6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3 | Triage

Submit
Reports

Overview

overview

Static

static

6a9847b7dc...a3.exe

windows7-x64

6a9847b7dc...a3.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3.exe

Resource

win10v2004-20221111-en

pony collection discovery rat spyware stealer

windows10-2004-x64

8 signatures

150 seconds

General

Target

6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3
Size

195KB
MD5

0755d84ac8ae378be13bddb2832d7120
SHA1

53bfdd2091d36cb511176e7363bece30045c375d
SHA256

6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3
SHA512

f942731414006a5051e0f2a0a5a2ba44ed4b2f2775cfbde28036c4d61a0ab4fa244742fb1946a511dc175d4deb23ba6cace1d896bb60e3e2484c467fbce6cc22
SSDEEP

1536:RoLRrTcJdvxL884lwA+a+gnhRVnt8+3wGiEn75QanRfsviEHC5lxpOio/7n/cKhR:mlT9z8atntIG/75QMR5DpAL3hvZ

Score

N/A

Malware Config

Signatures

Files

6a9847b7dc48724cf66946e9e76de90c6f1356d512e92eeb3e1cf40ecac403a3
.exe windows x86

2df3adacc01ca4a7e19f26220b975ccf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
CreateFileW
GetProcAddress
LoadLibraryA
CloseHandle
VirtualAllocEx
lstrcatW
GetCommandLineA

user32

GetSysColor
GetWindowLongW
DefWindowProcW
LoadCursorW
LoadStringW
MessageBoxW
GetParent
RegisterClassW
SetFocus
SetForegroundWindow
SetWindowLongW
wsprintfW
LoadIconA
GetDlgItem
GetClientRect
EndPaint
EndDialog
MoveWindow
DestroyWindow
CreateWindowExW
BeginPaint
GetWindowRect

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW

comctl32

PropertySheetW
CreateStatusWindowW

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_wcsicmp
_wcsnicmp
exit
wcschr
wcsstr
memcpy

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy