461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399 | Triage

Submit
Reports

Overview

overview

8

Static

static

461fc49fd5...99.exe

windows7-x64

8

461fc49fd5...99.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399.exe

Resource

win7-20220901-en

discovery evasion persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399.exe

Resource

win10v2004-20220812-en

discovery evasion persistence

windows10-2004-x64

10 signatures

150 seconds

General

Target

461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399
Size

244KB
MD5

69745bbdeca955a69a30dee1fd760670
SHA1

639a300f75ac1346c26040fdef7ae6b0ccd39d4b
SHA256

461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399
SHA512

e7f7a0a51ca25c2015d510c8506f7b004c858c5ad99ba4341a5cc056949de747c234cb809fc3d44e69153231d843ae99b9ea18dca5dc1ed51ecad5eaedeb5bf5
SSDEEP

3072:+e2HBAs5seVlE94XJYVlgt5RlX2cgRyzogpbuhqKDrmohqBP3nITTZ7SEaO5rF9T:72hAcvTEtlgt5RhXlluXs93ITTZ79l3

Score

N/A

Malware Config

Signatures

Files

461fc49fd526248833e9c97696fd1cbe7111b54fc72b09dc5eba08d276eaa399
.exe windows x86

276b2d46ba0d9a41687ca689138af630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsZoomed
CharToOemA
GetMessageW
LoadCursorW
IsZoomed
LoadBitmapA
wsprintfA
IsDialogMessageW
GetPropW
LoadMenuW
DialogBoxParamA
DrawStateA

shell32

ShellAboutA
ExtractIconA
DragQueryPoint
SHGetFileInfoA
ShellMessageBoxA
SHGetDataFromIDListA
SHFree
DragQueryFileA
FindExecutableA
DragAcceptFiles
SHBindToParent
DragFinish
SHGetDesktopFolder
DuplicateIcon
StrChrA
SHCreateShellItem
DllUnregisterServer

shimeng

SE_DllLoaded
SE_InstallBeforeInit
SE_IsShimDll

kernel32

GetFullPathNameW
CreateNamedPipeA
HeapAlloc
GetPrivateProfileIntA
VirtualProtectEx
LoadLibraryW
EncodePointer
WaitForSingleObject
GetConsoleAliasW
GetGeoInfoW
GetModuleHandleA
GetOEMCP
GetExitCodeProcess
GetCurrentProcess
MapViewOfFile

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy