c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89 | Triage

Submit
Reports

Overview

overview

8

Static

static

c4babd9748...89.exe

windows7-x64

8

c4babd9748...89.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89
Size

799KB
MD5

6c1afff30ca997510b4d13cfc7dd3260
SHA1

10662fe3ce281100ed6646245403cfdbf10339f1
SHA256

c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89
SHA512

230f1ada8e48f959e5781f1b3cf1360f5d58a44aed12cda8faa10c17f2b4ea662ebbcb13f487ad1137af4ea22c721eae451ed89306f17514006817531d071d58
SSDEEP

24576:dRMZ6KQWortrn8GknFaU7SxB5jzw9N1P:dR0hQW2rn80xBC/

Score

N/A

Malware Config

Signatures

Files

c4babd97485adec5e8124afbb8c1c2318e8bdd0eb76b68d9afa8adda4841ed89
.exe windows x86

a179ea0664c673ff92ed9954401ccca6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLocaleInfoA
CreateDirectoryA
GetCurrentThreadId
IsValidLocale
ResumeThread
lstrlenA
CreateMutexW
SetEvent
SetFilePointer
LeaveCriticalSection
GetVersionExA
GetStdHandle
HeapSize
CreateFileW
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetProcessHeap
CreateFileW
SuspendThread
VirtualProtect
GlobalSize
HeapDestroy
IsBadReadPtr
GetPriorityClass

user32

SetCursor
DestroyMenu
DrawIcon
GetScrollInfo
SetRect
LoadCursorA
PeekMessageA
GetWindowLongA
GetWindowTextA
DestroyIcon
GetWindowLongA
wsprintfA
DispatchMessageA

duser

GetGadgetRect
GetDebug
GetGadgetFocus
GetGadget

advapi32

IsValidAcl

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy