Static task
static1
Behavioral task
behavioral1
Sample
d7ea88fd26fafb77a4a50c32abfc590b1b3d817a5f624aa99f9c2579f5c15aa1.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
d7ea88fd26fafb77a4a50c32abfc590b1b3d817a5f624aa99f9c2579f5c15aa1.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
d7ea88fd26fafb77a4a50c32abfc590b1b3d817a5f624aa99f9c2579f5c15aa1
-
Size
304KB
-
MD5
3ea39c228d5a3fa7c9b73bba20d8f0a0
-
SHA1
5fdba1d8276fef5141d698cffc0249369d4f2271
-
SHA256
d7ea88fd26fafb77a4a50c32abfc590b1b3d817a5f624aa99f9c2579f5c15aa1
-
SHA512
c3a336f043a11daf9f89f60e57121ba6a41cd06769e7a0c9970a4ff2c38cd47929f651d10195214002ea5384f5b1dab7c947e0556b0d9c767d6dcaba74d436ba
-
SSDEEP
6144:CP6P0ZDdRa6/BSJ3om7lJL1sr+YRNk57rlTMztQAf4447E55O:26ex/cJ4mLZYr8FTIX444gO
Malware Config
Signatures
Files
-
d7ea88fd26fafb77a4a50c32abfc590b1b3d817a5f624aa99f9c2579f5c15aa1.exe windows x86
81bbd45be2fc97f7366ff0254811e830
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcessHeap
CreateProcessA
WaitForSingleObject
CreateEventA
WriteFile
HeapFree
WaitNamedPipeA
CreateFileA
GetCommandLineA
GetCurrentProcess
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FormatMessageA
GetModuleHandleA
lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleFileNameA
FindFirstFileA
HeapAlloc
IsBadReadPtr
VirtualQuery
GetCurrentThread
GetSystemTimeAsFileTime
SetFilePointer
SetUnhandledExceptionFilter
GetTickCount
GetFileAttributesA
UnmapViewOfFile
MapViewOfFile
TlsAlloc
TlsSetValue
GetLastError
Sleep
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
LocalFree
GetOverlappedResult
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
FindResourceA
SizeofResource
GetFullPathNameA
CopyFileA
InterlockedDecrement
lstrlenA
LoadLibraryA
GetProcAddress
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
TerminateThread
WaitForMultipleObjects
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExpandEnvironmentStringsA
TlsGetValue
FindNextFileA
RemoveDirectoryA
FindClose
CreateDirectoryA
GetWindowsDirectoryA
lstrcatA
OpenFileMappingA
InterlockedIncrement
GetDriveTypeA
DeviceIoControl
LeaveCriticalSection
CreateMutexA
OpenMutexA
SetEvent
ResetEvent
OpenEventA
GetSystemInfo
GetFileSize
ReadFile
GetVersion
FlushFileBuffers
CreateFileMappingA
DeleteFileA
GetTempPathA
SetEndOfFile
GetTempFileNameA
SetFileAttributesA
MoveFileExA
EnterCriticalSection
ReleaseMutex
user32
RegisterClassA
CreateWindowExA
GetClassNameA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
ShowWindow
DefWindowProcA
DestroyWindow
GetSystemMetrics
LoadStringA
PostQuitMessage
EnumWindows
MessageBoxA
wvsprintfA
wsprintfA
UnregisterClassA
SendMessageA
advapi32
CreateServiceA
DeleteService
OpenSCManagerA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
ControlService
OpenServiceA
RegSetValueExA
RegDeleteValueA
QueryServiceStatus
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
GetTokenInformation
OpenProcessToken
InitializeAcl
StartServiceA
oleaut32
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
VariantClear
GetErrorInfo
SysFreeString
SysAllocString
avgklib
?slash@KFolder@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?temp@KFolder@@QAEHPADPBD@Z
?__app_standalone@@3HA
??0KFolder@@QAE@XZ
?user@KFolder@@QAEHPADPBD@Z
?zeroset@@YAXPAXI@Z
?program@KFolder@@QAEHPADPBD@Z
msvcp71
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??1ostrstream@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Lock@_Mutex@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??1ios_base@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?classic@locale@std@@SAABV12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??0locale@std@@QAE@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?_Xran@_String_base@std@@QBEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?is@?$ctype@D@std@@QBE_NFD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Id_cnt@id@locale@std@@0HA
?toupper@?$ctype@D@std@@QBEDD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?eq@?$char_traits@D@std@@SA_NABD0@Z
?_Nomemory@std@@YAXXZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?id@?$ctype@G@std@@2V0locale@2@A
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
msvcr71
_purecall
memcmp
memcpy
wcscpy
strchr
strncpy
strcmp
exit
_mbsnbcat
_mbsnbcpy
_mbsrchr
_mbsicmp
strcpy
sprintf
_set_security_error_handler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnprintf
_endthread
_beginthread
getchar
atol
strlen
strcat
_ultoa
memmove
wcsncmp
wcschr
wcslen
_mbschr
_mbspbrk
_mbscmp
strstr
toupper
isxdigit
tolower
sscanf
strrchr
malloc
_callnewh
realloc
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_beginthreadex
_errno
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
memset
??3@YAXPAX@Z
free
__CxxFrameHandler
??_V@YAXPAX@Z
wcsncpy
_except_handler3
_snprintf
_strnicmp
_wcsupr
_access
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetFolderPathA
Sections
.text Size: 128KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 116KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE