2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d | Triage

Submit
Reports

Overview

overview

Static

static

2a39597e72...2d.exe

windows7-x64

2a39597e72...2d.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d
Size

128KB
MD5

6f6723b77bbe4e396f1bed38a9588150
SHA1

d7b44f9376910af3b6278d2f2495392487503d2f
SHA256

2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d
SHA512

e812d26dba753cf2d8411e1cc49a097333053faedd5c1bf9bb80fd0fdb16f2094ab5e8f192f5ca0ee25a1624c9f8bd907aaa37882677af950ceae725c1d1a753
SSDEEP

3072:83ZT2OnVrKBRYMLUWVQLPc9CthRwcys8VDVu64VU9QnVm:pVUE9CtPys8BVu6hQn

Score

N/A

Malware Config

Signatures

Files

2a39597e72dd1fbb00d7148343e0c2d8b6d083b2087e7ac3ef63f92ce7d7982d
.exe windows x86

8274fde8a5e9400e28fdc2d2828e85d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetLastError
RemoveDirectoryW
CreateDirectoryW
GetStringTypeA
TlsGetValue
FindResourceW
GetModuleHandleA
GetTickCount
GetCurrentProcess
GetLocaleInfoW
VirtualProtect
FindClose
GetFileAttributesA
MapViewOfFile
IsValidCodePage
GetExitCodeThread
IsBadWritePtr
GetDriveTypeW
HeapFree
GetFileAttributesA
LocalLock

user32

LoadImageW
GetWindowLongW
SetFocus
LoadStringW
PeekMessageW
DispatchMessageA
LoadCursorA
IsDialogMessageA
PostMessageW
IsWindow
SetCursor
GetWindowTextW
wsprintfW

msctf

DllUnregisterServer
DllUnregisterServer
TF_InitSystem
DllCanUnloadNow

rasapi32

DwRasUninitialize

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.import
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy