cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576 | Triage

Submit
Reports

Overview

overview

8

Static

static

cf983d564e...76.exe

windows7-x64

8

cf983d564e...76.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576
Size

804KB
MD5

0c2fdc2b9d8a484bd0c19a513db01f4a
SHA1

2ccdaddeee4508f5ba300b57868c8748b6375c95
SHA256

cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576
SHA512

0488e098d7486ae1c816c3be86f54b936172ab26d37939ca7dca4a6f1c7123c0b2e1120c3b803c5d04a8f0a9491d34c54331ab580f5ad5ff5ea264232652a61c
SSDEEP

24576:xvVuZl3cRQbJh/gYF7c52Gy/pSj0MHveR:xv+l3pbJ3F452GUk0ye

Score

N/A

Malware Config

Signatures

Files

cf983d564eef1e9aa8729843a06ffa8432fd5a402122231a5a745a0dd965a576
.exe windows x86

6bca8e467053aa12159a5ecee4c97f4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
FindAtomA
GetModuleHandleA
DeleteFileW
InterlockedExchange
GlobalFlags
DeleteFileW
PulseEvent
GetDriveTypeW
CreateFileW
CreateFileW
LeaveCriticalSection
LocalFree
SetFileTime
GetVolumePathNameA
OpenEventA
HeapDestroy
GetConsoleMode
VirtualProtectEx
CreateDirectoryA
OpenMutexA
SetFilePointer
GetFileAttributesA

user32

LoadCursorA
MessageBoxA
GetWindowTextA
DestroyMenu
GetWindowLongA
DispatchMessageA
IsZoomed
GetWindowLongA
GetSysColor
wsprintfA
GetWindowDC
PeekMessageA
SetFocus

dfsshlex

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

advapi32

IsValidSid

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy