Trojan-Ransom[.]Win32[.]Agent[.]hsf-eba30812c62bc6fad5eafce6d5449af7b18e144e9b12d7009537dcb28ac193bd | Triage

Submit
Reports

Overview

overview

Static

static

Trojan-Ran...nt.exe

windows7-x64

Trojan-Ran...nt.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Trojan-Ransom.Win32.Agent.exe

Resource

win7-20220901-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Trojan-Ransom.Win32.Agent.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

Trojan-Ransom.Win32.Agent.hsf-eba30812c62bc6fad5eafce6d5449af7b18e144e9b12d7009537dcb28ac193bd
Size

111KB
MD5

208d8e9f907b7392ea58cff1366d825e
SHA1

13d6420039c966709c58e54db454c229d6f1c9a7
SHA256

eba30812c62bc6fad5eafce6d5449af7b18e144e9b12d7009537dcb28ac193bd
SHA512

accd7dd20e8b26f101b59d2ea5ed18f2a62775817464f1d64bcb3f147f2c73c9b52354beddf7772b447238959ec9cc6f7e6c913c3887d4ce7c10d99c83f85bd0
SSDEEP

3072:TWbGZkE7a4SJagQ6L81oZ1RA9KBsGKZgY5j:TjZ17KldCoyG6H5j

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Agent.hsf-eba30812c62bc6fad5eafce6d5449af7b18e144e9b12d7009537dcb28ac193bd
.exe windows x86

debe21e4651522a272f72ae6d2567dd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMailslotA
IsBadCodePtr
SetVolumeLabelW
GetCommandLineA
GetVersion
ReleaseMutex
SetStdHandle
WriteFile
VirtualProtectEx
HeapFree
GetDriveTypeW
FindClose
ResetEvent
GetFileType
FindClose
FindAtomA
WriteConsoleA
RemoveDirectoryA
GetModuleHandleA
CreateSemaphoreW
ExitThread
RemoveDirectoryA
SetEvent
GetSystemTime
CreateDirectoryA

uxtheme

GetThemeTextExtent
CloseThemeData
GetThemeColor
SetWindowTheme
CloseThemeData
GetWindowTheme
IsThemeActive
GetThemeSysSize
GetThemeRect
DrawThemeEdge
DrawThemeBackground
GetThemeTextMetrics
OpenThemeData

pstorsvc

Start
Start
Start
Start

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy