20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994 | Triage

Submit
Reports

Overview

overview

Static

static

20a71f01fc...94.exe

windows7-x64

20a71f01fc...94.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994
Size

130KB
MD5

6e222cf7d9fb6e9a6b561ecd5a3db8a0
SHA1

29970241a6d08be901c379726c90344e04fd76ba
SHA256

20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994
SHA512

1f34f2ab6580acae13d1450572bd807000f7fa32e3888ac5f70f933a4cfbafe9eac2bdbe090c38f00cdfb9ccbd38148f4ead712b88f7b5a129f61605cd46a68e
SSDEEP

3072:UpJCHVkQh+F+kOg6IF65xw552Up7zScZkQbyxSI:eyVkkko5CnpHScZkCyZ

Score

N/A

Malware Config

Signatures

Files

20a71f01fc6e51404b29985a04af085b1d9611a1e9413103cf477fc7c159e994
.exe windows x86

347b2016feaa128adde76cd5aa586aea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetPrivateProfileSectionA
RemoveDirectoryW
GetCurrentProcess
CreateDirectoryW
GlobalLock
GetVersionExA
GetStringTypeA
HeapFree
DeviceIoControl
SetLastError
GetModuleHandleA
CloseHandle
VirtualProtectEx
LocalFlags
GetFileAttributesW
GetCurrentThread
SetCommBreak
GetPrivateProfileIntA
CreateEventA
FindClose
GetFileAttributesW

user32

IsWindow
DispatchMessageA
wsprintfW
InsertMenuA
IsZoomed
GetWindowTextW
IsDialogMessageA
PeekMessageW
GetWindowLongW
PostMessageW
LoadCursorW
SetCursorPos
SetFocus

netshell

HrCreateDesktopIcon
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

uxtheme

CloseThemeData

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy