b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9 | Triage

Submit
Reports

Overview

overview

8

Static

static

b9f330c543...a9.exe

windows7-x64

8

b9f330c543...a9.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9
Size

774KB
MD5

728dae06fc8437b2d8513e3c4d1ab72e
SHA1

5c5ef2922458afbfe81f6598b4c83bc2358c3e8b
SHA256

b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9
SHA512

219d8cbad816492e3ece248ca293b2e460c9e7d49d2b4c5212ba50cef8d6b368f3b43e494537eafd3273380d10cdfbc2688eaf2f69d0a8618d72defa702b585a
SSDEEP

24576:KY2ulLXdl2CxOuMhFTJ1Mq/1Ve+/1z8Bv4f/msbP:rLXdl28OjhFTnB/1Ve+/J6Qf+YP

Score

N/A

Malware Config

Signatures

Files

b9f330c543b9e5161b7d8c2d1587a86a0665665fbf02f77b81203c541e22dba9
.exe windows x86

3980e6e49c2d0018635bbaa782f65c47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CloseHandle
GetModuleHandleA
HeapCreate
GetComputerNameA
lstrlenA
LoadLibraryW
LocalUnlock
GetDiskFreeSpaceA
LocalFree
FindVolumeClose
ResumeThread
GetSystemTime
GetDriveTypeA
CreateFileA
GetTickCount
SetLastError
GetDateFormatA
GetCommandLineW
ResetEvent

advapi32

RegDeleteKeyA
RegQueryValueA
GetUserNameA
GetLengthSid
RegEnumKeyExA
CreateServiceA
RegEnumValueA
FreeSid
IsTokenUntrusted
GetFileSecurityW
RegCloseKey
RegCreateKeyExA
CloseEventLog

clbcatq

CheckMemoryGates
DllGetClassObject
SetSetupSave
SetupOpen
ComPlusMigrate

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy