396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3 | Triage

Submit
Reports

Overview

overview

Static

static

396eb2ec0c...a3.exe

windows7-x64

396eb2ec0c...a3.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3
Size

410KB
MD5

6c6e4ba0c3a35e08390d0455f439f8f0
SHA1

5bdb5ca39dcb12a3e9ebd4301b23e4cdf358d7f9
SHA256

396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3
SHA512

e6ce3f1c6b6e965e9f7d9c4f986058f06f308049fa5070b9cd62b7c65ca179cfce5f76922e1f29332bc1ecd66526e8d65155b281b0a12367362b63d0df4ce485
SSDEEP

6144:ckezAQXQdzuTJ4UC9A5nDVFc/hn/H3WWQwwPk06337xiSmkc99AkEjw:BtqTJ4UA+AlP4Pk3H17mkiGzE

Score

N/A

Malware Config

Signatures

Files

396eb2ec0c2d198ac3a9b6bc99873f74415b106c1c44025f2215688c33d6c6a3
.exe windows x86

f1b1cec498b1759126ef65982d30acb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalLock
FindClose
VirtualProtect
GetLocaleInfoW
RemoveDirectoryW
GetExitCodeThread
SetPriorityClass
GetModuleHandleA
MapViewOfFile
GetCurrentProcess
GetStringTypeA
FindResourceW
TlsGetValue
SetLastError
HeapFree
IsValidCodePage
GetFileAttributesA
GetFileAttributesA
GetTickCount
CreateDirectoryW
SuspendThread

advapi32

IsValidAcl
ClearEventLogW
RegEnumKeyA
RegCreateKeyExW
CreateProcessAsUserA
CreateServiceW
ControlService
RegDeleteValueA
IsTextUnicode
InitializeSid
IsValidSecurityDescriptor
RegQueryValueW
IsValidSid

msctf

DllUnregisterServer
DllUnregisterServer
DllCanUnloadNow
TF_InitSystem

rasapi32

DwRasUninitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy