6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4 | Triage

Submit
Reports

Overview

overview

8

Static

static

6150450f81...f4.exe

windows7-x64

8

6150450f81...f4.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4
Size

804KB
MD5

1f92c7e9abd79b575685a772c3f45400
SHA1

ab312f705c87fc82e58eb1304697e042f9390314
SHA256

6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4
SHA512

9960f8a02a0b31ca9bc6f3150d3a0c65e842f5f8c1bad41f490bc8f6d26b80533a1a2a3cdd5a647edad8de468618fb1f4eea5bab7332e61d0b579e898c427425
SSDEEP

24576:XOB0lpHboCWwtVOcN/kC6r5FONzhDLiiMEoH:XpyCxtlNur58zhiv

Score

N/A

Malware Config

Signatures

Files

6150450f816467b14f2d0ce279e9fc254ab7824fe361136475327500fc7edaf4
.exe windows x86

c4314fb3a9d9098061a5241b42789ab6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetDriveTypeW
GetModuleFileNameA
GlobalFlags
GetModuleHandleA
PulseEvent
SetFilePointer
GetProcessVersion
AddAtomA
GetVolumePathNameA
GetFileAttributesA
IsValidLocale
CreateDirectoryA
OpenMutexW
OpenEventW
CreateFileW
SetFileTime
GetTickCount
InterlockedExchange
CreateFileW
VirtualProtectEx
LeaveCriticalSection
GetCurrentThreadId
DeleteFileW
HeapDestroy
DeleteFileW

user32

SetFocus
GetWindowLongA
PeekMessageA
SetRect
LoadCursorA
DispatchMessageA
wsprintfA
MessageBoxA
DestroyIcon
GetWindowTextA
GetWindowLongA
IsMenu
DestroyMenu

dbnetlib

ConnectionOpen
InitSession
ConnectionClose
ConnectionError

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy