ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5 | Triage

Submit
Reports

Overview

overview

8

Static

static

ef4e1a040a...e5.exe

windows7-x64

8

ef4e1a040a...e5.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5.exe

Resource

win7-20221111-en

spyware stealer upx

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5
Size

184KB
MD5

6195c92bc7d837ed1d2b970910c39fc8
SHA1

c796c0af8edf56433c80ed6225821acd350cf1a9
SHA256

ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5
SHA512

1e238b0122d85c40aa5a248aa9b648e27c7b4927142005f7a04e6ec02029ddc8bd6d870cabbca35900f76aab4dc40a99f3a0efb1bf5a81c2266714493bd8869e
SSDEEP

3072:HuZ9A9O97u/aJ3CZjp0M9VlTn0bPqIxQZD8rXMK1W33ofnR19+v2JwqW/XtY:C9N5527ILJ1g3CnHbA/Xt

Score

N/A

Malware Config

Signatures

Files

ef4e1a040a1d41f7d5037b08fc9683bb8e15585d5983f19f8fc5a148a49b24e5
.exe windows x86

fdae961676cdb187f9368e3c8cb139e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
CoCreateInstance

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumValueW
RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueW

psapi

GetModuleBaseNameW

kernel32

VirtualQueryEx
RemoveDirectoryA
CreateProcessW
InterlockedCompareExchange
GetExitCodeThread
GetTempPathA
CreateEventW
lstrcmpA
DeleteFileA
CopyFileW
SetFileAttributesA
CreateDirectoryExA
EnumResourceNamesW
FindNextFileA
FindClose
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
Heap32ListNext
LocalAlloc
HeapSetInformation
lstrlenW
LoadLibraryW
GetFileAttributesA
lstrcmpiW
LoadLibraryExW
FindFirstFileA
lstrcmpiA
LocalFree
DeleteFileW

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy