a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a3b3b7d29d...9f.exe

windows7-x64

a3b3b7d29d...9f.exe

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f
Size

391KB
MD5

f8769b7cf2e32595e49bd06b4150398d
SHA1

6c3b3f6fb7837da87c229b4044aa35cd8bfb1253
SHA256

a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f
SHA512

88e4c32f835f543017af42d968da84dd5b4adae22dd25f0d3d7f953fe2e31deb6d5af41ca7b3bc058e6dc72b54f182547471a5fd55156449a1da268cdfe3be22
SSDEEP

12288:RtRMQHEAJLjpFv6w2K/PkFtlVMHFWg1EOfoMzCc3Sa0n:RtRMQkAJLjpFvN/ytkjEOfoMWN

Score

N/A

Malware Config

Signatures

Files

a3b3b7d29d7b46ffbe2836d86c1befe6e2ac45948b1bb5fdbc32819b7ca1449f
.exe windows x86

3c427a75199bb6687a0c7eb73d95b2c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
LocalFree
GetEnvironmentVariableW
lstrlenW
GetCurrentThreadId
CloseHandle
ReleaseMutex
GetDriveTypeA
GetFileTime
ReleaseMutex
HeapCreate
WriteFile
CreateEventW
GetPrivateProfileStringA
IsBadStringPtrW
TlsGetValue
FindClose
InitializeCriticalSection
GetCurrentProcessId
LoadLibraryW

user32

GetSysColor
CreateWindowExA
GetKeyboardType
GetSysColor
GetClientRect
DrawStateW
SetFocus
CallWindowProcW
GetClassInfoA
DispatchMessageA
DrawTextA
IsWindow
EndDialog

qcliprov

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy