35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a | Triage

Submit
Reports

Overview

overview

Static

static

35d07a97cf...9a.exe

windows7-x64

35d07a97cf...9a.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a
Size

383KB
MD5

5a5efff5979c1fed393e0831af2c05c6
SHA1

dd2aa36ac10b3cdf16919572661fb28612b82a0d
SHA256

35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a
SHA512

4ab9c31531445982c06a7f1b6bbbf38e73b053bf71d7fa45b033a633abc57f5f924a1ce2c00a311f42ddf0a1e6cfdf9948ab9dfdd9a4ceccc7ed326c59c688a0
SSDEEP

6144:U/TqETmgQBOi1KGZ7Njs4WO3uimJhBiX8zTM3zrKAO22j:U/XPQv1PhNjsiDMkzrT

Score

N/A

Malware Config

Signatures

Files

35d07a97cf5c418356a9be0c12781c3c3841fd9dc1db755e4c47307c083c209a
.exe windows x86

9d624cb7397caaf806ebad925b4704f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
GlobalSize
ResetEvent
GetCommandLineA
GetExitCodeProcess
lstrlenA
WriteFile
LocalFree
FindVolumeClose
GetStdHandle
GetEnvironmentVariableW
GetModuleHandleW
InterlockedExchange
CloseHandle
GlobalFree
GetPrivateProfileIntW
ResumeThread
CreateMutexA
GetACP
VirtualAlloc

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
IsValidSid
IsValidAcl
IsTextUnicode
ClearEventLogA
LsaClose
CreateServiceA
RegEnumKeyA
RegDeleteValueA
RegQueryValueA
ControlService

mspatcha

GetFilePatchSignatureA
GetFilePatchSignatureA
ApplyPatchToFileA
GetFilePatchSignatureA
GetFilePatchSignatureA

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy