Basic Information:
------------------------------------------
Target OS: Windows
Target Arch: Intel 32bit
File Type: PE32 Executable
Lang: C
Size: 24K
MD5SUM: dba0a844cd98fe3488481dc1f196efd5
Test Environment:
- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
  |--> MetaDefender
  |--> VirusTotal

- Tencent HABO
- Any Run
 \
  |--> Windows 7 pro 32-bit
------------------------------------------

Functions:
----------------------------
- Windows Registry
 \
  |--> RegDeleteKeyA
  |--> RegCloseKey
  |--> RegSetValueExA
  |--> RegCreateKeyExA

- Handling windows
 \
  |--> GetLastActivePopup
  |--> GetActiveWindow

- Other
 \
  |--> GetSysteminfo
----------------------------

Abilites:
--------------------------------------------
- It opens files
 \
  |--> C:\WINDOWS\system32\winime32.dll
  |--> C:\WINDOWS\system32\ws2_32.dll
  |--> C:\WINDOWS\system32\ws2help.dll
  |--> C:\WINDOWS\system32\psapi.dll
  |--> C:\WINDOWS\system32\imm32.dll
  |--> C:\WINDOWS\system32\lpk.dll
  |--> C:\WINDOWS\system32\usp10.dll

- It opens Registry keys
 \
  |--> \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\996E.exe
  |--> \Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
  |--> \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  |--> \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
  |--> \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

- It doesnt connects any host or domain
- It doesnt changes any files or something
--------------------------------------------

Detected by:
-------------------------
- VirusTotal
 \
  |--> 31/67

- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
   \-> %100
   /
  |--> MetaDefender
   \-> %40
   /
  |--> VirusTotal
   \-> %46

- Scan Report: https://www.hybrid-analysis.com/sample/567792cf72cf3018c97d2765f5136e66ca63bdda83c01a3673acf837989ceba4/5e1380a93741f93dd94e6477

-------------------------

Linked DLL Files:
---------------------------
- user32.dll
- ADVAPI32.dll
- KERNEL32.dll
---------------------------

Used Tools During Tests:
----------------------------------------------
- Qu1cksc0pe
 \
  |--> https://github.com/CYB3RMX/Qu1cksc0pe

- Sandbox Environments
 \
  |--> https://www.virustotal.com
  |--> https://www.hybrid-analysis.com
  |--> https://app.any.run

- Strings
- Rabin2
----------------------------------------------
