Static task
static1
Behavioral task
behavioral1
Sample
977800bd7be3c5c9f2c0dac7f4806e586d8f7b1a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
977800bd7be3c5c9f2c0dac7f4806e586d8f7b1a.exe
Resource
win10v2004-20220901-en
General
-
Target
977800bd7be3c5c9f2c0dac7f4806e586d8f7b1a
-
Size
197KB
-
MD5
e0fc8f417751440ffaf010469e00feb0
-
SHA1
977800bd7be3c5c9f2c0dac7f4806e586d8f7b1a
-
SHA256
60ab9ed50aff6e1e9978d931ed5cd0e2e37535da0b0efe9b2ef0a8f336d13f01
-
SHA512
0d93906c4e27492e74ce2f1d5229f01395a75bf2750587a904906f0d086d6aa78dd0e8be2917ee1806d3066b8e7d0a0720a215fee10acbf014f0507afe94165c
-
SSDEEP
3072:XYht641VeVZ1Vyyefg2h2jqAnAndcDeFqLPm2wADBxRoZEIUB9/MqEyWkWnLdD9w:gt6CVOJyxKjO+moBAZXUBgvnLU
Malware Config
Signatures
Files
-
977800bd7be3c5c9f2c0dac7f4806e586d8f7b1a.exe windows x86
6446beafa3a37260da496eab6b4b2d89
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
DrvGetModuleHandle
joyConfigChanged
joyGetDevCapsA
mci32Message
midiInGetNumDevs
midiOutGetErrorTextA
midiStreamClose
midiStreamOpen
mixerGetNumDevs
mmioStringToFOURCCW
timeGetSystemTime
waveInGetID
waveOutGetNumDevs
waveOutGetVolume
waveOutWrite
wid32Message
ws2_32
WSAAddressToStringW
WSAAsyncSelect
WSADuplicateSocketA
WSAEnumNetworkEvents
WSAGetServiceClassNameByClassIdW
WSAIsBlocking
WSANtohl
WSASocketA
WSASocketW
WSAStringToAddressW
WSCDeinstallProvider
WSCInstallNameSpace
__WSAFDIsSet
accept
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
inet_ntoa
ntohs
recvfrom
crypt32
CertAddCTLContextToStore
CertAddCertificateContextToStore
CertAddEncodedCRLToStore
CertAddEncodedCertificateToSystemStoreW
CertCreateCRLContext
CertDuplicateCRLContext
CertEnumCTLContextProperties
CertFindCTLInStore
CertFindExtension
CertFreeCertificateContext
CertGetCRLFromStore
CertGetIntendedKeyUsage
CertVerifySubjectCertificateContext
CryptDecodeObject
CryptMsgCountersignEncoded
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CryptSignAndEncodeCertificate
CryptSignMessageWithKey
msi
ord24
ord164
ord165
ord169
ord35
ord42
ord43
ord59
ord67
ord70
ord77
ord86
ord91
ord94
ord96
ord98
ord119
ord122
ord126
ord132
ord133
avifil32
AVIBuildFilter
AVIFileAddRef
AVIFileCreateStreamA
AVIFileEndRecord
AVIFileGetStream
AVIFileInfoW
AVIFileOpenW
AVIFileRelease
AVISaveA
AVIStreamEndStreaming
AVIStreamGetFrame
AVIStreamLength
AVIStreamReadFormat
EditStreamCopy
IID_IAVIFile
msvfw32
DrawDibClose
DrawDibOpen
DrawDibStart
GetOpenFileNamePreviewA
ICClose
ICDrawBegin
avicap32
capCreateCaptureWindowA
capGetDriverDescriptionA
kernel32
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 636B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ