641de7a1673ae3f2ebd87195ded1b94f1f1388f415109ad4fb98d0994d18fd8e | Triage

Submit
Reports

Overview

overview

Static

static

新生儿�...��.exe

windows7-x64

新生儿�...��.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

新生儿中菲混血，如何办理护照？.exe

Resource

win7-20220812-en

gh0strat persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

新生儿中菲混血，如何办理护照？.exe

Resource

win10v2004-20220812-en

gh0strat persistence rat

windows10-2004-x64

9 signatures

150 seconds

General

Target

641de7a1673ae3f2ebd87195ded1b94f1f1388f415109ad4fb98d0994d18fd8e
Size

992KB
MD5

5c5b81b2b0cdb4e24e1021f07c78bffe
SHA1

bca3fc7d63dfb1ca5a6dbd06f7cb0bb0dd5e76a7
SHA256

641de7a1673ae3f2ebd87195ded1b94f1f1388f415109ad4fb98d0994d18fd8e
SHA512

3a4c2a5860ac5c187387aa0f89ba3a55b93ae91db97334a4bcd2d098910ae4de3308be7700e86e198a7b9cd500d8630f4a198f48aa4980b1d01ebf82496d5b70
SSDEEP

24576:RcXFsycbOQB4AYkC8O+Rh10R5M39huo3j4hP:RcVsycbHuHkCD+Rh1OM3yo34

Score

N/A

Malware Config

Signatures

Files

641de7a1673ae3f2ebd87195ded1b94f1f1388f415109ad4fb98d0994d18fd8e
.rar
新生儿中菲混血，如何办理护照？.exe
.exe windows x86

63fae901257facfec2014ff861e9c8f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetAsyncKeyState

gdi32

GetBkMode

comdlg32

GetFileTitleA

winspool.drv

GetJobA

advapi32

SetThreadToken

shell32

DragAcceptFiles

shlwapi

PathRemoveExtensionA

oledlg

ord3

ole32

OleIsRunning

oleaut32

SystemTimeToVariantTime

Sections

.text
Size: 870KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy