47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf | Triage

Submit
Reports

Overview

overview

Static

static

47ea0dc6dd...bf.exe

windows7-x64

47ea0dc6dd...bf.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf.exe

Resource

win7-20220901-en

persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf
Size

180KB
MD5

6c6c020591a36c05e120c7dbc01eb695
SHA1

4fe7227095c3d34804dfdd338e465650f8ed8f0b
SHA256

47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf
SHA512

88d66007b7c82d8e4dce297505fd9ed12e976872798f4cebd6f39b42ff6242468748de2c0b634631884f89ac7d2c742bfdb1ff4e496c1d30485498b476a3b963
SSDEEP

3072:z2laDyd5J3M6HU0b4PTb3qXX5IsWUYb/g0PB1ToLFpgNPScrcXx/MV4KUhXaD2a2:a9c+47uXL+g0Z10L/CScryMVDYac

Score

N/A

Malware Config

Signatures

Files

47ea0dc6dd3ff046b439480aac3a479fc051dd00f0bc7e63c45a53f1028a8dbf
.exe windows x86

b8dfd34657a791df750a32a453e35f0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumValueW
RegSetValueExA
RegCreateKeyA
RegDeleteValueW

kernel32

CreateDirectoryExA
lstrlenW
CopyFileW
VirtualQueryEx
LoadLibraryExW
FindClose
lstrcmpA
MultiByteToWideChar
LoadLibraryW
LocalAlloc
DeleteFileA
CreateProcessW
EnumResourceNamesW
CreateEventW
lstrcmpiW
lstrcmpiA
GetFileAttributesA
SetFileAttributesA
FindResourceExW
GetExitCodeThread
lstrlenA
FindNextFileA
LocalFree
RemoveDirectoryA
GetTempPathA
WideCharToMultiByte
HeapSetInformation
FindFirstFileA
InterlockedCompareExchange
DeleteFileW

psapi

GetModuleBaseNameW

ole32

StringFromIID
CoCreateInstance

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy