Static task
static1
Behavioral task
behavioral1
Sample
emxsubxrly.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
emxsubxrly.exe
Resource
win10v2004-20230220-en
General
-
Target
emxsubxrly.exe
-
Size
48KB
-
MD5
a8e92432a6d3db1e622cd978b15574df
-
SHA1
c280695e11558a9ce8ab2501ababa0efbbd3fd1a
-
SHA256
abb0c254af8eb37c57497c9979f768678a1f535cd02c5b4cb203da7368db7179
-
SHA512
46b5e1bde0b43cc6b4fdf5a7326b3d2f8cdb9793f93587358a5da42c6718c1e7fca5afede8b76c3c01cb336f8fadf7ce117f8fc0790b25d6142a47a38e092c64
-
SSDEEP
768:nElw1Y4BHTcqBdTZoeP9oWyccsndAypch52raDP4IEDqXnnFXUe:nEgPtBnRoWEsni/5aaDPxnp
Malware Config
Signatures
Files
-
emxsubxrly.exe.exe windows x86
340d3989b9d9f608b52ac40652144f10
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord17
imm32
ImmEscapeW
ImmConfigureIMEA
ImmSetCompositionFontW
ImmGetCompositionFontA
ImmSetOpenStatus
kernel32
WaitForSingleObject
CreateProcessW
Wow64DisableWow64FsRedirection
IsWow64Process
GetCurrentProcess
GetCommandLineW
VirtualAlloc
Sleep
GetTickCount
GetProcessHeap
SetEndOfFile
HeapSize
LCMapStringW
WriteConsoleW
CreateFileW
CloseHandle
FlushFileBuffers
SetStdHandle
LoadLibraryW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
GetExitCodeProcess
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
RtlUnwind
SetFilePointer
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
ReadFile
MultiByteToWideChar
GetModuleFileNameW
GetStdHandle
WriteFile
GetProcAddress
HeapCreate
TerminateProcess
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
HeapReAlloc
HeapAlloc
HeapFree
GetLastError
ExitProcess
Wow64RevertWow64FsRedirection
GetModuleHandleW
SetLastError
GetCurrentProcessId
setupapi
SetupPromptForDiskW
SetupDiCreateDevRegKeyW
SetupDiGetDriverInfoDetailA
SetupDiDestroyClassImageList
resutils
ResUtilSetBinaryValue
ResUtilGetResourceDependency
ResUtilDupParameterBlock
ResUtilSetSzValue
ResUtilResourceTypesEqual
ResUtilGetProperty
ClusWorkerStart
ResUtilSetPrivatePropertyList
ResUtilIsPathValid
ResUtilStopResourceService
ClusWorkerCreate
mpr
MultinetGetConnectionPerformanceW
WNetGetUserA
WNetCancelConnectionW
WNetGetConnectionA
WNetCancelConnectionA
WNetAddConnection2A
WNetEnumResourceW
WNetGetConnectionW
WNetGetProviderNameA
msi
ord38
ord54
ord63
ord155
ord154
ord162
ord164
ord57
msacm32
acmDriverRemove
acmFormatSuggest
acmStreamReset
acmFormatDetailsW
acmDriverMessage
acmFilterChooseA
acmFormatTagEnumW
acmFilterEnumW
loadperf
LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA
user32
LoadStringW
DestroyMenu
PostMessageW
GetParent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE