79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940 | Triage

Submit
Reports

Overview

overview

Static

static

79feeaf679...40.exe

windows7-x64

79feeaf679...40.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940.exe

Resource

win7-20221111-en

pony discovery evasion persistence rat spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940.exe

Resource

win10v2004-20220901-en

pony discovery evasion persistence rat spyware stealer upx

windows10-2004-x64

22 signatures

150 seconds

General

Target

79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940
Size

267KB
MD5

b4e70fe919b407be452d6b719c4331a9
SHA1

6baf346133b7801258ffb05f7209ae4d7380afa8
SHA256

79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940
SHA512

1b1f9491ecaff4fad6796142ac110795a2f9e20b243baacab75662cbd0c863dfb6afec19d1e4beb38d3c656e97b5606e8f164a948e1aed4489b6c8ed18594b07
SSDEEP

6144:JULh83tG3LurMRcuqiULyG2x+cf3NZAWVxHud+t:oh8c3SYD1UmQaH8+

Score

N/A

Malware Config

Signatures

Files

79feeaf6797777bfd2dde88b76bf69ced309bce7cc5869d451191bd129d20940
.exe windows x86

a284634c61069d2365bd9e403558e37f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
HeapFree
IsBadWritePtr
HeapAlloc
SetLastError
VirtualAlloc
HeapReAlloc
VirtualQuery
HeapCreate
QueryPerformanceCounter
EnumSystemLanguageGroupsW
GetWriteWatch
VirtualFree
GetSystemTimeAsFileTime
HeapDestroy
TlsAlloc
TlsFree

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

user32

GetDlgItem
SetWindowTextA
LoadImageA
DestroyIcon
LoadStringA
GetWindow
CreateWindowExA
GetParent

oleacc

CreateStdAccessibleObject
AccessibleChildren

shlwapi

PathAddBackslashW

winmm

mciSendCommandA

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy