ord356
ord6061
ord6278
ord5609
ord2651
ord4574
ord4314
ord764
ord2086
ord5911
ord1393
ord4234
ord5210
ord2985
ord4255
ord3311
ord572
ord741
ord1545
ord3189
ord620
ord718
ord1785
ord6115
ord6086
ord5065
ord5066
ord5064
ord4791
ord4611
ord4838
ord4184
ord4714
ord3287
ord6232
ord3644
ord3471
ord762
ord4126
ord1999
ord1293
ord4125
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4371
ord4370
ord4281
ord4788
ord4510
ord4474
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord4514
ord4513
ord4908
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord5147
ord3338
ord1351
ord2711
ord4267
ord410
ord2413
ord2414
ord2412
ord2411
ord648
ord5162
ord5202
ord3678
ord3661
ord1894
ord4112
ord4312
ord5207
ord4861
ord4388
ord709
ord501
ord265
ord516
ord746
ord558
ord3662
ord3547
ord1176
ord3204
ord1925
ord3198
ord2027
ord1573
ord4274
ord1512
ord4266
ord721
ord528
ord607
ord359
ord3126
ord266
ord4577
ord5208
ord3064
ord977
ord599
ord3249
ord334
ord593
ord1135
ord5117
ord3639
ord3444
ord5489
ord3195
ord380
ord1086
ord1194
ord4560
ord2608
ord2615
ord6234
ord2007
ord5152
ord5588
ord1370
ord5408
ord4251
ord1913
ord4216
ord3034
ord2762
ord2832
ord4476
ord4258
ord616
ord368
ord4699
ord629
ord1430
ord6284
ord384
ord6227
ord744
ord556
ord5434
ord3676
ord3585
ord1189
ord4166
ord4175
ord4771
ord4858
ord4855
ord1352
ord756
ord565
ord5170
ord2255
ord3079
ord4300
ord2236
ord313
ord4585
ord3677
ord2365
ord4032
ord4008
ord6272
ord3795
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord4475
ord3327
ord757
ord4119
ord2155
ord2239
ord2424
ord956
ord547
ord1155
ord1121
ord1049
ord1095
ord5113
ord797
ord5319
ord2897
ord588
ord5998
ord328
ord3459
ord2366
ord3910
ord5373
ord2738
ord2589
ord4382
ord5200
ord694
ord468
ord1541
ord3172
ord1790
ord6037
ord3642
ord3460
ord4094
ord1198
ord3238
ord1946
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5352
ord2419
ord2418
ord4013
ord3939
ord5144
ord5201
ord2164
ord1297
ord4271
ord4259
ord635
ord395
ord1962
ord4293
ord5161
ord4880
ord3983
ord4162
ord4244
ord3071
ord5923
ord5855
ord553
ord3641
ord732
ord3200
ord5518
ord4929
ord393
ord1182
ord1178
ord3157
ord5197
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord776
ord293
ord1883
ord6063
ord774
ord3756
ord283
ord1582
ord280
ord899
ord896
ord1472
ord4668
ord4358
ord4790
ord4957
ord4942
ord4194
ord4667
ord4965
ord4523
ord1553
ord2415
ord2260
ord894
ord860
ord1479
ord282
ord2926
ord6173
ord1003
ord1719
ord2766
ord3998
ord777
ord4074
ord5558
ord3990
ord287
ord2697
ord4026
ord2311
ord2042
ord2736
ord5491
ord4846
ord5930
ord6039
msvcr71
wcstombs
??1exception@@UAE@XZ
malloc
wcsftime
_mktime64
_localtime64
wcstok
_wtoi
fputwc
fgetwc
__doserrno
_vsnwprintf
memset
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
__security_error_handler
?terminate@@YAXXZ
_controlfp
_wcslwr
_wcsicmp
wcscmp
_wsplitpath
_wmakepath
swprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscat
wcschr
wcscspn
wcscpy
wcslen
wcsspn
wcsncat
wcspbrk
_wfopen
fwrite
fclose
_purecall
free
wcsncpy
_wtof
__CxxFrameHandler
_except_handler3
??0exception@@QAE@XZ
fseek
kernel32
GetStartupInfoW
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateDirectoryW
GetCurrentThreadId
GlobalAlloc
LoadLibraryExW
InterlockedIncrement
GetLongPathNameW
GetFileAttributesW
GetLocaleInfoW
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
ExitProcess
GetFileSize
ReadFile
CloseHandle
OutputDebugStringW
FreeLibrary
CopyFileW
InterlockedDecrement
QueryPerformanceCounter
FindNextFileW
FindClose
GetLastError
FormatMessageW
LocalFree
SetFileAttributesW
SizeofResource
lstrlenW
lstrcmpiA
lstrcmpA
WideCharToMultiByte
SetLastError
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
GlobalFree
GetTempPathW
GetTempFileNameW
DeleteFileW
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FindFirstFileW
GetVersionExA
CreateFileW
user32
IsWindowVisible
GetWindowRect
SendMessageW
SetWindowTextW
EnableWindow
SetWindowPos
MapWindowPoints
GetSystemMenu
GetMenuState
MonitorFromRect
GetMonitorInfoW
PostThreadMessageW
SetMenu
CheckMenuItem
GetDesktopWindow
LoadMenuW
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuItemInfoW
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetKeyState
GetNextDlgTabItem
SetFocus
GetProcessDefaultLayout
RegisterClipboardFormatW
SetProcessDefaultLayout
DefWindowProcW
IsIconic
OpenIcon
FindWindowW
LoadIconW
LoadCursorW
CallWindowProcW
UpdateWindow
BringWindowToTop
GetMenu
GetSubMenu
EnableMenuItem
MoveWindow
GetSysColor
PostMessageW
LoadStringW
FillRect
GetParent
BeginPaint
EndPaint
SetWindowLongW
GetClientRect
MapDialogRect
LoadAcceleratorsW
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
GetWindowLongW
TranslateAcceleratorW
IsWindow
OpenClipboard
ShowWindow
InvalidateRect
UnregisterClassW
MessageBeep
GetDlgItem
gdi32
SetTextColor
CreateBrushIndirect
GetStockObject
TranslateCharsetInfo
CreateFontW
DeleteObject
SetBkColor
advapi32
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
shell32
SHGetSpecialFolderPathW
DragQueryFileW
comctl32
InitCommonControlsEx
ole32
CLSIDFromString
CoUninitialize
CoInitializeEx
CoInitialize
OleRun
CoCreateInstance
oleaut32
SystemTimeToVariantTime
VariantInit
VarUdateFromDate
VariantTimeToSystemTime
SysFreeString
VarBstrFromDate
VariantClear
SysAllocString
SysAllocStringByteLen
VariantCopy
VariantChangeType
SysStringByteLen
SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayCreateVector
GetErrorInfo
msvcp71
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
Sections
.text Size: 239KB - Virtual size: 239KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.UPX0 Size: 104KB - Virtual size: 252KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE