534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9 | Triage

Submit
Reports

Overview

overview

Static

static

534a613687...f9.exe

windows7-x64

534a613687...f9.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9.exe

Resource

win7-20220901-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9
Size

126KB
MD5

90fd919861cb40e6f62f05d1dd9413f0
SHA1

74eed320963bd68d85fdea2cff7f79fffa916342
SHA256

534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9
SHA512

2bb4b2c03c1f3952c6be32e38b029156c833d3f694c54bbf326e9fee5d224ad91ab4af22492a9c0c7109952797e5c642d7901ce6a32ff8834b2ae847485ae325
SSDEEP

3072:gW7gXkqwV5kJwbfAk3A71+GuuNBLYQAdED:gwgXC5awbfTAJ+Gu4YQA6

Score

N/A

Malware Config

Signatures

Files

534a61368777a359303daa50b42a508d5c9795d69f766700436486dee54eddf9
.exe windows x86

0d292103b6690927c653a4b60b634fe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetFileAttributesA
MapViewOfFile
HeapSize
CreateDirectoryA
CreateMailslotW
GetModuleHandleA
IsValidCodePage
CancelIo
GetExitCodeThread
ResetEvent
GetTickCount
VirtualProtect
GetFileAttributesA
GetLocaleInfoA
GetProcessHeap
SetLastError
RemoveDirectoryA
GetDriveTypeW
IsBadWritePtr
FindResourceA
FindClose

user32

GetWindowTextW
DispatchMessageA
IsWindow
SetFocus
SetCursor
PeekMessageA
PostMessageW
GetWindowLongW
GetCapture
LoadCursorA
LoadImageW
wsprintfA
IsDialogMessageA

ipsmsnap

DllCanUnloadNow
DllGetClassObject
DllGetClassObject
DllUnregisterServer

rasapi32

DwRasUninitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.import
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy