2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c | Triage

Submit
Reports

Overview

overview

8

Static

static

2870dc1133...7c.exe

windows7-x64

8

2870dc1133...7c.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c
Size

802KB
MD5

6778624e66ceb303b01b6ec61283e700
SHA1

c19bc63d44333fa70d83bf1a545f287447a62777
SHA256

2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c
SHA512

87f724e940a3f5d9b9708c9d9784d801ccfd0f280eba478d2007072d1e076a1053c32cdc5a1112deb012e010e0ebae0acb7b846190d4f90409713eea70b51894
SSDEEP

12288:PGUp6r1wTsr6Aa/IHVWdwgwpW56tRfmtyF7TcOht2hQMcjLGVis226fiCkzip:P6RwTFIgdwnFf5Z4OS5cnkT6aC1

Score

N/A

Malware Config

Signatures

Files

2870dc11339f906a993a15a7eb53f32a4d1e9d835c6b05072932f3d41de6937c
.exe windows x86

ddbd0a05c455365302d76010459e6810

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomA
GetConsoleMode
GetVolumePathNameA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesA
GetProcessHeap
OpenMutexA
SetFileTime
OpenEventA
PulseEvent
GlobalFlags
InterlockedExchange
GetCurrentThreadId
CreateFileW
LocalFree
LeaveCriticalSection
HeapDestroy
GetDriveTypeW
SetFilePointer
VirtualProtectEx
CreateFileW
DeleteFileW
DeleteFileW

user32

wsprintfA
GetWindowLongA
IsMenu
GetWindowTextA
PeekMessageA
GetWindowLongA
DispatchMessageA
MessageBoxA
SetRect
SetFocus
DestroyMenu
LoadCursorA
DestroyIcon

dot3gpclnt

LANGPADeInit
LANGPAInit
ProcessLANPolicyEx
GenerateLANPolicy

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy