Static task
static1
Behavioral task
behavioral1
Sample
halo2.exe
Resource
win10v2004-20230221-en
General
-
Target
halo2.exe
-
Size
14.0MB
-
MD5
16b1453ee91aa4fd64735550a9aeefa0
-
SHA1
4f91aa90eb491b97e47b95ef55f9ce3464fa6513
-
SHA256
33119398d3f68ad569c5010b652039105d3ce1b6512c418508e49ce69309f109
-
SHA512
01a6db8b985a82fa5e41c258682521889a1030de9405fe714e1646fa12f10315d708080cb5875deae05f72e991ab24b400a12a26497bfc9ccae2a32856c77337
-
SSDEEP
98304:CpVImY2hbVFhrIWXy54tZVHIyZ96k7qk7qk7qk7qk7qk7qk7qk7qk7qm0VSOVMaG:CpOm5hFrQ54tv3FZZZZZZZZG/o
Malware Config
Signatures
Files
-
halo2.exe.exe windows x86
54a2ddb3a3c982201e0687293dbbe936
Code Sign
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10-01-1997 07:00Not After31-12-2020 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporationc1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10-01-1997 07:00Not After31-12-2020 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation61:47:52:ba:00:00:00:00:00:04Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16-09-2006 01:53Not After16-09-2011 02:03SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:49:7c:ed:00:00:00:00:00:05Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16-09-2006 01:55Not After16-09-2011 02:05SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16-09-2006 01:04Not After15-09-2019 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04-04-2006 17:44Not After26-04-2012 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-04-2006 19:43Not After04-10-2007 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
68:89:00:21:11:1b:72:b5:4e:f5:b9:cc:ff:2b:28:53:80:e2:56:3fSigner
Actual PE Digest68:89:00:21:11:1b:72:b5:4e:f5:b9:cc:ff:2b:28:53:80:e2:56:3fDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US29-08-2007 21:42 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
xlive
ord12
ord11
ord3
ord27
ord15
ord13
ord5
ord4
ord6
ord7
ord14
ord5230
ord5231
ord5008
ord5331
ord5011
ord5010
ord5234
ord5263
ord5314
ord5237
ord5236
ord69
ord70
ord72
ord5280
ord5303
ord5238
ord54
ord63
ord66
ord65
ord60
ord55
ord37
ord57
ord40
ord53
ord73
ord39
ord56
ord5312
ord5256
ord5251
ord5233
ord5277
ord5305
ord5344
ord5345
ord5308
ord5000
ord51
ord1
ord5310
ord2
ord52
ord5003
ord75
ord38
ord84
ord5278
ord1083
ord1082
ord5254
ord5028
ord5029
ord18
ord22
ord20
ord24
ord5326
ord5327
ord5336
ord5325
ord5330
ord5318
ord5332
ord5300
ord5276
ord5265
ord5212
ord5024
ord5022
ord5260
ord472
ord5270
ord5315
ord473
ord651
ord5262
ord5007
ord5002
ord8
ord5261
ord5252
ord5215
ord653
ord5018
ord5001
ord5030
ord5016
ord5019
imm32
ImmGetCandidateListW
ImmGetCompositionStringW
ImmAssociateContext
ImmIsIME
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmNotifyIME
ImmSetCompositionStringW
ImmReleaseContext
ImmGetVirtualKey
ImmGetCandidateListA
ImmGetIMEFileNameA
ImmGetCompositionStringA
ImmSetConversionStatus
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
sldl_dll
SLDLGetSLIDList
SLDLOpen
SLDLConsumeRight
SLDLGetLicensingStatusInformation
SLDLClose
SLDLGetInformation
SLDLInitialize
psapi
GetModuleFileNameExW
kernel32
SizeofResource
FindResourceA
GetLastError
GetCurrentProcess
SetLastError
GetTickCount
CompareStringA
lstrlenA
LoadLibraryA
IsDBCSLeadByteEx
GetLocaleInfoA
FreeLibrary
GetVersionExA
InterlockedExchange
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
GetCommandLineW
Sleep
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
VirtualProtect
SwitchToThread
GetModuleFileNameA
GetLocalTime
GlobalMemoryStatus
GetUserDefaultLangID
LockResource
LoadResource
GetCurrentThreadId
InitializeCriticalSection
ReleaseSemaphore
ReadFile
CloseHandle
LocalFree
CreateFileA
SetFilePointer
IsProcessorFeaturePresent
GetDiskFreeSpaceExA
OutputDebugStringA
CreateThread
SetThreadPriority
CreateEventA
SetEvent
WaitForSingleObject
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
TlsFree
CompareFileTime
TlsSetValue
TlsAlloc
FileTimeToSystemTime
GetSystemTimeAsFileTime
FindClose
GetFileInformationByHandle
FormatMessageA
GetFileSize
SetEndOfFile
WriteFile
GetFileSizeEx
FileTimeToLocalFileTime
PeekNamedPipe
InterlockedCompareExchange
GetSystemInfo
CreateSemaphoreA
SetUnhandledExceptionFilter
GetFileAttributesA
GetOverlappedResult
FlushFileBuffers
HeapAlloc
GetProcessHeap
HeapFree
HeapSize
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
VirtualQuery
GetACP
SetErrorMode
MapViewOfFile
InterlockedExchangeAdd
UnmapViewOfFile
GetCurrentProcessId
RtlUnwind
GetCommandLineA
GetStartupInfoA
SetHandleCount
RaiseException
TerminateProcess
IsDebuggerPresent
GetOEMCP
QueryPerformanceFrequency
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringA
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
TlsGetValue
user32
GetMonitorInfoA
AdjustWindowRectEx
SetForegroundWindow
SetFocus
EnumDisplaySettingsA
LoadIconA
SetWindowPos
GetDC
ReleaseDC
GetCaretBlinkTime
GetAsyncKeyState
GetFocus
BeginPaint
EndPaint
ShowWindow
MoveWindow
ReleaseCapture
SetCapture
ChangeDisplaySettingsA
MessageBoxA
GetKeyboardState
SetKeyboardState
ScreenToClient
SendInput
GetCursorPos
MapVirtualKeyA
GetSystemMetrics
SetCursor
GetCursor
GetDesktopWindow
TranslateMessage
PostQuitMessage
GetWindowRect
GetClientRect
DestroyWindow
LoadCursorA
GetKeyState
GetForegroundWindow
UnregisterClassA
PostMessageA
GetKeyboardLayout
SendMessageA
IsIconic
advapi32
RegCloseKey
RegGetValueA
RegSetValueExA
RegCreateKeyExA
CryptReleaseContext
CryptDestroyHash
RegOpenKeyExA
RegDeleteValueA
CryptGetHashParam
CryptHashData
CryptCreateHash
RegQueryValueExA
ole32
PropVariantClear
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
oleaut32
SysAllocString
VariantChangeType
VariantInit
SysFreeString
VariantClear
crypt32
CryptStringToBinaryW
CryptUnprotectData
CryptBinaryToStringW
CryptProtectData
pccompat
_PCC_ShowMessages@8
_PCC_SetVinceOptions@12
_PCC_Evaluate@0
_PCC_GetBooleanProperty@8
_PCC_GetIntegerProperty@8
_PCC_GetFloatProperty@8
_PCC_Uninitialize@0
_PCC_Initialize@24
d3dx9_31
D3DXCreateTextureFromFileInMemoryEx
D3DXCompileShader
D3DXCreateTexture
D3DXLoadVolumeFromMemory
D3DXLoadSurfaceFromMemory
d3d9
Direct3DCreate9
iphlpapi
GetAdaptersAddresses
winmm
timeGetTime
timeBeginPeriod
timeEndPeriod
ws2_32
socket
WSAGetLastError
select
__WSAFDIsSet
listen
bind
ioctlsocket
setsockopt
getsockopt
htons
WSAStartup
WSACleanup
connect
accept
send
recv
recvfrom
sendto
shutdown
closesocket
dsound
ord11
ord3
dinput8
DirectInput8Create
shlwapi
PathAddBackslashW
PathAppendW
mss32
_AIL_set_sample_obstruction@8
_AIL_set_sample_occlusion@8
_AIL_load_sample_buffer@16
_AIL_calculate_3D_channel_levels@56
_AIL_start_sample@4
_AIL_release_sample_handle@4
_AIL_set_sample_channel_levels@12
_AIL_set_sample_3D_position@16
_AIL_sample_status@4
_AIL_set_sample_reverb_levels@12
_AIL_sample_channel_levels@8
_AIL_set_sample_volume_levels@12
_AIL_sample_stage_property@24
_AIL_set_digital_master_reverb_levels@12
_AIL_set_room_type@8
_AIL_set_digital_master_reverb@16
_AIL_set_speaker_configuration@16
_AIL_set_listener_3D_position@16
_AIL_set_listener_3D_orientation@28
_AIL_set_3D_rolloff_factor@8
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_open_digital_driver@16
_AIL_speaker_configuration@20
_AIL_set_speaker_reverb_levels@16
_AIL_set_sample_playback_rate@8
_AIL_shutdown@0
_AIL_get_preference@4
_AIL_set_preference@8
_AIL_serve@0
_AIL_sample_buffer_ready@4
_AIL_minimum_sample_buffer_size@12
_AIL_allocate_sample_handle@4
_AIL_find_filter@8
_AIL_end_sample@4
_AIL_init_sample@12
_AIL_set_sample_processor@12
_AIL_set_sample_info@8
wtsapi32
WTSRegisterSessionNotification
WTSQuerySessionInformationA
WTSFreeMemory
mf
MFCreateTopology
MFCreateMediaSession
MFCreateAudioRendererActivate
MFCreateVideoRendererActivate
MFCreateTopologyNode
MFCreateSourceResolver
MFGetService
mfplat
MFStartup
MFShutdown
dwmapi
ord102
gdi32
PatBlt
shell32
CommandLineToArgvW
SHGetFolderPathW
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 472KB - Virtual size: 471KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6.6MB - Virtual size: 6.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 200KB - Virtual size: 196KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ