e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f | Triage

Submit
Reports

Overview

overview

Static

static

e1296dcaec...3f.exe

windows7-x64

e1296dcaec...3f.exe

windows10-2004-x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f
Size

394KB
MD5

55445c5650359a828311d81d087d9d5f
SHA1

dfed09319787b1ca548b506d260f1e429a2e5b28
SHA256

e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f
SHA512

c38944638ae3a926f841f4fded37d350529b5302a5e850ee39581e17a180df713e9a1c78e8d97bc26eb01781f2b690957aaec6375f476abbc737a0e612312e09
SSDEEP

12288:Ah8OuT6yf69upH8zVJA7ga5uKdjYTCDQF:AyOu+6696czAz5nQ

Score

N/A

Malware Config

Signatures

Files

e1296dcaec81e338112141b61a5a7569cabdad43a219272348aafe6c74e0343f
.exe windows x86

fc1b289fb991f765e86ba57bab1af8ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateHardLinkA
CreateMutexA
CreateFileA
lstrlenW
CreateDirectoryW
HeapDestroy
FatalExit
SetLastError
GetStdHandle
RemoveDirectoryW
LoadLibraryA
GetTickCount
ReadConsoleA
ReleaseSemaphore
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
DeleteFileA
VirtualProtect
MapViewOfFile
SetLastError
GetStartupInfoA
GetFileSize
GetVersion
HeapSize

cryptui

CryptUIWizImport
CryptUIStartCertMgr
CryptUIWizExport
CryptUIDlgFreeCAContext
CryptUIWizDigitalSign
CryptUIWizBuildCTL
WizardFree
DllRegisterServer
CryptUIDlgViewContext
WizardFree
LocalEnroll
DllUnregisterServer
LocalEnrollNoDS

mf3216

ConvertEmfToWmf
Mf3216DllInitialize
ConvertEmfToWmf
Mf3216DllInitialize

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2024

Terms | Privacy