faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da | Triage

Submit
Reports

Overview

overview

Static

static

faa9ad1869...da.exe

windows7-x64

faa9ad1869...da.exe

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da
Size

397KB
MD5

8082ecd0c5654566ed8021c070436838
SHA1

7d047c7be45b01115cfad7c8a55284658728a7fc
SHA256

faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da
SHA512

a70d5293c9f5b7513656c096c152c39919562074a031bd9a17b81ebbd55827214065a3a17989f7105b6503bf0879c6c3dd4a29b64ab8f01d2d9af861e9e0949f
SSDEEP

6144:fshKTi8VIL2o4ZX3U4t01xS/Hx1v7Gy8Qp3QFMFniA7HJwgP9U1US6:fsgTiX49kk01cnr8QpAFMFie1P4D

Score

N/A

Malware Config

Signatures

Files

faa9ad186918d1d9b92d2df35bf0b213170e7642adbd6a1c9f4e2dce1a48d7da
.exe windows x86

715a31b7436c6007b7062c8392880626

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
Sleep
TlsGetValue
GetFileTime
GlobalFree
DeleteFileA
LocalLock
GetStartupInfoA
GetProcessHeap
EnterCriticalSection
FindClose
GetModuleHandleA
LeaveCriticalSection
GetConsoleMode
CreateFileA
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSection
RemoveDirectoryW
GetModuleFileNameA
VirtualProtectEx
GetLocalTime
CloseHandle
GetDriveTypeA
GetCalendarInfoW

user32

GetWindowLongA
IsWindowVisible
GetKeyState
MessageBoxA
IsWindowEnabled
GetWindowDC
GetWindowLongA
GetSysColor
PeekMessageA
FillRect
EqualRect
DispatchMessageA
wsprintfA

cryptsvc

CryptServiceMain
CryptServiceMain
CryptServiceMain
CryptServiceMain

advapi32

IsValidSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy