1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8 | Triage

Submit
Reports

Overview

overview

8

Static

static

1094ddb941...a8.exe

windows7-x64

8

1094ddb941...a8.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8.exe

Resource

win7-20220901-en

discovery evasion persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8
Size

296KB
MD5

7931080667ababc8c933fd3b412febd8
SHA1

178cb9e2ca249eb2af886d3017657a47c5bfe8ca
SHA256

1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8
SHA512

da77163341d41cea46148612c54ea7cbf905a803763992a7b55bbc699e1b1b18e6b2e6060a332e35303d279d1ccde5b78d59ef2fbdcb71f5698c0e1a039dc74f
SSDEEP

6144:xIP/p27p+TFE8Wg3hjHa/sH8xcxIWCcI3exzccccccz:xIPBUWFbT6/sHfxicI3ozccccccz

Score

N/A

Malware Config

Signatures

Files

1094ddb9416551feb325655d6b660f694c55c725cd1f2b814e42f36ca932d5a8
.exe windows x86

df66fd800d19d022a05179cf82230eeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
GetModuleHandleA
GetDiskFreeSpaceA
GetPrivateProfileIntA
ReadConsoleA
GetOEMCP
VirtualProtect
CloseHandle
LoadLibraryA
CreateNamedPipeA
GetDateFormatW

nddeapi

NDdeShareSetInfoA
NDdeShareGetInfoA
NDdeShareAddA
NDdeShareDelA

user32

GetMessageW
PostMessageW
LoadBitmapA
GetPropW
DialogBoxParamA
GetClassLongA
IsZoomed
GetDlgItemTextW
IsDialogMessageW
CharToOemA
LoadIconA
DrawStateA
LoadCursorW
DispatchMessageW
LoadMenuW
IsWindow
InsertMenuA

shimeng

SE_InstallAfterInit
SE_DllLoaded
SE_InstallBeforeInit
SE_ProcessDying
SE_IsShimDll

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy