f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8 | Triage

Submit
Reports

Overview

overview

Static

static

f274f4a0df...f8.exe

windows7-x64

f274f4a0df...f8.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8
Size

382KB
MD5

a30e6d50e5150398f8cdf5eb5bdfab2c
SHA1

60bc4daed269fdd44a0f767741b5bd175685810b
SHA256

f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8
SHA512

77cce04bc5cdc60a08d8e22c3fdd2a89f1cf03e4317a5df5570dfe5ef10d0e11e363302b92afd074502f8fedfaf88b2b7b3aa40c527a67f4171046796641d73a
SSDEEP

6144:3qv+PVRMk6y4+AGeJKiIdDjky49jypOAEWZqnKET5EIyLjRKg1gXVJiObl:w+PVRMkpAGliLy8hAEWZ+7TSHRKSgFBl

Score

N/A

Malware Config

Signatures

Files

f274f4a0dfe209dd324678338a6f899fd4607f39277c0a5401cc9b3bbd787cf8
.exe windows x86

7d30d673f2f291d4b30d3ffdb638691f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
CloseHandle
WriteFile
CreateMutexW
lstrlenA
FreeConsole
GetEnvironmentVariableA
GetStdHandle
LocalSize
CreateEventW
InterlockedExchange
GetPrivateProfileIntA
GetCommandLineW
ResetEvent
ReleaseMutex
LocalFree
SuspendThread
VirtualAllocEx
GetSystemInfo
GlobalFree

advapi32

IsValidSecurityDescriptor
InitializeSid
ControlService
RegDeleteValueA
IsTextUnicode
RegEnumKeyA
IsValidSid
ClearEventLogW
RegCreateKeyExW
CloseEventLog
CreateServiceW
RegQueryValueW
RegCloseKey
InitializeSid

dssec

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy