2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b | Triage

Submit
Reports

Overview

overview

8

Static

static

2f0b2f513a...3b.exe

windows7-x64

8

2f0b2f513a...3b.exe

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b
Size

799KB
MD5

9107a19a4c0004938f18d5465b318b90
SHA1

4052a1bfe3f125cc65cba19c50d344de68f46a59
SHA256

2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b
SHA512

f6d0538cb260905efe088989ff4e1e900c8eacaa0dc6795d23ca75b0335fe723395d35d24ee1349cff3deab278f0ec284e847669d096c9c0b7f624ddb4f9f11e
SSDEEP

24576:eeGM0l4wdPvNfhfePXrBuwM0aqKk/7gmpsWc:jGM+PvNpfKwYaZcgYy

Score

N/A

Malware Config

Signatures

Files

2f0b2f513afc76164056abdfec35639827645a732845866603d7debc949f533b
.exe windows x86

03cf4f4032f97350ae93b43043ecd889

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetEvent
GetTickCount
CreateFileW
GetLocaleInfoA
IsValidLocale
SuspendThread
ResumeThread
VirtualProtect
HeapDestroy
GetStdHandle
GetCurrentThreadId
CreateFileW
GetModuleHandleA
SetFilePointer
LocalFlags
GetFileAttributesW
GetVersionExA
AddAtomW
OpenEventW
InterlockedExchange
LeaveCriticalSection
GetModuleFileNameA
CreateMutexA
CreateDirectoryA
lstrlenA

user32

GetWindowLongA
DestroyMenu
IsMenu
LoadCursorA
PeekMessageA
GetWindowTextA
DispatchMessageA
SetRect
MessageBoxA
IsMenu
wsprintfA
GetWindowLongA
DestroyIcon

dplayx

DllCanUnloadNow
DllUnregisterServer
DllGetClassObject
DllRegisterServer

advapi32

IsValidAcl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy