Static task
static1
Behavioral task
behavioral1
Sample
b4efdd12a6d08495a893257d81d9b17e7a1eb9481d58499036175c944a76d2e7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b4efdd12a6d08495a893257d81d9b17e7a1eb9481d58499036175c944a76d2e7.exe
Resource
win10v2004-20230221-en
General
-
Target
b4efdd12a6d08495a893257d81d9b17e7a1eb9481d58499036175c944a76d2e7
-
Size
2.1MB
-
MD5
f87f9d67fe1155ac9f5b28307fa659c8
-
SHA1
daa212b84f8652af3a3965ff0a6cd37736e26a27
-
SHA256
b4efdd12a6d08495a893257d81d9b17e7a1eb9481d58499036175c944a76d2e7
-
SHA512
aa9ffbb28d06ca7d5d0639f2dd996adf7512cd16487e4c90363738c9b7d0f128487bffc2be4d1b1f65afa13eed7ac17fe2a4a9cf512c814e8678e166b8dd72e2
-
SSDEEP
49152:zzB3Ot7yKwFdoQoTByhIXwT1VtXB5n5PUR4oK1wO46YbX1U:z13e5wF+cII7n5Phd4pbXS
Malware Config
Signatures
Files
-
b4efdd12a6d08495a893257d81d9b17e7a1eb9481d58499036175c944a76d2e7.exe windows x86
8a220d4cd616a18910618572783b0931
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165
ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW
SHCreateDirectoryExW
wininet
InternetCrackUrlW
InternetGetCookieExW
iphlpapi
GetAdaptersInfo
kernel32
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
CreateFileW
Process32FirstW
Process32NextW
SleepEx
OutputDebugStringA
LocalAlloc
LocalFree
WaitForMultipleObjects
GetStartupInfoW
Module32FirstW
Module32NextW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrcmpW
GetLocalTime
CreateThread
GetSystemWindowsDirectoryW
SetEvent
CreateEventW
DeleteFileA
GetStringTypeW
EncodePointer
GetStdHandle
GetFileSize
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
VirtualFree
VirtualAlloc
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
CompareStringW
FreeResource
DebugBreak
VirtualQuery
IsBadReadPtr
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
WaitForSingleObject
SetErrorMode
SetUnhandledExceptionFilter
VirtualProtect
InterlockedDecrement
InterlockedIncrement
GetVersionExW
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
SetFilePointer
RemoveDirectoryW
GetModuleHandleW
LoadLibraryW
lstrlenW
lstrcpynW
GetTickCount
CloseHandle
FindClose
Sleep
SetLastError
GetProcessId
GetCurrentThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetShortPathNameW
GetProcAddress
FreeLibrary
WideCharToMultiByte
CopyFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
IsDebuggerPresent
GetACP
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DecodePointer
HeapCreate
OutputDebugStringW
FlushFileBuffers
ReadFile
GlobalAlloc
ExitProcess
GlobalLock
GlobalUnlock
MulDiv
InterlockedExchange
InterlockedCompareExchange
ResetEvent
GetVersion
MultiByteToWideChar
GlobalFree
SetEndOfFile
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetExitCodeThread
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
QueryPerformanceCounter
InitializeSListHead
SetFileTime
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LocalFileTimeToFileTime
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
DosDateTimeToFileTime
WriteFile
user32
GetParent
FindWindowExW
SystemParametersInfoW
IsWindow
SetWindowPos
MapWindowPoints
PostMessageW
DestroyIcon
LoadImageW
PostQuitMessage
DefWindowProcW
CharNextW
MessageBoxW
SetWindowsHookExW
SendMessageW
ShowWindow
IsWindowVisible
SetFocus
GetSystemMetrics
UpdateWindow
SetWindowTextW
SetForegroundWindow
RegisterWindowMessageW
GetDC
PtInRect
GetWindow
GetIconInfo
PeekMessageW
PostThreadMessageW
GetMessageW
IsRectEmpty
GetWindowRect
SwitchToThisWindow
EnableWindow
KillTimer
SetTimer
IsZoomed
MoveWindow
DestroyWindow
ReleaseDC
GetCursorPos
wvsprintfW
SetCursor
InflateRect
OffsetRect
LoadCursorW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsChild
UpdateLayeredWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
ScreenToClient
GetWindowLongW
SetWindowLongW
GetClassNameW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetMenu
SetPropW
GetPropW
IntersectRect
RemovePropW
IsIconic
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
CopyRect
CharPrevW
DrawTextW
SetRect
DrawIconEx
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
CreateAcceleratorTableW
InvalidateRgn
FillRect
SetLayeredWindowAttributes
RedrawWindow
GetWindowTextW
GetWindowTextLengthW
GetWindowDC
AdjustWindowRectEx
gdi32
GetTextMetricsW
SaveDC
RestoreDC
SelectObject
GetTextExtentPoint32W
GetStockObject
GetDIBits
DeleteObject
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetWindowOrgEx
TextOutW
ExtTextOutW
GetDeviceCaps
CreateSolidBrush
CreateDCW
SetDIBitsToDevice
Rectangle
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
GetObjectW
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
MoveToEx
GetClipBox
advapi32
RegQueryValueExW
OpenServiceW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
QueryServiceStatus
OpenProcessToken
OpenThreadToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
RegDeleteKeyW
DuplicateTokenEx
GetLengthSid
CreateWellKnownSid
SetTokenInformation
GetUserNameW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
OpenSCManagerW
ole32
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoInitializeSecurity
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
oleaut32
SafeArrayPutElement
VariantChangeType
SysAllocStringLen
VariantInit
VarUI4FromStr
VariantClear
SysFreeString
SysAllocString
SafeArrayCreate
shlwapi
PathFileExistsW
PathIsDirectoryW
PathCombineW
SHSetValueW
PathRemoveFileSpecW
SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathCanonicalizeW
SHGetValueW
wnsprintfW
StrCmpIW
StrStrIW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
AssocQueryStringW
comctl32
ord17
InitCommonControlsEx
_TrackMouseEvent
psapi
EnumProcessModules
EnumProcesses
GetModuleFileNameExW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
gdiplus
GdipGetPropertyItemSize
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillEllipseI
GdipCreatePath
GdipDeletePath
ord1
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipDrawEllipseI
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipLoadImageFromStreamICM
GdipGetPropertyItem
GdipDrawImageRectI
GdipClosePathFigure
GdipAddPathArcI
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
urlmon
URLDownloadToCacheFileA
secur32
GetUserNameExW
winmm
timeGetTime
crypt32
CryptBinaryToStringW
CryptStringToBinaryW
CertGetNameStringW
wintrust
WTHelperProvDataFromStateData
WinVerifyTrust
msimg32
GradientFill
AlphaBlend
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
Sections
.text Size: 938KB - Virtual size: 937KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 240KB - Virtual size: 240KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ