abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4 | Triage

Submit
Reports

Overview

overview

8

Static

static

abad204ec0...c4.exe

windows7-x64

8

abad204ec0...c4.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4
Size

804KB
MD5

0641eb0cd381d9a57d4787f57a151bc2
SHA1

871f17cece6c8e45e6def153091861465e04298d
SHA256

abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4
SHA512

b0a5294fcabe6972088b00c1d742675d703da0ac2c6713674cdf987af009978b8ccf875f17bfd3435392c405a2ddc558a1523436bebde4b27b5762505e5eea45
SSDEEP

24576:SySxrCM5zXf9w972RPjznUF1QmNlKsmFOWg4Nbp:6rCKzXVwFKe1QmfJ9a

Score

N/A

Malware Config

Signatures

Files

abad204ec0b808bcdf92b350ef8303539a194776891481910939f2b262b6bbc4
.exe windows x86

81a8fbb6bf58e4d52968d4d873432e60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
GlobalFlags
ReadConsoleW
GetConsoleMode
CancelIo
GetModuleFileNameA
FindAtomA
LocalFree
GetDriveTypeW
InterlockedExchange
VirtualProtect
GetModuleHandleA
CreateDirectoryA
HeapDestroy
CreateFileW
SetFilePointer
GetCurrentThreadId
GetFileAttributesA
GetConsoleAliasW
LeaveCriticalSection
GetProcessHeap
DeleteFileW
GetFileTime
DeleteFileW
CreateFileW

user32

PeekMessageA
wsprintfA
GetSysColor
IsZoomed
DispatchMessageA
GetWindowDC
MessageBoxA
GetWindowLongA
GetKeyState
GetWindowLongA
LoadCursorA
IsWindowEnabled
GetWindowTextA

devenum

DllRegisterServer
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow

advapi32

IsValidSid

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy