b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400 | Triage

Submit
Reports

Overview

overview

Static

static

b473d9e203...00.exe

windows7-x64

b473d9e203...00.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400.exe

Resource

win7-20220812-en

pony discovery evasion persistence rat spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400.exe

Resource

win10v2004-20221111-en

pony discovery evasion persistence rat spyware stealer upx

windows10-2004-x64

22 signatures

150 seconds

General

Target

b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400
Size

314KB
MD5

f942202bf5e5e359bfea2edb23c750c9
SHA1

89dcc4a9bb770a4650b8361acafc06817935d54e
SHA256

b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400
SHA512

2e4e64ae2aa80749635040e392608260177119d04e71b95941ae7ad7920b9f1b34f96f3e8dc5e8873502371f4882746f2cdda6ed8bf0bc099cd43e7f3baf3929
SSDEEP

6144:yCqmhAO59n2zpjVBPbTgsJ0j6qqpxR/gWDOWhCNe6DPy0nmsrHY:yiv594pjVBPbTgohWesPnnmuY

Score

N/A

Malware Config

Signatures

Files

b473d9e2035549235a328864554ef577b4c171fa06c0289ff772a4826f6a4400
.exe windows x86

e7d4a89133b335cb78a2fd3d69a27466

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
TlsGetValue
OutputDebugStringA
HeapReAlloc
LCMapStringW
GetStringTypeW
DebugBreak
EnumSystemLanguageGroupsW
IsValidCodePage
WriteConsoleW
LCMapStringA
CompareFileTime
GetStringTypeA
GetTimeZoneInformation
GetLocaleInfoA
GetCPInfo

shell32

SHChangeNotify
SHGetPathFromIDListW

oleacc

DllGetClassObject
CreateStdAccessibleObject

ole32

CoGetObject
CoCreateInstance
CoTaskMemAlloc
FreePropVariantArray
GetRunningObjectTable
ReleaseStgMedium
CoUninitialize
CreateClassMoniker
StringFromGUID2
CoInitialize
CoTaskMemFree

oledlg

OleUIBusyW

winmm

sndPlaySoundA

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy