72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd | Triage

Submit
Reports

Overview

overview

Static

static

72b401594c...cd.exe

windows7-x64

72b401594c...cd.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd.exe

Resource

win7-20220812-en

darkcomet hf evasion persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd.exe

Resource

win10v2004-20220901-en

darkcomet hf evasion persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

General

Target

72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd
Size

383KB
MD5

4ae30f28f1acb06cc303afb107fb5242
SHA1

017ed0e76ed7daee651f88c81df2f43c986a773c
SHA256

72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd
SHA512

015292b13b5712357e9b7f33cb9097884b15578598c066a1fc5a272b8cddcfffe42bc6a9fa499ffae43ce245967ce005234ead3b50cf304f84f3666f06de8f16
SSDEEP

6144:/YpRNQuZi9+neeKGn4SBIz0Bpv/8Ykw+aS053PuLupGT1CXINTB8LgAFAl7B9w:wp/1Fxn+G8S+aL3GapyfB2GR

Score

N/A

Malware Config

Signatures

Files

72b401594c6d7674f905f8fcc187e2c8525f6b2c1c9682fafd5e1191d6a617cd
.exe windows x86

dd2e3254a193cf4be6d2ce044c38fcf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextA

gdi32

SaveDC

version

VerQueryValueA

wsock32

send

ole32

CoTaskMemFree

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

comctl32

ImageList_Add

wininet

FtpPutFileA

winmm

waveInOpen

netapi32

Netbios

gdiplus

GdipFree

msacm32

acmStreamSize

ntdll

NtQuerySystemInformation
NtUnmapViewOfSection

ws2_32

WSAIoctl

shfolder

SHGetFolderPathA

avicap32

capGetDriverDescriptionA

Sections

.MPRESS1
Size: 227KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy