4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90 | Triage

Submit
Reports

Overview

overview

8

Static

static

4d41d85e20...90.exe

windows7-x64

8

4d41d85e20...90.exe

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90.exe

Resource

win7-20220901-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90
Size

811KB
MD5

0d89b43aa7f598142d822a8bb59d6241
SHA1

3c318571bb35b558bf69989a0ee6a74e1891c991
SHA256

4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90
SHA512

f8cb4f0a838328625a66c3673b729bf6273c7ea663b4abbe675f16a10818a258f2c8560e44836ff3721cbe472d1f498854ced551a1e29c7addeb9c0bdd873060
SSDEEP

12288:jp2QT8i4e/vIITSi1JGLZnuXYPek6BTkSW05t6Zl7QpxFb5MzleNZF8L3dHY:Vp4e/bT3yBuq05t6X8pxFQevF8LN4

Score

N/A

Malware Config

Signatures

Files

4d41d85e205dd3a0f80d1ad95e97d568010c22e3517a53b217b18889eb32cc90
.exe windows x86

091d8de69d3b7204316b1a56cf24e4b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
GetCurrentThreadId
VirtualProtectEx
RemoveDirectoryW
CreateFileA
GetStartupInfoA
GetModuleHandleA
GlobalFree
EnterCriticalSection
GetCalendarInfoW
GetLocalTime
GetProcessHeap
InitializeCriticalSection
Sleep
GetConsoleMode
CloseHandle
WriteConsoleW
GetModuleFileNameA
TlsGetValue
DeleteFileA
GetDriveTypeA
LeaveCriticalSection
GetFileTime
FindClose
LocalLock

user32

MessageBoxA
GetWindowLongA
GetWindowDC
PeekMessageA
DispatchMessageA
IsWindowVisible
IsWindowEnabled
FillRect
EqualRect
GetWindowLongA
wsprintfA
GetKeyState
GetSysColor

cryptsvc

CryptServiceMain
CryptServiceMain
CryptServiceMain
CryptServiceMain

advapi32

IsValidSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy