11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e | Triage

Submit
Reports

Overview

overview

Static

static

11d1038a60...9e.exe

windows7-x64

11d1038a60...9e.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e.exe

Resource

win7-20220901-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e
Size

137KB
MD5

903705a40a89b7cffa552156bd874df0
SHA1

dad1a64f09a38eb25c87dc8f8726ba7346af6769
SHA256

11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e
SHA512

a0d88ac4483da2d67b4792cf2bd3a21b1fe8384d426133efe204249d514ffdb13552755b47c4b272ed638d380bad4fd90de48eb1f223fd4e1759724f1a6d1c45
SSDEEP

3072:PzGNrW96sf32ZW1Mb78qTxIraB/eqPgZa2OoFQggKgC2y801SU:F2Z/b78qTxIs2qP4dSyJ1S

Score

N/A

Malware Config

Signatures

Files

11d1038a60cec1caface63f6dc3ba8b756bc664ba2cb7e33c4358bb11fab2b9e
.exe windows x86

67eae8fb8e9cad0adc141bbe1fcfd708

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FindResourceA
HeapSize
LocalLock
GetTickCount
MapViewOfFile
VirtualProtect
GetStringTypeA
GetModuleHandleA
CreateDirectoryW
IsBadWritePtr
GetExitCodeThread
GetFileAttributesA
GetFileAttributesA
RemoveDirectoryW
TlsGetValue
GetCurrentProcess
GetLocaleInfoA
GetDriveTypeW
IsValidCodePage
FindClose
SetLastError

user32

GetWindowTextW
IsDialogMessageA
SetFocus
LoadStringA
SetCursor
DispatchMessageA
PostMessageW
PeekMessageW
IsWindow
wsprintfW
LoadCursorA
LoadImageW
GetWindowLongW

msctf

DllUnregisterServer
DllUnregisterServer
DllCanUnloadNow
TF_InitSystem

rasapi32

DwRasUninitialize

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.import
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy