842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad | Triage

Submit
Reports

Overview

overview

8

Static

static

842d9adfac...ad.exe

windows7-x64

8

842d9adfac...ad.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad
Size

804KB
MD5

a0657174171ba2169c7a23d65d17a400
SHA1

cf8cfe236195284f9603c7821ccef7078e5b1488
SHA256

842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad
SHA512

1f885fec50922ef3f5cc0074c201838a594a84db541ce0792d09ba2c79348f4476fbeb5b9449190d796fb527ab3fd327627eb0e7e60132f3b057065c6ba166b1
SSDEEP

12288:PWzwSVSPRyzJ6nrR1bzOCFZGi86I6++Jmq/WB1xyPydUIkRAdmtutJF1GxIzcL:SHVS5o6nr3b3/TjIPCW7iydUfRLtYfw

Score

N/A

Malware Config

Signatures

Files

842d9adface7dac902a98dd05ca3c0bf73e6d4506a4f2969cb8b386f3ea8c3ad
.exe windows x86

a3ca40eb9f2c74e2ad635b1d4cfde30b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
GetModuleHandleA
CreateFileW
GlobalFlags
DeleteFileW
InterlockedExchange
CreateDirectoryA
GetVolumePathNameA
GetCurrentThreadId
OpenMutexA
GetFileAttributesA
GetModuleFileNameA
VirtualProtectEx
SetFilePointer
HeapDestroy
LeaveCriticalSection
DeleteFileW
LocalFree
GetConsoleMode
CreateFileW
SetFileTime
FindAtomA
OpenEventA
GetProcessHeap
GetDriveTypeW

user32

GetWindowLongA
LoadCursorA
GetSysColor
wsprintfA
GetWindowDC
IsZoomed
GetWindowLongA
DestroyMenu
PeekMessageA
DispatchMessageA
SetFocus
GetWindowTextA
MessageBoxA

dfsshlex

DllRegisterServer
DllGetClassObject
DllCanUnloadNow
DllUnregisterServer

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy