Static task
static1
Behavioral task
behavioral1
Sample
cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe
Resource
win10v2004-20220901-en
General
-
Target
cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a
-
Size
354KB
-
MD5
6f4955d8939cec2befa35675262480c8
-
SHA1
9d994629bc52bb779ebf4bc6f7f83459cd436512
-
SHA256
cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a
-
SHA512
e996fb0c2611c77c1b3561ef0b6940e6abf1da84ff2de5989e0261436e3f9b705923ff620b15e928f6ad054100621894ef98bb1590a37ca1340410b9d5448a0e
-
SSDEEP
6144:Etx++PRSzLLgetYCNMr8N61MCOp8m4wX7RgWuZd68B2tPjwVGwVna8tAeGIDo:gjkcetY5YGMCVHmgBZd/B2tbuXtA8Do
Malware Config
Signatures
Files
-
cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe windows x86
d7e0a2dff2582856672a6ea00df71321
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfA
CharLowerA
wsprintfA
CharNextA
CloseDesktop
GetThreadDesktop
SetThreadDesktop
OpenDesktopA
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetDesktopWindow
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
kernel32
GetCurrentDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetTempPathA
GetTempFileNameA
GetTempFileNameA
SetLastError
LoadLibraryExA
FormatMessageA
GetModuleFileNameA
CreateFileA
DeleteFileA
OutputDebugStringA
OutputDebugStringA
CreateMutexA
GetModuleHandleA
GetFileAttributesA
CreateFileMappingA
CreateProcessA
IsDBCSLeadByte
WaitForSingleObject
GetModuleHandleA
IsBadWritePtr
lstrcmpiA
MapViewOfFileEx
IsBadReadPtr
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
SetEndOfFile
FlushFileBuffers
TlsAlloc
CompareStringA
CompareStringA
GetVersionExA
CopyFileA
MoveFileExA
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
CreateDirectoryA
OpenFileMappingA
GetSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetFilePointer
lstrcatA
LocalFree
WideCharToMultiByte
lstrlenA
FindResourceA
LoadResource
GetSystemDefaultUILanguage
GetExitCodeProcess
lstrcmpA
FindResourceExA
LockResource
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
GetSystemDirectoryA
DisableThreadLibraryCalls
GetModuleFileNameA
ReleaseMutex
SetFileAttributesA
GetLocalTime
DebugBreak
GetThreadContext
IsDebuggerPresent
GetWindowsDirectoryA
lstrcatA
lstrcpyA
VirtualQueryEx
GetComputerNameA
GetLongPathNameA
WriteFile
lstrlenA
lstrcpyA
ReadFile
InterlockedCompareExchange
InterlockedIncrement
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
CloseHandle
GetCurrentThread
lstrcpynA
FreeLibrary
MultiByteToWideChar
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
lstrcmpiA
GetSystemDefaultLCID
GlobalFree
GlobalAlloc
Sleep
GlobalMemoryStatusEx
GetTickCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SearchPathA
CreateFileA
MoveFileA
DeleteFileA
advapi32
SaferSetLevelInformation
SaferIdentifyLevel
SaferGetLevelInformation
SaferCloseLevel
AddAccessAllowedAceEx
AddAce
GetAce
SetSecurityDescriptorControl
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegFlushKey
RegConnectRegistryW
GetSecurityDescriptorLength
BuildTrusteeWithSidW
GetSecurityDescriptorDacl
GetAclInformation
GetEffectiveRightsFromAclW
SaferCreateLevel
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
ConvertSidToStringSidW
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
OpenThreadToken
GetTokenInformation
RegQueryValueExW
GetLengthSid
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
ole32
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoGetMalloc
CLSIDFromString
CoGetCurrentProcess
CoSetProxyBlanket
StringFromCLSID
CoTaskMemRealloc
CoCreateInstanceEx
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoGetObjectContext
CoGetContextToken
CoRevertToSelf
CoTaskMemFree
CoTaskMemAlloc
oleaut32
SysFreeString
VariantInit
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
VariantClear
SysAllocString
LoadRegTypeLi
LoadTypeLibEx
msvcrt
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_wstrdate
_wstrtime
_waccess
wcstombs
mbstowcs
_ltow
_wtol
towupper
_wcslwr
wcsstr
wcstol
swprintf
_ultoa
_vsnwprintf
malloc
realloc
memmove
_snprintf
wcscmp
_wcsnicmp
qsort
_i64tow
_snwprintf
_purecall
wcsncpy
wcsrchr
wcscpy
wcscat
_wcsicmp
__CxxFrameHandler
wcslen
_except_handler3
wcschr
rpcrt4
UuidFromStringA
version
VerQueryValueA
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 329KB - Virtual size: 332KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.KAJS Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.KEJS Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.YQGW Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.hags Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 440KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ