28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d | Triage

Submit
Reports

Overview

overview

8

Static

static

28677c9b31...5d.exe

windows7-x64

8

28677c9b31...5d.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d
Size

798KB
MD5

3a9ba8acf3f513fe386c3790880a2133
SHA1

fb903b617756b8dfe5c584d73c58ed78f20c8951
SHA256

28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d
SHA512

b3839d6940c262b7512d70981d62c96d40e17272dbaaa55e426ee494cd586ddfab8f6bb0b21976fe586f6e5a21e9d4f7f9742a230e757e26ec714d3a2ccbd49d
SSDEEP

24576:MKSRUnwZCA7eFjXoPQG5BfwiqMfLe6i9tQLEFh+QBMk:MKSRUwZCYeFjYPQEBfwiqMyVDQ6hPBM

Score

N/A

Malware Config

Signatures

Files

28677c9b31e45c8815d2b574b8e5814c602c04c1823ad5f3bc0da246048be95d
.exe windows x86

6404b4afaebbe3e7437adc0053f20e8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InterlockedExchange
GetModuleFileNameA
GetTickCount
CreateMutexA
CreateFileW
ResumeThread
GetStdHandle
SetEvent
HeapDestroy
LocalFlags
IsValidLocale
GetLocaleInfoA
SetFilePointer
LeaveCriticalSection
VirtualProtect
GetFileAttributesW
GetVersionExA
CreateFileW
GetModuleHandleA
AddAtomW
CreateDirectoryA
SuspendThread
GetCurrentThreadId
OpenEventW
lstrlenA

user32

DestroyIcon
wsprintfA
IsMenu
SetRect
DispatchMessageA
DestroyMenu
GetWindowLongA
LoadCursorA
PeekMessageA
MessageBoxA
GetWindowLongA
IsMenu
GetWindowTextA

dplayx

DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer

advapi32

IsValidAcl

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy