29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c | Triage

Submit
Reports

Overview

overview

Static

static

29dd168be2...8c.exe

windows7-x64

29dd168be2...8c.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c
Size

499KB
MD5

902e50773749d0b3b9599de577b120a8
SHA1

9204561e3f240b7095fce0613d0f11c039b85b0f
SHA256

29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c
SHA512

bdfc5d9f2084cd8256c1a8a195896e80a812d5a143be85dcd7cecc7a08976208fbb9ee39961b9c5030fdb7f941dcf793864f06f183f83f275967bdc7f0f1364e
SSDEEP

6144:y1/+A65HJx5s9XJI/5FA0OZUFgkcjNE/sLZ4P+gufZd5Yw7rc9:y1x66XJIRFA7UfcjNUYZk+Tv7

Score

N/A

Malware Config

Signatures

Files

29dd168be286970655473be54354ee534900049a542d51f0ae3a40da7f16ad8c
.exe windows x86

99076e7780563b71126bf50de3e44d38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
CancelIo
ResetEvent
TlsAlloc
GetStartupInfoA
HeapDestroy
GetModuleHandleA
CreateFileA
SetEvent
GetStdHandle
HeapCreate
GetCommandLineW
GetModuleFileNameA
ResumeThread
GetEnvironmentVariableA
CreateFileMappingA
ReleaseMutex
lstrlenA
TlsGetValue
IsBadStringPtrA

advapi32

RegQueryValueW
IsValidAcl
RegCreateKeyExW
ClearEventLogW
RegEnumKeyA
InitializeSid
CreateProcessAsUserA
IsTextUnicode
CreateServiceW
IsValidSid
ControlService
RegDeleteValueA
IsValidSecurityDescriptor

unimdmat

UmCloseModem
UmCloseModem
UmCloseModem
UmCloseModem

timedate.cpl

CPlApplet

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy