3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d | Triage

Submit
Reports

Overview

overview

8

Static

static

3b5c732f6e...8d.exe

windows7-x64

8

3b5c732f6e...8d.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d.exe

Resource

win7-20220901-en

discovery evasion persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d.exe

Resource

win10v2004-20220812-en

discovery evasion persistence

windows10-2004-x64

10 signatures

150 seconds

General

Target

3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d
Size

268KB
MD5

60c9b40b434f76a04017239e901d4516
SHA1

7de2722fd3a5c3bd4b09e9cd84ddafc0a4da5075
SHA256

3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d
SHA512

49ef4c6a5bb29b552018ed107b0ed5aeabf9fbe649f0cb06724c02dc8e97b9052039a9198c1b5d1e819538c431bbe4046ae053a5bd556ec88a73397d18d0c817
SSDEEP

3072:lH4arH0JyuLCFA1LN/LofrYKhefExb6tH5/s20PmTEzbWDLRby5r4vS/uB+zu4lr:lxrq+aZovYs4a20PRJ5r4vYzHlA9i

Score

N/A

Malware Config

Signatures

Files

3b5c732f6efdd642caef5d6fedb609eb25acadc31be3c1b7efec2699a013558d
.exe windows x86

0f1f8fe0cec9719c0182b1929f1be6c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shimeng

SE_IsShimDll
SE_InstallAfterInit
SE_ProcessDying

user32

LoadCursorW
DrawStateA
DispatchMessageW
GetDlgItemTextW
InsertMenuA
IsZoomed
PostMessageW
CharToOemA
LoadIconA
wsprintfA
IsZoomed
GetPropW
PeekMessageW
DialogBoxParamA

shell32

SHGetDesktopFolder
DuplicateIcon
SHGetMalloc
SHCreateShellItem
SHFree
SHChangeNotify
FindExecutableA
SHGetDataFromIDListA
DragQueryFileA
SHGetDiskFreeSpaceA

kernel32

CreateNamedPipeA
GetModuleHandleA
HeapSize
WaitForSingleObject
VirtualProtectEx
LoadLibraryW
HeapAlloc
GetConsoleAliasW
IsBadStringPtrA
GetCommandLineA
ReadConsoleA
GetOEMCP

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy