2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd | Triage

Submit
Reports

Overview

overview

Static

static

2fad5fb998...cd.exe

windows7-x64

1

2fad5fb998...cd.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd.exe

Resource

win7-20220901-en

windows7-x64

1 signatures

10 seconds

Behavioral task

behavioral2

Sample

2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd.exe

Resource

win10v2004-20220812-en

teslacrypt persistence ransomware

windows10-2004-x64

12 signatures

10 seconds

General

Target

2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd
Size

348KB
MD5

96bf108af2eafc33969cfb9f8ace6a25
SHA1

f170c820fac79c4851061980b1eaa3318c3d2377
SHA256

2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd
SHA512

635d942a295da9b77fcd1e80864bf11a4fe7f6ea3075c152511be9b7e411af0ca11c67b99305ff9a40a99cc106ba613365c936f357b7e30376c7ddd01f1dc46c
SSDEEP

6144:tTyNbpChrXMCfgR0R42+YKHZaOMMQB6WCtQ+tugD3lmhcJvF:tTsparXN4g+HZafFE6gLlmhcJv

Score

N/A

Malware Config

Signatures

Files

2fad5fb99831e5e600023e5b015cba99a23cb7bfaba42e81ad2b2aa6cb8c7ecd
.exe windows x86

1f7ce4d8b254dc1e3aa64c2f219190e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
GetClassNameA
GetShellWindow

kernel32

GetCurrentThreadId
GetConsoleWindow
VirtualQuery
VirtualProtect
GetProcessId
Module32FirstW
Process32NextW
OpenProcess
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
DecodePointer
GetModuleHandleW
IsProcessorFeaturePresent
Module32NextW
GetCommandLineA
Process32FirstW
GetModuleHandleA
IsDebuggerPresent
Sleep
WriteProcessMemory
EncodePointer
ReadProcessMemory
QueryPerformanceCounter
CreateThread
GetSystemTimeAsFileTime

msvcrt

sprintf
memcpy

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy