34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c | Triage

Submit
Reports

Overview

overview

Static

static

34c414bf27...8c.exe

windows7_x64

34c414bf27...8c.exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c.exe

Resource

win7-20220414-en

tofsee evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c.exe

Resource

win10v2004-20220414-en

tofsee evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c
Size

104KB
MD5

b8aefed6abece4f59edf9567a0cafed5
SHA1

df318db2b549a7a6e6bf51fbf3a55627bc8a8f1c
SHA256

34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c
SHA512

c7671d6482045f57db20d9c4e5113843b32af79d0a7f04f916caa44d83a8f0a7733801d7cf202e52418432a79cbd324947a8583ae39866b5619889f4ddb69bdf
SSDEEP

1536:fzLTsmNPE4yW8DtRHh+SKSTV3IiQ7re6qxx9PNpFkBYJLm1tn18RY:mSAhh+SKSRXb9PNpFaYV6tn1

Score

N/A

Malware Config

Signatures

Files

34c414bf27ed2603e855e7ad3578a9ac86b03faa1a7db3278cedead5ffa1458c
.exe windows x86

8ee604185a24e46ce0df2a566ad5b9e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbnmpntw

ConnectionError
ConnectionWrite
ConnectionRead
ConnectionClose
ConnectionVer

advapi32

RegUnLoadKeyA
ReadEventLogA
RegRestoreKeyA
RegOpenKeyW
OpenServiceW
GetUserNameW
RegLoadKeyW
RegEnumKeyW
CryptSignHashW
RegCreateKeyExW

kernel32

CreateMutexW
VirtualFreeEx
VirtualAllocEx
GetModuleHandleA
FindClose
TlsSetValue
AddAtomA
LoadLibraryExW
GetSystemTime
GetCurrentProcessId
SetCurrentDirectoryW
LoadLibraryExA
ReadFile
InterlockedIncrement
GetShortPathNameA
CopyFileA
FindFirstFileW
OpenSemaphoreW
CreateSemaphoreA
FindAtomA
OpenFileMappingW

Sections

.code
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.ydata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rel
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy