d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387 | Triage

Submit
Reports

Overview

overview

Static

static

d1a420851e...87.exe

windows7-x64

d1a420851e...87.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387.exe

Resource

win7-20221111-en

persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387.exe

Resource

win10v2004-20221111-en

persistence spyware stealer upx

windows10-2004-x64

4 signatures

150 seconds

General

Target

d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387
Size

173KB
MD5

9dae15d186c82ceea872d92aeacdb2fe
SHA1

4922d10c7eb5b003d2c394b01989e7560ed79cf7
SHA256

d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387
SHA512

0069859b1916d3b6182fcbb83d7e9b4d613d6d80df021c5f0d20f87dcb6ebcf67fe50b1347fbd4a860d7c6b94cb604b40fa001c5274b72c233762eb47c9311fb
SSDEEP

3072:3LIohrkZ9BSKtwgIMCwak83Z5rSEIpkKCsP0HsQRUn8fhZZAh:3H5kDh85rsCsP0/RUe+h

Score

N/A

Malware Config

Signatures

Files

d1a420851e263c48461e8eb26348cc003df1286121184b0625156d0d1561e387
.exe windows x86

d183d89c368fbf495b52c1921fd1cfb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

rpcrt4

UuidCreate

shlwapi

GetAcceptLanguagesA
PathIsRelativeW
PathCreateFromUrlW
PathRemoveFileSpecW
UrlCreateFromPathW
PathAppendW
UrlUnescapeW
PathFindExtensionW
StrCmpIW
PathCombineW

kernel32

GetCurrentThreadId
GetCurrentProcess
GlobalFindAtomW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetLocaleInfoW
TerminateProcess
UnhandledExceptionFilter
GetProcessHeap
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetModuleHandleW
EnumResourceLanguagesA
InterlockedExchange
FoldStringW
GetCurrentProcessId
GetPrivateProfileIntW
LocalAlloc
GetStartupInfoA
SetUnhandledExceptionFilter
InterlockedCompareExchange
DeleteFileW

Sections

.text
Size: 90KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy