a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b | Triage

Submit
Reports

Overview

overview

8

Static

static

a36d1d3bd7...4b.exe

windows7-x64

8

a36d1d3bd7...4b.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b.exe

Resource

win7-20220901-en

discovery persistence spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b
Size

818KB
MD5

44495b8a5357f5ae6c17dd0dcae66890
SHA1

2fe0b797282d4e386567b79593a52bf156d1b5ca
SHA256

a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b
SHA512

b5f0544cbbfbc430081cb82a5274ee3ec858ac69492c43950a24b5b413de4c20775b7c385dd6c33ac08f4ce2847018cca77089e59a31ac716364d5b82d770bc4
SSDEEP

24576:9FRMOWq+L++vcn/k9iGT71P00LRp87OTzZDRAZj:9FRMtq+asy/k9i4/bTze

Score

N/A

Malware Config

Signatures

Files

a36d1d3bd76662569c51b1bbdb060b20035917531fff01757b74fc3bbf90ff4b
.exe windows x86

25906f2556c9d037b6ef00d060dfbfd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
VirtualAlloc
GetACP
ResumeThread
lstrlenA
GetExitCodeProcess
FindVolumeClose
LocalFree
GlobalSize
GetModuleHandleW
InterlockedExchange
GetCommandLineA
CreateEventA
GetEnvironmentVariableW
GetPrivateProfileIntW
CloseHandle
GlobalFree
WriteFile
GetStdHandle
CreateMutexA

advapi32

CreateServiceA
RegEnumKeyW
ControlService
IsValidAcl
RegCreateKeyExW
IsTextUnicode
RegCloseKey
RegQueryValueW
CloseEventLog
ClearEventLogA
RegDeleteValueA
RegDeleteKeyA
IsValidSid

amstream

DllRegisterServer
DllGetClassObject
DllRegisterServer
DllRegisterServer
DllRegisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy