Static task
static1
Behavioral task
behavioral1
Sample
0bc398a40979805cc5b7671a8e5e2c3a.exe
Resource
win7-20230220-en
General
-
Target
0bc398a40979805cc5b7671a8e5e2c3a.exe
-
Size
322KB
-
MD5
0bc398a40979805cc5b7671a8e5e2c3a
-
SHA1
c0f445c21e13c15885adaaf75baecfead6ee41fe
-
SHA256
57284d551ca2ff8a0abcd25ee33b8d7bc54329b42dead59038be9429e2cf0bd0
-
SHA512
8ba03b52fdc1f5ffdf9d3822d7d63100951222a2fc0c162efe31a6d3444364b6036a529c9a316203e2df360d29e401d6dc783f6097b754a2bbff03fb4af72270
-
SSDEEP
6144:pIr3dfiMXAnZqskF1JPyMNmYzfAoIlni8oAGV6uIZagNP:pIxD11yQzKk8WXcP
Malware Config
Signatures
Files
-
0bc398a40979805cc5b7671a8e5e2c3a.exe.exe windows x64
74d717a617b5b98781bb59a3bf2e6a30
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegFlushKey
kernel32
EnterCriticalSection
DeleteCriticalSection
GetCommandLineW
lstrlenA
FreeLibrary
WaitForSingleObject
SetEvent
RegisterApplicationRestart
LoadLibraryW
Sleep
CreateEventW
WaitForMultipleObjects
HeapSetInformation
GetCurrentThreadId
CloseHandle
GetVersionExW
GetProcAddress
GetSystemInfo
GetFullPathNameW
WideCharToMultiByte
ReadConsoleW
ReadFile
GetProcessHeap
GetCurrentDirectoryW
WriteConsoleW
VirtualQuery
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
FlushFileBuffers
SetStdHandle
CreateFileW
SetFilePointer
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
OutputDebugStringA
FreeEnvironmentStringsW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
SetEndOfFile
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetFileType
HeapCreate
GetModuleFileNameA
WriteFile
GetCommandLineA
GetStartupInfoW
GetLastError
HeapFree
HeapReAlloc
FlsGetValue
FlsSetValue
CreateThread
ExitThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
HeapAlloc
GetModuleHandleW
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
user32
UpdateWindow
SetWindowTextW
DispatchMessageW
EnableWindow
DestroyWindow
SetTimer
GetWindowRect
PostQuitMessage
PostMessageW
KillTimer
MsgWaitForMultipleObjects
GetKeyState
SetForegroundWindow
GetFocus
DialogBoxParamW
CallNextHookEx
IsWindowEnabled
GetWindowLongPtrW
GetClientRect
SetFocus
TranslateMessage
IsDialogMessageW
LoadIconW
GetWindowLongW
PeekMessageW
GetDlgItem
EndDialog
GetDesktopWindow
SetWindowPos
CheckDlgButton
LoadStringW
ShowWindow
CreateDialogParamW
SetWindowsHookExW
AdjustWindowRectEx
UnhookWindowsHookEx
MessageBoxW
SendMessageW
comctl32
ImageList_Create
ImageList_ReplaceIcon
ord17
ImageList_Destroy
comdlg32
GetSaveFileNameW
shell32
ShellExecuteW
ole32
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
VariantInit
VariantClear
Sections
.text Size: 271KB - Virtual size: 270KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ