36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb | Triage

Submit
Reports

Overview

overview

8

Static

static

36d779d703...fb.exe

windows7-x64

8

36d779d703...fb.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb.exe

Resource

win7-20220812-en

discovery evasion persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb.exe

Resource

win10v2004-20220812-en

discovery evasion persistence

windows10-2004-x64

9 signatures

150 seconds

General

Target

36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb
Size

292KB
MD5

666f63f80a9d8ee4a4c066fe24bc9db7
SHA1

bbc349f24a10e323ea73b41a696aec81cd0c1d48
SHA256

36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb
SHA512

2e25a8872e9406010b7fda2580624f7f1ed78fad92ed5caf851a0aa4eb6dbd6a179b514f28915559bf32696eef9b07206774827fdaaedc925c95d9f0d90f9e16
SSDEEP

3072:fblxmD+Be6inVkAMudddTUN5ntieRaOJgrQb14X6XBHmWnylVwo3gqq:Dl4SVi6YTa9M9wgrQejWQwo3gqq

Score

N/A

Malware Config

Signatures

Files

36d779d703f74545c299601d6f313a98a963724cda4835a678f7d8ad16d63ffb
.exe windows x86

2a5d4c00df40cc2bdaad580dc44f7888

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSetUserConfigW
WTSEnumerateServersA
WTSUnRegisterSessionNotification
WTSVirtualChannelOpen
WTSLogoffSession
WTSSetSessionInformationW
WTSVirtualChannelRead
WTSSendMessageA
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSQueryUserToken
WTSOpenServerW
WTSEnumerateSessionsW
WTSFreeMemory

kernel32

VirtualProtectEx
HeapAlloc
WaitForSingleObject
WriteConsoleW
HeapSize
GetConsoleAliasW
GetGeoInfoW
GetModuleHandleA
IsBadStringPtrA
LoadLibraryW
GetProcessId
EncodePointer

user32

GetClassLongA
GetMessageW
DialogBoxParamA
FlashWindow
LoadMenuW
InsertMenuA
GetDlgItemTextW
DrawStateA
IsZoomed
LoadBitmapA
CharToOemA
LoadCursorW
wsprintfA
ShowWindow
LoadIconA
GetPropW
PostMessageW

nddeapi

NDdeShareDelA
NDdeShareAddA
NDdeShareGetInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy