Static task
static1
Behavioral task
behavioral1
Sample
22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5.exe
Resource
win10v2004-20240910-en
General
-
Target
22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5
-
Size
3.2MB
-
MD5
e3b085bf28df48a7a6dd82951c3fc230
-
SHA1
d97c2076e1631e8e9d700956ed6c572eb06e128d
-
SHA256
22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5
-
SHA512
fe0b7875ee7bf02722764a3faa734e71e043a21ce8dcf3e704877b25ae2668eb34446f5faf019918c311992697553637ba19730b72e6a10d1fd368e5457a26c9
-
SSDEEP
49152:ZqWhPfNFihb7HukfbzdD0Jw2Kq1RULSbV3cQmPfbzPZgkEYdY/:ZqWhnXQbdDzR0J+qtpUHW
Malware Config
Signatures
-
Embeds OpenSSL 1 IoCs
Embeds OpenSSL, may be used to circumvent TLS interception.
resource yara_rule sample embeds_openssl -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5
Files
-
22c923e3278b0a1df89b782cebb153d66204f2aa51a0e89a36e2de21fa25afc5.exe windows:6 windows x86 arch:x86
41569fdaca3539cbc8cf5eb1e7d71dac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
crypt32
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CryptStringToBinaryA
wldap32
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
kernel32
GetProcAddress
MultiByteToWideChar
GetEnvironmentVariableW
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetSystemTimeAsFileTime
VirtualFree
WideCharToMultiByte
GetACP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
SwitchToFiber
DeleteFiber
CreateFiberEx
Sleep
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventW
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleA
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
GetStringTypeW
GetLastError
WriteFile
GetFileType
GetStdHandle
QueryFullProcessImageNameW
GetCurrentProcessId
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
GetFileSizeEx
GetModuleHandleW
DecodePointer
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetFilePointerEx
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
ExitProcess
RaiseException
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
user32
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
advapi32
CryptHashData
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
DeregisterEventSource
bcrypt
BCryptGenRandom
ws2_32
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
getaddrinfo
bind
ioctlsocket
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
closesocket
connect
listen
setsockopt
socket
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
freeaddrinfo
gethostname
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
htonl
__WSAFDIsSet
htons
WSAGetLastError
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 631KB - Virtual size: 631KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ