81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442 | Triage

Submit
Reports

Overview

overview

8

Static

static

81e8bcd91b...42.exe

windows7-x64

8

81e8bcd91b...42.exe

windows10-2004-x64

8

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442.exe

Resource

win7-20220812-en

persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442.exe

Resource

win10v2004-20220901-en

persistence spyware stealer upx

windows10-2004-x64

4 signatures

150 seconds

General

Target

81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442
Size

170KB
MD5

a05251817495d965703938a02ab79e17
SHA1

cc405d6455011710b14b179470e9334c4a9e74cf
SHA256

81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442
SHA512

fc17e774eec7d7ed8da5948e178c80a2468ec99c5302785c23489889366451633ae91b003313f6d558ec395e02d0be429b7ca35c977b48c0a570b0892e4ed127
SSDEEP

3072:J6gekefXoHjWWdif83587QVlseQ3G60lUe4eS1ZPPKJ7hN7xpuHE:o3NfXoHJif83XVlsIlUFbbPKjlxcH

Score

N/A

Malware Config

Signatures

Files

81e8bcd91b48d15b6285531f12b43619eebc3c98e90adc0475446932bc3e8442
.exe windows x86

91abc31fcd6ad7972f89bead5a0d3548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathSkipRootW
SHRegGetValueW
StrDupW
PathGetArgsW
PathIsUNCW
PathFindFileNameW

kernel32

GetCalendarInfoW
GetModuleFileNameW
OutputDebugStringW
DuplicateHandle
GetLastError
GetProcAddress
GetFileInformationByHandle
GetModuleHandleW
lstrlenW
MultiByteToWideChar
VirtualQuery
LocalFree
SetLastError
LocalAlloc
WideCharToMultiByte
GetModuleHandleA
EnumResourceNamesA
SetEnvironmentVariableW
CreateDirectoryW
GetProcessId
lstrcmpiW
VirtualProtect
GetCurrentThreadId
GetFileAttributesW
ExitProcess
InitializeCriticalSection
OutputDebugStringA
InterlockedExchange
FreeLibrary
GetCurrentProcess
GetCurrentDirectoryW
SearchPathW
Sleep

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy