Static task
static1
Behavioral task
behavioral1
Sample
d5d16669f2cfe3d2a58f86e2ec15d0bae6eb816e51a39bf275d31eb7132be5b7.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
d5d16669f2cfe3d2a58f86e2ec15d0bae6eb816e51a39bf275d31eb7132be5b7.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
d5d16669f2cfe3d2a58f86e2ec15d0bae6eb816e51a39bf275d31eb7132be5b7
-
Size
562KB
-
MD5
c42aa01ead8d31a74f997d60706ffbe4
-
SHA1
9666bb454741fbd4f601cf7b53136ade60022e07
-
SHA256
d5d16669f2cfe3d2a58f86e2ec15d0bae6eb816e51a39bf275d31eb7132be5b7
-
SHA512
cdde22fcd91a5af1fbcaa946a5a51bee873e033a2b84ff6bd073fef1e57603633594a705a1c8db0e4c84c3566e786e971db05ef64ff6bd2a3cf4eb82906c55ed
-
SSDEEP
12288:uBo76yRcRwNn6HTaCDCVaJL2YU28qGLlXa267UL:ue76yaRwNn1CDCEJLq0Ol27UL
Malware Config
Signatures
Files
-
d5d16669f2cfe3d2a58f86e2ec15d0bae6eb816e51a39bf275d31eb7132be5b7.exe windows x86
8e9f6c46718d750bda63379582b1b361
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
shutdown
ntohs
connect
WSAIsBlocking
ord1112
ord1117
WSAAsyncSelect
ord1109
sendto
ord1110
WSAAsyncGetProtoByNumber
WSACancelAsyncRequest
gethostbyaddr
WSAGetLastError
bind
__WSAFDIsSet
gethostname
htons
recv
getsockname
htonl
gethostbyname
WSACancelBlockingCall
setsockopt
inet_addr
ord1115
ntohl
ord1119
getservbyname
WSASetBlockingHook
inet_ntoa
ord1116
recvfrom
getpeername
ord1111
ord1114
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
lstrcatA
GetEnvironmentVariableW
GetProfileStringW
Thread32Next
SetThreadAffinityMask
GetExitCodeThread
GetLocaleInfoW
lstrcpynA
GetSystemTime
FindResourceW
SetThreadPriorityBoost
SetEndOfFile
LocalSize
CreatePipe
SetConsoleMode
GetStringTypeExA
Heap32First
SetVolumeLabelW
OpenFileMappingA
CreateMutexW
WriteConsoleInputA
FindNextFileA
lstrlenA
WaitCommEvent
GetTempPathW
GetAtomNameA
SetConsoleTextAttribute
OutputDebugStringW
GetFullPathNameW
GetPrivateProfileSectionA
FreeResource
WriteConsoleOutputCharacterW
EnumResourceLanguagesA
Heap32ListNext
FindFirstFileW
ReadConsoleOutputAttribute
CreateFileMappingW
WritePrivateProfileSectionA
SleepEx
CreateFileA
GetThreadTimes
CompareFileTime
TryEnterCriticalSection
GetFileAttributesExA
CreateProcessW
WideCharToMultiByte
GetDriveTypeA
MoveFileA
FillConsoleOutputCharacterW
CreateProcessA
EnumCalendarInfoA
GetProcessHeap
FindFirstChangeNotificationA
MoveFileW
CreateEventA
GlobalAlloc
WriteFile
GetConsoleMode
GetPrivateProfileStructW
VirtualLock
GetWriteWatch
GetFileType
ContinueDebugEvent
EscapeCommFunction
VirtualQueryEx
PulseEvent
WritePrivateProfileStringA
EnumDateFormatsA
lstrlen
SetConsoleScreenBufferSize
SetComputerNameA
CreateTapePartition
GetSystemDirectoryW
GetPrivateProfileSectionW
FindFirstFileExA
GetStartupInfoA
Sleep
TlsAlloc
lstrcpynW
GetSystemDirectoryA
CreateMutexA
FindResourceExW
HeapWalk
OpenSemaphoreW
GetNamedPipeHandleStateA
GetDiskFreeSpaceW
GlobalDeleteAtom
EnumResourceTypesW
OpenMutexA
GetTempFileNameA
RtlFillMemory
GlobalWire
OpenEventA
ReadConsoleInputA
EnumResourceLanguagesW
MulDiv
DuplicateHandle
WritePrivateProfileStringW
LeaveCriticalSection
GetLongPathNameA
lstrcmpiW
MoveFileExA
DefineDosDeviceA
SetComputerNameW
AddAtomA
WriteConsoleA
ExitThread
GetNamedPipeInfo
FreeEnvironmentStringsW
GetProcessTimes
GetCalendarInfoA
SetConsoleTitleW
GetUserDefaultLangID
SetVolumeLabelA
WriteProcessMemory
GetStringTypeA
OpenFile
FlushInstructionCache
SetConsoleCursorInfo
EraseTape
DeleteFiber
OpenWaitableTimerW
EnumSystemLocalesA
EnumCalendarInfoW
HeapValidate
OpenEventW
ReadFileEx
GetPrivateProfileIntA
IsDebuggerPresent
CopyFileExA
GetPrivateProfileStringW
EnumSystemCodePagesA
lstrcpyn
GetPrivateProfileStringA
InitializeCriticalSectionAndSpinCount
UpdateResourceW
FindAtomW
WriteProfileStringA
GetPrivateProfileStructA
WaitNamedPipeW
GlobalHandle
WriteFileEx
GetAtomNameW
EnumSystemLocalesW
DisableThreadLibraryCalls
GetLogicalDrives
lstrcatW
UnhandledExceptionFilter
GetConsoleOutputCP
SetEnvironmentVariableW
GetFullPathNameA
ReadFile
SetFileTime
GetShortPathNameA
GetWindowsDirectoryW
GetComputerNameW
EnumResourceNamesA
WriteConsoleOutputAttribute
CreateMailslotA
InitAtomTable
InitializeCriticalSection
GetPrivateProfileIntW
ReadConsoleOutputW
LoadModule
WriteConsoleOutputW
DosDateTimeToFileTime
FreeLibraryAndExitThread
GetHandleInformation
ReadDirectoryChangesW
Module32First
SignalObjectAndWait
SearchPathW
GlobalUnfix
GlobalGetAtomNameW
GetCompressedFileSizeW
SetSystemTime
GetUserDefaultLCID
GetProcessAffinityMask
InterlockedExchangeAdd
UnmapViewOfFile
lstrcpy
GetLastError
GetProfileSectionW
ExpandEnvironmentStringsA
GetThreadContext
GetStringTypeExW
LockFile
GetProcessPriorityBoost
GetConsoleTitleW
GetNumberFormatW
GetConsoleCursorInfo
GetEnvironmentVariableA
GetVersionExA
SetThreadContext
IsValidLocale
WriteConsoleW
lstrcmpA
EnumDateFormatsExW
lstrcpyW
GetFileAttributesA
lstrcpyA
CloseHandle
HeapSize
SetConsoleCtrlHandler
GlobalUnWire
GetDateFormatW
GetCurrentDirectoryA
FillConsoleOutputCharacterA
SetThreadPriority
Module32Next
ExpandEnvironmentStringsW
GlobalMemoryStatus
FoldStringW
HeapDestroy
GetEnvironmentStringsA
GetFileTime
GetVersion
GetNumberFormatA
TerminateThread
FormatMessageW
GetProfileIntW
RemoveDirectoryW
SetConsoleCP
SetConsoleActiveScreenBuffer
GetVolumeInformationA
SetLastError
GetFileAttributesExW
GetStdHandle
GetLogicalDriveStringsA
Process32Next
GetCurrentThread
ConvertDefaultLocale
HeapCompact
TlsSetValue
CreateMailslotW
FindAtomA
CreateWaitableTimerW
InterlockedCompareExchange
VirtualProtect
SearchPathA
WriteProfileSectionA
WritePrivateProfileSectionW
GetWindowsDirectoryA
Heap32ListFirst
GetProcAddress
ConnectNamedPipe
UnlockFile
DeviceIoControl
MoveFileExW
FoldStringA
LoadLibraryExA
ReleaseMutex
WritePrivateProfileStructW
EnumTimeFormatsW
DeleteCriticalSection
GetPriorityClass
EnumResourceNamesW
CreateDirectoryW
GetProfileStringA
FlushFileBuffers
GetPrivateProfileSectionNamesW
GetFileInformationByHandle
GetEnvironmentStrings
ReadConsoleInputW
GlobalCompact
CreateRemoteThread
WriteConsoleOutputA
WriteConsoleOutputCharacterA
FreeConsole
GetStartupInfoW
OpenMutexW
GetModuleHandleW
GlobalLock
GetNumberOfConsoleMouseButtons
GetCommandLineA
EnumCalendarInfoExA
GlobalFree
GetDiskFreeSpaceExW
FormatMessageA
VirtualAllocEx
GetSystemDefaultLCID
WriteProfileStringW
GetVersionExW
EnumResourceTypesA
GetLocaleInfoA
InterlockedDecrement
MultiByteToWideChar
CreateConsoleScreenBuffer
HeapCreate
SetEnvironmentVariableA
CreateFileW
SystemTimeToFileTime
LocalLock
SetEvent
FlushConsoleInputBuffer
LocalFileTimeToFileTime
SetLocalTime
FindFirstChangeNotificationW
CreateSemaphoreW
WaitForSingleObject
IsValidCodePage
VirtualUnlock
GetPrivateProfileSectionNamesA
GetMailslotInfo
EnumDateFormatsW
FileTimeToDosDateTime
ReadConsoleOutputCharacterW
GetDiskFreeSpaceExA
DeleteFileW
WritePrivateProfileStructA
CommConfigDialogW
SetFileAttributesW
SetConsoleTitleA
Toolhelp32ReadProcessMemory
SetConsoleWindowInfo
lstrcmpi
LocalAlloc
GetProfileSectionA
CommConfigDialogA
AddAtomW
GetThreadPriority
lstrlenW
GetCurrencyFormatW
BeginUpdateResourceA
BeginUpdateResourceW
GetEnvironmentStringsW
SetThreadLocale
WriteConsoleInputW
DefineDosDeviceW
SetPriorityClass
WinExec
GetSystemDefaultLangID
LocalShrink
GetComputerNameA
LocalReAlloc
FindCloseChangeNotification
GetTempPathA
ResetWriteWatch
CreateWaitableTimerA
TransmitCommChar
OutputDebugStringA
SetWaitableTimer
SetFileAttributesA
CreateThread
GetDateFormatA
WriteProfileSectionW
EnterCriticalSection
SetHandleCount
EnumTimeFormatsA
RtlZeroMemory
FindFirstFileExW
FileTimeToLocalFileTime
CreateToolhelp32Snapshot
FillConsoleOutputAttribute
OpenFileMappingW
ReadConsoleA
FindFirstFileA
SetLocaleInfoW
InterlockedIncrement
GetExitCodeProcess
FindClose
ResumeThread
DebugBreak
GetConsoleCP
GetProcessShutdownParameters
GetSystemPowerStatus
GetLargestConsoleWindowSize
SystemTimeToTzSpecificLocalTime
DisconnectNamedPipe
lstrcmpW
CreateDirectoryExW
VirtualFree
GetProcessVersion
GetConsoleTitleA
GlobalGetAtomNameA
GetShortPathNameW
GetProcessHeaps
CreateSemaphoreA
WaitForDebugEvent
GetACP
EnumCalendarInfoExW
GlobalAddAtomW
FileTimeToSystemTime
GetLocalTime
GetLogicalDriveStringsW
GetDiskFreeSpaceA
GetTempFileNameW
GetCalendarInfoW
GlobalReAlloc
GetLongPathNameW
VirtualProtectEx
GlobalFindAtomW
OpenSemaphoreA
ResetEvent
ReadConsoleOutputA
HeapUnlock
FreeEnvironmentStringsA
ReleaseSemaphore
EnumSystemCodePagesW
DeleteAtom
lstrcmp
LoadLibraryExW
FindResourceExA
EnumDateFormatsExA
LockFileEx
SetLocaleInfoA
WaitForSingleObjectEx
LoadLibraryW
GetTimeFormatW
SuspendThread
SetConsoleCursorPosition
CopyFileA
CreateDirectoryA
gdi32
SetPaletteEntries
PolyTextOutA
AddFontResourceW
SetColorAdjustment
GdiPlayDCScript
GetPath
CopyMetaFileW
GetWindowExtEx
SetViewportOrgEx
GetEnhMetaFileDescriptionA
SetTextJustification
EnumFontFamiliesA
RemoveFontResourceA
SetBkColor
AngleArc
GetBitmapDimensionEx
SetViewportExtEx
GetDeviceCaps
SetMagicColors
SetEnhMetaFileBits
RestoreDC
SetROP2
GetCharABCWidthsA
FillRgn
OffsetViewportOrgEx
Chord
PolyBezierTo
GetDeviceGammaRamp
CreateICA
GetClipRgn
PlayMetaFile
CreateColorSpaceW
ScaleWindowExtEx
StartDocW
StretchDIBits
CreateBitmapIndirect
Ellipse
EnumICMProfilesA
PlayEnhMetaFile
EnumObjects
gdiPlaySpoolStream
ResetDCW
CreateMetaFileA
FixBrushOrgEx
GetCharWidth32A
PaintRgn
EnumEnhMetaFile
CreatePen
SetPixelFormat
GetObjectType
GetNearestPaletteIndex
GetCharWidthFloatW
GetROP2
GetTextMetricsW
GetOutlineTextMetricsW
EndPath
DeviceCapabilitiesExA
GetBrushOrgEx
GetEnhMetaFileA
GetDCOrgEx
DrawEscape
SetMapMode
GetTextCharsetInfo
GetFontLanguageInfo
SetArcDirection
SetColorSpace
GetCharABCWidthsFloatW
CreateRoundRectRgn
CreateDIBSection
DeleteColorSpace
SetWindowExtEx
GetGlyphOutline
PtInRegion
CancelDC
SetFontEnumeration
GetMetaFileBitsEx
CombineRgn
Escape
SetPixelV
AddFontResourceA
GetEnhMetaFilePaletteEntries
CreateScalableFontResourceA
CreateEnhMetaFileW
GetKerningPairs
SetBoundsRect
StrokePath
ScaleViewportExtEx
DeleteMetaFile
GetCharWidth32W
GetStretchBltMode
GetTextExtentPoint32A
GetTextMetricsA
SetMetaRgn
GetDIBits
SetAbortProc
LPtoDP
GetTextCharacterExtra
GetAspectRatioFilterEx
GetBkColor
GetDIBColorTable
PtVisible
CreateDCW
RectVisible
ExtTextOutW
SetGraphicsMode
AnimatePalette
ExtSelectClipRgn
RemoveFontResourceW
SetDeviceGammaRamp
CopyEnhMetaFileA
GetTextFaceA
ColorCorrectPalette
Polyline
SaveDC
SetICMMode
GetCharacterPlacementA
LineTo
SetDIBits
DeviceCapabilitiesExW
PolyBezier
PlayMetaFileRecord
FloodFill
GetObjectA
PlgBlt
GetBkMode
EqualRgn
ExtFloodFill
ExtTextOutA
EnumFontFamiliesExW
UpdateICMRegKeyW
CreatePalette
CloseFigure
shell32
DragAcceptFiles
ShellHookProc
SHInvokePrinterCommandA
InternalExtractIconListW
FindExecutableW
SHGetNewLinkInfo
SHAppBarMessage
SHQueryRecycleBinW
ShellAboutA
ExtractAssociatedIconExW
SHGetDataFromIDListA
SHBrowseForFolderW
SHFreeNameMappings
SHBrowseForFolderA
SHGetPathFromIDListA
RealShellExecuteExA
SHQueryRecycleBinA
ExtractIconW
ExtractAssociatedIconW
DoEnvironmentSubstW
SheChangeDirExW
SHGetInstanceExplorer
FreeIconList
SHEmptyRecycleBinA
SHGetFileInfo
ExtractIconExA
ExtractIconA
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoA
DragFinish
SHBrowseForFolder
SHFileOperation
SHFileOperationA
SHGetSpecialFolderPathA
RealShellExecuteW
SHGetPathFromIDList
CheckEscapesW
SHChangeNotify
SHGetDiskFreeSpaceA
SHGetDesktopFolder
RealShellExecuteA
ShellExecuteExW
DragQueryFile
InternalExtractIconListA
SHGetSpecialFolderLocation
SHLoadInProc
wininet
FindNextUrlCacheEntryExA
advapi32
RegSetValueExW
RegSaveKeyW
RegEnumKeyExA
LookupPrivilegeNameA
LogonUserW
LookupAccountNameW
RegRestoreKeyW
RegOpenKeyExW
CryptAcquireContextW
LookupAccountSidW
RegSaveKeyA
RegQueryValueExW
CryptSetProvParam
RegLoadKeyW
CryptDestroyKey
RegCreateKeyA
CryptCreateHash
CryptVerifySignatureW
InitializeSecurityDescriptor
StartServiceW
RegQueryInfoKeyW
CryptEnumProvidersA
CryptHashSessionKey
GetUserNameW
CryptEnumProvidersW
RegCreateKeyExW
DuplicateTokenEx
CryptExportKey
AbortSystemShutdownW
InitiateSystemShutdownA
LookupPrivilegeValueA
CreateServiceA
RegDeleteValueW
CryptGetDefaultProviderW
LookupPrivilegeDisplayNameW
GetUserNameA
CryptEnumProviderTypesW
CryptDestroyHash
CryptSignHashA
RegFlushKey
CryptDecrypt
CryptSetProviderExW
CryptSetProviderExA
RegQueryValueW
Sections
.text Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sdata Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 284KB - Virtual size: 283KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE