Trojan-Ransom[.]Win32[.]Agent[.]hsf-4a1e74dd6b276a9a57d5a72ac892bac6ba51d81881080eb0f53abffc29c6715d | Triage

Submit
Reports

Overview

overview

Static

static

Trojan-Ran...nt.exe

windows7-x64

Trojan-Ran...nt.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Trojan-Ransom.Win32.Agent.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Trojan-Ransom.Win32.Agent.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

Trojan-Ransom.Win32.Agent.hsf-4a1e74dd6b276a9a57d5a72ac892bac6ba51d81881080eb0f53abffc29c6715d
Size

452KB
MD5

f2c2f317034b5762f07f0c7a3611d3ed
SHA1

167949436390aee1a4d0638dccf9df186e1cc3b1
SHA256

4a1e74dd6b276a9a57d5a72ac892bac6ba51d81881080eb0f53abffc29c6715d
SHA512

51034cf1ff07796162f804482d5dd9d9640dad32c67e9160f93de329c8d36b0b4e10d748d5c279d504551167717a677ef495cd3e69d757b92c10bb174127f3fb
SSDEEP

12288:nJXn9A7KasqYRFP2oIUIXdtghsX4Pr+pgmhEK:nJXn9A7KaeRFP24IXd6hsXxpdEK

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Agent.hsf-4a1e74dd6b276a9a57d5a72ac892bac6ba51d81881080eb0f53abffc29c6715d
.exe windows x86

dfbac834837613ecb541d8cd0e6e5cee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ResetEvent
ReleaseMutex
RemoveDirectoryA
SetVolumeLabelW
GetVersion
HeapFree
GetSystemTime
IsBadCodePtr
GetDriveTypeW
WriteFile
CreateMailslotA
FindClose
GetCommandLineA
VirtualProtectEx
CreateSemaphoreW
FindClose
WriteConsoleA
GetFileType
SetStdHandle
CreateDirectoryA
FindAtomA
ExitThread
GetModuleHandleA
RemoveDirectoryA

uxtheme

DrawThemeEdge
IsThemeActive
GetThemeColor
DrawThemeBackground
GetWindowTheme
GetThemeTextMetrics
OpenThemeData
GetThemeRect
CloseThemeData
GetThemeTextExtent
CloseThemeData
SetWindowTheme
GetThemeSysSize

pstorsvc

Start
Start
Start
Start

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy