4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb | Triage

Submit
Reports

Overview

overview

8

Static

static

4664eab35b...eb.exe

windows7-x64

8

4664eab35b...eb.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb.exe

Resource

win7-20220812-en

discovery evasion persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb
Size

236KB
MD5

389108513d5c21e897dd087948aa65e0
SHA1

c37fd346854ab000f750d857db7b7700d86bc666
SHA256

4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb
SHA512

3e1f7c9b95aed39fdd4c492fed6a618b031ae7cc6204bf54bd21520263199a339fcabd3bf0ae4697134bd9f0451a4b2bdf879afefefe3a01b3844a219c22e971
SSDEEP

3072:qSCP/uGOJ5NTT1uriMxOkBJSOSaa8gRZl00t9Nut6ipYhbx:SHuXJUrd0kLSaa8gRFNI6/b

Score

N/A

Malware Config

Signatures

Files

4664eab35b52f9b0e823528c0ccad97e94b28ee43ff41c94a55111fe2452a4eb
.exe windows x86

6ffb86d9bfa85a9ed25e0a4dc00280da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSendMessageA
WTSQuerySessionInformationA
WTSEnumerateServersA
WTSQueryUserToken
WTSSetUserConfigW
WTSVirtualChannelRead
WTSOpenServerW
WTSVirtualChannelClose
WTSVirtualChannelWrite
WTSEnumerateSessionsW
WTSVirtualChannelPurgeInput

user32

LoadCursorA
FindWindowA
LoadMenuW
DialogBoxParamA
PostMessageW
GetDlgItemTextW
DispatchMessageW
IsDialogMessageW
LoadIconA
CharToOemA
IsZoomed
DrawStateA
FlashWindow
PeekMessageW
GetPropW
LoadBitmapA
InsertMenuA

kernel32

LoadLibraryW
GetDiskFreeSpaceA
Sleep
GetPrivateProfileIntA
GetModuleHandleA
GetAtomNameA
GetOEMCP
MapViewOfFile
VirtualProtect
GetLogicalDriveStringsW
lstrcpynA
GetFullPathNameW
IsBadStringPtrA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy