de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05 | Triage

Submit
Reports

Overview

overview

Static

static

de652a3cb7...05.exe

windows7-x64

de652a3cb7...05.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05.exe

Resource

win7-20220812-en

pony discovery evasion persistence rat spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05.exe

Resource

win10v2004-20220812-en

pony discovery evasion persistence rat spyware stealer upx

windows10-2004-x64

22 signatures

150 seconds

General

Target

de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05
Size

281KB
MD5

d11269a30bc1deb1d586d2c1b2b4d50c
SHA1

63fae79ceb665ef6bae13cd50c7ff546a8cce2f1
SHA256

de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05
SHA512

a2a3f556f82805d14361db4b3cdddf0e95733a226ca9e4770048ca72c703551b3e4ff7b10f76abe56844d4ef7f1d37bcfc186706fb23d98d411da4083d03e9ed
SSDEEP

6144:hn/JED4oRjTMttqG7+PiUjo1xDd98RPy9CHPFHnxO+Xwp+u:hnRE8QTMttZCPiUjSxD78RPP9RO+Xwpx

Score

N/A

Malware Config

Signatures

Files

de652a3cb70c65c2af387f0b1a6d8d229f5bb3529ecf4651ee41a69569f80b05
.exe windows x86

2d99f8180f802145ebe2ea6dadde5cd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextA
IsWindowVisible
wsprintfW
EnumWindows
GetWindowThreadProcessId
wsprintfA

kernel32

EnumResourceNamesA
FormatMessageA
MultiByteToWideChar
GlobalAddAtomW
HeapFree
SetLastError
FindFirstFileW
GetCommandLineA
LoadLibraryW
HeapAlloc
LockResource
RaiseException
GetProcAddress
GetLastError
GetProcessHeap
EnumResourceNamesA
GetCurrentDirectoryA
EnumResourceTypesA
SizeofResource
LocalFree
GetCurrencyFormatA
FindNextFileW
FindFirstFileA
FindResourceExA
EnumResourceLanguagesA
CloseHandle
GlobalFree
GetModuleHandleA
LoadResource
InterlockedExchange
Sleep

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 140KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy