8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9 | Triage

Submit
Reports

Overview

overview

Static

static

8a1e591aa4...d9.exe

windows7-x64

8a1e591aa4...d9.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9
Size

510KB
MD5

540e09b413389dbc271963e726b02cbe
SHA1

bac7b1ee2e609452f19f65326dc70615be92163c
SHA256

8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9
SHA512

40d5213974216999b4196c443d5bad31e1b0ee2e374df2c4dbf9fb8b99fe40598de48a785553f9ca6a53c05868fb16a2d8248f1cee655f3a8df224c419771631
SSDEEP

12288:QEZvsAxLkC5EFwEHecvjJeiWbtih0+ox3hJU3Q:dsELNkhdMtSyxy3

Score

N/A

Malware Config

Signatures

Files

8a1e591aa44619664b3900b2579d9d0cc9842539c6c46467fb7c96abd279d5d9
.exe windows x86

5660326214f23f7a7a4ceb692bfeba33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetStartupInfoA
HeapCreate
GetFileAttributesA
GetCommandLineA
FindAtomA
ReadFile
CloseHandle
IsBadCodePtr
TlsGetValue
GetCommandLineA
CreateFileA
HeapDestroy
MapViewOfFile
GetStdHandle
DeleteFileW
GetModuleHandleA
GetPriorityClass
DeleteAtom
GetModuleFileNameA

user32

DrawTextW
GetKeyState
CallWindowProcW
IsZoomed
DispatchMessageA
GetWindowInfo
GetClassInfoA
GetWindowLongA
DispatchMessageA
FindWindowA
GetSysColor
DestroyMenu
SetFocus
DestroyMenu

ntlanman

NPGetCaps
NPGetCaps
NPGetCaps
NPGetCaps

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy