4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54 | Triage

Submit
Reports

Overview

overview

8

Static

static

4118fe5be1...54.exe

windows7-x64

8

4118fe5be1...54.exe

windows10-2004-x64

8

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54.exe

Resource

win7-20220901-en

discovery evasion persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54.exe

Resource

win10v2004-20220812-en

discovery evasion persistence

windows10-2004-x64

10 signatures

150 seconds

General

Target

4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54
Size

292KB
MD5

905b59932b1a6462ae486f6f80b51ecf
SHA1

6cb6e4f2cd785308dd0eb423c94d16da56492cd4
SHA256

4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54
SHA512

2c3007dfa6d13c7b037d644b78387d06ce8c89d62eea7e91f454afb9639e4e5fd005c2d986efa8d78e25692ec013b444be495827669fd836fa5e611a1dc1a09c
SSDEEP

3072:UHJO+cNvqUYsEvS/xQOcifEW8MIYH15oS8eS3IikJ/wT2evLhIpS3O9zaJHe:wJAMsay7VQMIooZeD/fylI79aZe

Score

N/A

Malware Config

Signatures

Files

4118fe5be1754c4468b73d4b15a99c203de8178e568a293b6f13889841859a54
.exe windows x86

6b952e33d2cbc3a1f158db6f1ded5478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsZoomed
IsWindowUnicode
GetClassLongA
GetPropW
LoadIconA
DrawStateA
PeekMessageW
PostMessageW
wsprintfA
LoadMenuW
CharToOemA
LoadCursorW
DialogBoxParamA
GetDlgItemTextW

shimeng

SE_ProcessDying
SE_InstallBeforeInit

kernel32

GetAtomNameA
LoadLibraryW
lstrcpynA
GetModuleHandleA
VirtualProtectEx
IsBadStringPtrA
GetFullPathNameW
WaitForSingleObject
CreateNamedPipeA
GetPrivateProfileIntA
GetDateFormatW
GetProcessId

wtsapi32

WTSLogoffSession
WTSRegisterSessionNotification
WTSOpenServerW
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSVirtualChannelClose
WTSVirtualChannelRead
WTSQueryUserToken
WTSSetUserConfigW
WTSVirtualChannelQuery
WTSFreeMemory

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy