9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8 | Triage

Submit
Reports

Overview

overview

Static

static

9a915bf53e...a8.exe

windows7-x64

9a915bf53e...a8.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8
Size

385KB
MD5

5e6254ad8724f51e1c7f384fd051d224
SHA1

893c448f8ce04a9e8d30127218847653b59e39f0
SHA256

9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8
SHA512

da1395052a58cbe0eef56aff3c4a163a0d45ea33f0ec89991f03cf5c7ceef25775387af38b6e60ffa557357ab4c987623ab7b8437e087c4e2c906c9b8b3b9bee
SSDEEP

6144:nRhgQBOi1KGZ7Njs4WO3uimJhBiX8zTM3zrKAO22j:RCQv1PhNjsiDMkzrT

Score

N/A

Malware Config

Signatures

Files

9a915bf53e6181eb771f2ea0151f77fa9d7202f8a77c073119ec7413b0fe98a8
.exe windows x86

0b2c3fc22d1b81c50eb4c1d5c8f35469

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GlobalSize
lstrlenA
GlobalFree
LocalFree
GetEnvironmentVariableW
GetStdHandle
VirtualAlloc
FindVolumeClose
CloseHandle
CreateEventA
CreateMutexA
WriteFile
GetModuleHandleW
ResumeThread
GetExitCodeProcess
GetPrivateProfileIntW
GetACP
GetCommandLineA
InterlockedExchange

advapi32

ControlService
RegEnumKeyA
RegDeleteValueA
RegCloseKey
IsValidSid
RegCreateKeyExA
ClearEventLogA
IsTextUnicode
CreateServiceA
RegDeleteKeyA
LsaClose
RegQueryValueA
IsValidAcl

mspatcha

GetFilePatchSignatureA
ApplyPatchToFileA
GetFilePatchSignatureA
GetFilePatchSignatureA
GetFilePatchSignatureA

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy