ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657 | Triage

Submit
Reports

Overview

overview

8

Static

static

ef89047e6b...57.exe

windows7-x64

8

ef89047e6b...57.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657
Size

822KB
MD5

bfbc511d216aa5888eea85cbbc13d995
SHA1

747716bae609f7b6a93e02c661c0367d5de66760
SHA256

ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657
SHA512

10db72a09f47f1e51eef6d2ea6f7255b90070560f1faeff6887ebc627a236aab3583ab8057b0b2c972b5681356d370b97e2e424ed5a497881ccca3cbd42957e9
SSDEEP

24576:CbU6z7ZgTln2zn/vLIjxRiD8r4YAFT5Ms2qKnQ:CbUB2zn3uiDsQCaKn

Score

N/A

Malware Config

Signatures

Files

ef89047e6b93a83ad1e5ae115f1b138e3af64b0356a420d87649e7c2d64a8657
.exe windows x86

d2120d8062e3823c0c9839b9c10ec232

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ResetEvent
lstrlenA
GetModuleHandleW
GetDriveTypeW
InterlockedExchange
GetExitCodeProcess
GlobalSize
GetMailslotInfo
ResumeThread
GetEnvironmentVariableA
GlobalFree
CreateThread
VirtualAlloc
GetPrivateProfileIntW
GetACP
FindVolumeClose
CloseHandle
LocalFree
WriteFile

user32

GetSysColor
GetKeyboardType
DispatchMessageA
GetClassInfoA
SetFocus
IsWindow
DrawStateW
CallWindowProcW
EndDialog
GetCursorInfo
GetClientRect
GetSysColor
CreateWindowExA

netcfgx

DllUnregisterServer
DllGetClassObject
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy