e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText
Behavioral task
behavioral1
Sample
2132222792dc00ec2efdb87739a344f99a26f2f8fd274f89e904a1272121f396.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
2132222792dc00ec2efdb87739a344f99a26f2f8fd274f89e904a1272121f396.exe
Resource
win10v2004-20230621-en
Target
2132222792dc00ec2efdb87739a344f99a26f2f8fd274f89e904a1272121f396
Size
4.1MB
MD5
e1799227df799805b578efcbc689cf9c
SHA1
0a4bc74e2e2a437ae34cc5116d04f865ce0f1ae5
SHA256
2132222792dc00ec2efdb87739a344f99a26f2f8fd274f89e904a1272121f396
SHA512
a3e87fe2fd86a97be35344c6c37fc7808fc297a97a74444b626f5990d5415326ccd351da400e74c8096e5510bf323ee03c816aa3c77a46529176831e5b30713c
SSDEEP
49152:RXVKTgpPHWVVEgHztu+thX44ifGJtSqeQLgza6BDm5TN+IMUu9+d1cL+N:rPWVzArOSqeDalc6dF
Processes:
resource | yara_rule |
---|---|
sample | family_blackmoon |
Checks for missing Authenticode signature.
Processes:
resource |
---|
2132222792dc00ec2efdb87739a344f99a26f2f8fd274f89e904a1272121f396 |
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
ReadConsoleInputA
LoadLibraryA
FreeLibrary
GetStartupInfoA
CopyFileA
FindFirstFileA
FindNextFileA
LCMapStringA
GlobalLock
GlobalUnlock
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
SetFilePointer
GetModuleFileNameA
Sleep
ReadConsoleA
GetFileSize
ReadFile
CreateFileA
WriteFile
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualProtect
FlushInstructionCache
VirtualFree
lstrcpyn
GetThreadTimes
OpenThread
TerminateThread
GetExitCodeThread
CreateThread
lstrlenA
TerminateProcess
Process32Next
Process32First
DeleteCriticalSection
IsDebuggerPresent
GetProcessHeap
GetLogicalProcessorInformation
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
CreateFileW
FindClose
FindFirstFileW
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
GetDateFormatA
GetTickCount
SetConsoleMode
GetConsoleMode
GetStdHandle
InitializeCriticalSection
OpenProcess
GetCurrentProcess
ExitThread
GetCurrentThread
GlobalFree
GetCurrentThreadId
GlobalAlloc
IsBadReadPtr
lstrcmpiA
ExitProcess
VirtualAlloc
TlsSetValue
TlsGetValue
TlsAlloc
IsBadCodePtr
RtlMoveMemory
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
CloseHandle
WaitForSingleObject
CreateProcessA
GetLocalTime
LocalFree
CreateDirectoryW
LocalAlloc
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
InterlockedExchange
CompareStringW
CompareStringA
GetExitCodeProcess
GetFileAttributesA
GetLastError
GetVersionExA
GetTempPathA
lstrcpyA
SetLastError
lstrcatA
SizeofResource
LockResource
LoadResource
FindResourceA
GetTimeZoneInformation
GetVersion
GetCurrentDirectoryA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetErrorMode
lstrcpynA
InterlockedIncrement
InterlockedDecrement
lstrcmpA
GlobalDeleteAtom
FlushFileBuffers
SetEndOfFile
GlobalHandle
TlsFree
GlobalReAlloc
LocalReAlloc
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
LoadStringA
GetDlgCtrlID
GetMenuItemCount
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetLastActivePopup
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
IsWindowEnabled
EnableWindow
PostQuitMessage
GetDesktopWindow
GetWindow
PtInRect
GetWindowLongA
GetWindowTextA
GetWindowThreadProcessId
GetClassNameA
FindWindowExA
IsWindowVisible
GetParent
GetWindowTextLengthW
GetWindowTextW
GetSystemMenu
EnableMenuItem
GetWindowRect
RedrawWindow
SetWindowTextA
FlashWindowEx
PostMessageA
CharLowerA
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowPos
SetWindowLongA
GetDlgItem
SystemParametersInfoA
GetDC
ReleaseDC
SendMessageA
GetSystemMetrics
MessageBoxA
wvsprintfA
WaitForInputIdle
GetMessageA
SetForegroundWindow
IsWindow
wsprintfA
GetClassLongA
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
ScaleViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetStockObject
GetObjectA
CreateBitmap
SetViewportExtEx
DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegOpenKeyA
PathIsDirectoryW
PathFileExistsA
inet_ntoa
WSACleanup
gethostbyname
WSAStartup
listen
bind
accept
htons
select
recv
send
getpeername
ntohs
htonl
recvfrom
getsockname
closesocket
gethostname
inet_addr
socket
__WSAFDIsSet
sendto
connect
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
SysFreeString
VarR8FromCy
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
VarR8FromBool
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetOption
ClosePrinter
OpenPrinterA
DocumentPropertiesA
ord17
e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ