db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840 | Triage

Submit
Reports

Overview

overview

Static

static

db803f0d02...40.exe

windows7-x64

db803f0d02...40.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840.exe

Resource

win7-20221111-en

pony discovery evasion persistence rat spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840.exe

Resource

win10v2004-20220812-en

pony discovery evasion persistence rat spyware stealer upx

windows10-2004-x64

22 signatures

150 seconds

General

Target

db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840
Size

285KB
MD5

f3440ec3576147777e5725da07fc7df1
SHA1

d60539ad229161d167ebe162930369522eab7bc3
SHA256

db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840
SHA512

2c2648b69553ae016b9fb58d9cf4afe2902f5c3f92364f3651cc10ee9a93ebf080ece1844a25b62afe6ca961846b735d4e506fd776d28bb024ff6ce47802b576
SSDEEP

6144:NmQYrgm3CrBAQFsdukfxNC3FIxoE97SDQheFHepAky7iIl:DYbVQWdukfxiM7SDQh2HepAF7

Score

N/A

Malware Config

Signatures

Files

db803f0d0260a1af04897ccc464775aac602a18ee0e616b1162ae4af35d28840
.exe windows x86

c8259d48c607ab9807eca1f5ebf7f2e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

shlwapi

GetAcceptLanguagesA
PathRemoveFileSpecW
PathIsRelativeW
PathFindExtensionW
PathAppendW
UrlUnescapeW
UrlCreateFromPathW
PathCreateFromUrlW
StrCmpIW
PathCombineW

oleacc

CreateStdAccessibleObject

kernel32

GetSystemTimeAsFileTime
GetModuleHandleW
GlobalFindAtomW
FoldStringW
GetLocaleInfoW
VirtualProtect
GetTickCount
InterlockedExchange
GetCurrentThreadId
GetCurrentProcess
InterlockedCompareExchange
SetUnhandledExceptionFilter
EnumResourceLanguagesA
IsDebuggerPresent
GetStartupInfoA
TerminateProcess
QueryPerformanceCounter
GetPrivateProfileSectionW
GetCurrentProcessId
LocalAlloc
GetProcessHeap
UnhandledExceptionFilter
DeleteFileW

Sections

.text
Size: 138KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy