b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca | Triage

Submit
Reports

Overview

overview

7

Static

static

b2d32faad4...ca.exe

windows7-x64

7

b2d32faad4...ca.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca.exe

Resource

win7-20220812-en

spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca.exe

Resource

win10v2004-20220812-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

General

Target

b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca
Size

133KB
MD5

0d207b1722ede0df9c1d528c661dd810
SHA1

a0e848ef71316d419733c87de26dbeab6450eb55
SHA256

b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca
SHA512

23b640fc309c102d49bf45dfd5ca0c1e8d388f8c831e9287400190d698fdd57fc275ec2fc572a488975c7265a7097e4a195425a4159290ce92021c77ef4c3a33
SSDEEP

3072:O7/+dXz7uphtpppEH8yDiV0YLVWByh4SpGb6PM2yEzw88LEEqKnor4+:OLkziTMcZLyLiS6ryEzYEEqKorR

Score

N/A

Malware Config

Signatures

Files

b2d32faad4a34eed6d8f32269449f58eecacd4f21b3f4ab0edf67d2af61fc3ca
.exe windows x86

4017ddb9255f621410bca4cdf99b7028

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
LoadLibraryA
CreateFileMappingA
LocalAlloc
LocalFree
CreateThread
lstrcpyA
SwitchToThread
TerminateProcess
ExitProcess
Sleep
InitializeCriticalSection
GetModuleHandleW
WaitForSingleObject
MapViewOfFile

ntdll

NtSetInformationThread
memset

user32

OpenClipboard
GetActiveWindow
EmptyClipboard
WindowFromPoint

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegCloseKey

ole32

CoInitialize

comctl32

ord17

Exports

Exports

?ThrFunc@@YGKPAX@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.core
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy