Basic Information:
------------------------------------------
Target OS: Windows
Target Arch: Intel 32bit
File Type: PE32 Executable
Lang: C
Size: 78K
MD5SUM: 308051a5378fa9e41b3b155178ad9a28
Test Environment:
- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
  |--> MetaDefender
  |--> VirusTotal
------------------------------------------

Functions:
------------------------------------
- Registry
 \
  |--> RegOpenKeyExA
  |--> RegQueryValueExA
  |--> RegQueryValueExA
  |--> RegQueryValueExW
  |--> RegCloseKey
  |--> RegEnumKeyExA
  |--> CLSIDFromProgID

- File
 \
  |--> CreateDirectoryA
  |--> CreateFileA
  |--> RemoveDirectoryA
  |--> ReadFile
  |--> WriteFile
  |--> DeleteFileA
  |--> LoadResource
  |--> SetFilePointer
  |--> GetModuleFileNameA
  |--> GetFileAttributesA
  |--> GetFileSize
  |--> SHGetFolderPathA
  |--> SetCurrentDirectoryA

- Networking/Web
 \
  |--> PeekNamedPipe
  |--> CreatePipe

- Keyboard
 \
  |--> GetForegroundWindow

- Process
 \
  |--> CreateThread
  |--> HeapAlloc
  |--> HeapFree
  |--> ExitProcess
  |--> GetExitCodeProcess
  |--> TerminateProcess
  |--> CreateProcessA
  |--> GetProcessHeap
  |--> GetCurrentProcess

- Handling modules/resources
 \
  |--> LoadResource
  |--> GetModuleHandleA

- Evasion/Bypassing
 \
  |--> GetTickCount

- COMObject
 \
  |--> CoInitialize
  |--> CoCreateInstance
  |--> CoGetObject
  |--> CoUninitialize

- Information Gathering
 \
  |--> GetCurrentDirectoryA
  |--> GetVersion
  |--> GetCommandLineA
  |--> GetSystemDefaultLCID
  |--> GetConsoleScreenBufferInfo
------------------------------------

Abilities:
------------------------------------------------
- When it runs it tries to modify Windows hosts
- It has child processes
 \
  |--> cmd.exe
  |--> find.exe

- Allocates virtual memory in a remote process 
- Manipulates files
- It communicates malicious hosts
------------------------------------------------

Connections:
------------------------------------
- http://x.acme.com
 \
  |--> Offline

- http://rhino.acme.com
 \
  |--> Offline
------------------------------------

Detected by:
------------------------------------
- VirusTotal
 \
  |--> 55/73

- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
   \-> %80
   /
  |--> MetaDefender
   \-> %66
   /
  |--> VirusTotal
   \-> %75

- Scan reports
 \
  |--> Hybrid Analysis
   \-> https://www.hybrid-analysis.com/sample/d8c5b92350dba297b8d2eb811f9ad32eaa30c81f2237dbfae54e78717c12f098
   \-> https://www.hybrid-analysis.com/sample/d8c5b92350dba297b8d2eb811f9ad32eaa30c81f2237dbfae54e78717c12f098/5ed4e53bf82bea2f0836ec26
   /
  |--> VirusTotal
   \-> https://www.virustotal.com/gui/file/d8c5b92350dba297b8d2eb811f9ad32eaa30c81f2237dbfae54e78717c12f098/community
------------------------------------

Linked DLL Files:
------------------------------------
- KERNEL32.DLL
- ADVAPI32.dll
- ole32.dll
- OLEAUT32.dll
- SHELL32.dll
- SHLWAPI.dll
- USER32.dll
------------------------------------

Used Tools During Tests:
----------------------------------------------
-  Qu1cksc0pe
 \
  |--> https://github.com/CYB3RMX/Qu1cksc0pe

- Sandbox Environments
 \
  |--> https://www.virustotal.com
  |--> https://www.hybrid-analysis.com

- Strings
- Rabin2
----------------------------------------------
