cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b | Triage

Submit
Reports

Overview

overview

Static

static

cfdfcbaef2...4b.exe

windows7-x64

cfdfcbaef2...4b.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b
Size

499KB
MD5

832aac749ce5ea5933ae92dd7cdbe87c
SHA1

1b9af5d060e4fcf3c5ef07f5496edda839c8182a
SHA256

cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b
SHA512

c91da764eda9d3bafe31fd6f38b84c802520e2f9884796978a3b4f191060457d7857b490cb990bc2573c2ecfd62861e15c0b315ac3d7e9f93743ff931954fa44
SSDEEP

6144:u0V/+A65HJx5s9XJI/5FA0OZUFgkcjNE/sLZ4P+gufZd5Yw7rc9:u0Vx66XJIRFA7UfcjNUYZk+Tv7

Score

N/A

Malware Config

Signatures

Files

cfdfcbaef288dbad905a88d80610896337a0c7b97644ad39895339327a6d6f4b
.exe windows x86

5ac92ff1c120f35fdaf22db4d8cf7a91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ReleaseMutex
GetStdHandle
HeapDestroy
GetEnvironmentVariableA
lstrlenA
TlsAlloc
CreateFileA
CancelIo
GetACP
GetModuleHandleA
TlsGetValue
GetModuleFileNameA
GetStartupInfoA
IsBadStringPtrA
ResumeThread
HeapCreate
ResetEvent
CreateFileMappingA
GetCommandLineW

advapi32

ClearEventLogW
IsValidSid
RegDeleteValueA
IsValidAcl
ControlService
InitializeSid
RegCreateKeyExW
RegQueryValueW
IsTextUnicode
IsValidSecurityDescriptor
RegEnumKeyA
CreateServiceW
CreateProcessAsUserA

tspkg

SpLsaModeInitialize
SpLsaModeInitialize
SpLsaModeInitialize
SpLsaModeInitialize

timedate.cpl

CPlApplet

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy