�`��f+\Uu2��1X�x�g�I���i�t.��������Aᘫ�(jI8�'�I�lk���v#����-�_����w���ةr6koE�(�M5�4���8���aѾ�(��O+�\���u�/���!'fM3�B���� 6�8���A�"�Ѿ��H�2Oƛ@-ɨ�����.���Z� <%�8���XXp��8f� !��N&T3�2!%�f������8E9�j��G�j�2e��dC\��b* ����)���r:'^.�۬�)�5�~uj���t2ʂ?�U��-�� ��R���Fk~Xy�-�D����F�x��UH�_s�|�>�e�j��G�7Z��9(�����R�c&������H��?��a���w�r�KCb<�nL����T�{�9����.���$�%c`��ң ���d@���G�ۋ�Q*g�(����1TβT�$�9��R��i{غ�+�WҊ�T�L��R�_V���X���o[8tkQ����:�fh[}�:t6W�i��~�a d�P*W��@����eS�s�w���kl��R�UCB� .0��"�%�-`���Ió��ۖ)��P���ǖv��� ��|r4x�otR�D���H31;nԊ@�0'pئ]-{J����B��@ ��Aၺ0���u~g���u\f�N��ʘ!�Nz��VWt_'}n��������$�MC}����P�Z�`��gCȪ��4�Rz�Ҭh�y��4M3x.�x��ŕ���k���LW����f<Kl��p�����.��F�.�W���`�� ��!� (�W��W%����/(vX��rr��s��g�Bc�_��?t�����!��m�6���c�����<&I�Ծ�{�V�Z5`��e��N��O�'��"g9����I_k�s6����%��@�\��柆����nn����k�������łR�5AH����X6�l�X �[/�>���4����&�G`����D��8k=7 �K\}�0��� B���X�����+�0��>t8s��WldI&R�����s��u�,g�Te��d�.hN�zF�;�tj�Z�]�!K��$4/�0��l�$�l��L����(�>� �ʫ�b魦>.5��{l���äwuYD����nY&[��j�A���r0�~tF}����5���(��܂#͗I���kҩr�?L�d���ԏ�W5���^�ƅ����ޅ0��Wp��hB:��g��՚O�*��V8~��o�����~��W�:��![ �# ���$�Xr%��G�S%J;��l��^�%�卙��ݿ,���Q�R:'8w�!slQ����-jA���*B9R�pR�<��";���Iir��4sNC���R�8!q�a_�\Kb .�l\�{��;��Uq����UsBJGu����t�:Q��C�i��\(�c���k�E���&5�v����o�L O� xz��W�B.u��Su��>���sE�������A�����䳫���9=��Ʊ�+��H�a��|[�w@��X��������Fr��ݷ����C�|�BH�\���w[ of?�P�uH%����үNDO#L�@aH($"�[1�!�^_�P?�}����x��Y�٤�@�0@�,���+;1�o��&����M��v�����[O+�7i6�ưv�QX���'ŷ �3���y�V�-z��Qk�p�g:�k�kI�Z��� ��-x�k����O�T ��b�O]�^R� ���4 B����}cS�� @�"�v�53�K)Dw;_���~�^��4�#��������>b�p*��� *r̅B��ݽ�"<��5L�x�X�U>fUXZ.�f *kU�H'S�ش�t����)Uz��ք K_� s#�����5�y|p�������7�?k?�r�4E|��ͨ��9X��o�i��Xfl "�#R�Ұ�����ϩ�w��A��c9���¼c�&m�L-���o��b4c�����-ۨ4w�h�|XO}R����8���� u[��/��CZ$����L�|�[��J�����y��+�K�R��n$R����*� �^v���M#�����v3!��z��ߵ%C#�r�j%)�]."Z��i>ID���1s�"Z5/|���җ 6(<CĪ�ޜ/]� � n`�[%`��7����m�u��R^6@)NoP�F�g>����~�8�|�l����:O�%6_��� �K��`0���]�$�l�LW�_� ~�� jyX�l�lU�'cV\��A�c��a\�{�*OPL&6"kad]����)1�EBeۦ�H1C/'�T;�a�I6�X^�-W���E �Z�ʧH��]'� �J��Q�[�7n# ����q�Xx=�.�����(�+e���ZZ~��`��C�Z� �k�:����ܔڢe�����FB�����*ud�u �eL�w���&����s��-�דDC6��CF��g���nV�Խ�(�Z������e�G�w���³u��O;o�����7<�},`v0�ݫ��VW$�.��+M<�_�J�Y��GŬ2��t�`��J����=kD(1�羨;�> 5������f��W��J>1��R=)v�gq�披 �`D�s�5r=���o�GN WW�N$e�����n[��և^zu�Ϋ8wX���"�C��@Q�N��_�d �q�m�{ ����+�M"Am�_?%q1Ҝ���1e�$���/ט�����{a��z��4��DUm@9��o��M�l��{z��%G74���.�hҸ�{#���Oh �_P��'o"o|N�R�Qgt@��f��?�X>�y Y�C�����,��s�W�S�dmۄ0���*������� 6�t�h}I���$s�`%k�(���#�wJ���Ȗ����Th既�Eą�9F܇����Q%5.��U���S�R@Y;NWk�7/.e�x��U:b�!���ۃb~����oJ {E� ;��#���|0�IA ��J`�bPv7�?���%V�ѐ���X<�%��^�1"6ھk=�,�+��K�θS��,�d�Q��q�:��h� �bY�c���V·BF�<�=q�2�j�u�2:5!b�"J�;��Ik
Static task
static1
Behavioral task
behavioral1
Sample
dff661724a10f8b50a9a33882699c4b20fb79c3caf16832ebfb70b9b6aeb1db1.exe
Resource
win7-20220812-en
General
-
Target
0f131923f1dcfef483d379462db488b1.bin
-
Size
6.1MB
-
MD5
434fae393f3a0dcba7cdf239a63df735
-
SHA1
abf6ba4497917eb7b126ea20b76f9bd86265a8de
-
SHA256
a754837ff13e4e87c9e44de15689d3d2ec5dc52b131cfc391d49b85936e799ee
-
SHA512
9210789e2d2a1b7abc1e7c50a675f01689ca3f4e6fe5296257632ef68d8dec39b11064487c3200c3693a27bd9418087dc9fb7b1b427d85bb71e9a6f7396c9ecb
-
SSDEEP
196608:Nok7mqJVtIx9eEl5X7qtyHukmKqHxau/L:P75VtmgElh7qtuTZq8I
Malware Config
Signatures
Files
-
0f131923f1dcfef483d379462db488b1.bin.zip
Password: infected
-
dff661724a10f8b50a9a33882699c4b20fb79c3caf16832ebfb70b9b6aeb1db1.exe.exe windows x86
Password: infected
9f95eae0e562cdd8c0f94b7ddd3234c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualAllocExNuma
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
ole32
CoCreateInstance
oleaut32
VariantInit
user32
CharUpperBuffW
Exports
Exports
Sections
.text Size: - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.F9< Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
. [u Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.FJZ Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 362KB - Virtual size: 374KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ