84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb | Triage

Submit
Reports

Overview

overview

Static

static

84f71791eb...eb.exe

windows7-x64

84f71791eb...eb.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb
Size

382KB
MD5

317a6d91f75588a1513ca49e83546f7d
SHA1

0ea240073914966d1c77e2ca4ccb65b3bbf5770e
SHA256

84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb
SHA512

65880a1885120b86ed23bd883eb1636a66ad5be3c34c054b6a28cc2aa884bba4227f744c1166e773064c443e872438bcf0adcc99077194ea5b0da3ddf13fe28a
SSDEEP

6144:OHGQRMJ/6y4+AGeJKiIdDjky49jypOAEWZqnKET5EIyLjRKg1gXVJiObl:RQRMJ/pAGliLy8hAEWZ+7TSHRKSgFBl

Score

N/A

Malware Config

Signatures

Files

84f71791ebef0b8d5a4424b903eb11bf5c068651f8637be1214c97f1374c8aeb
.exe windows x86

83b9cb2e997e54f398b93e22b8bfbd00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
ReleaseMutex
GetEnvironmentVariableA
CreateMutexW
LocalFree
lstrlenA
LocalSize
GetPrivateProfileIntA
InterlockedExchange
GetSystemInfo
FreeConsole
GetCommandLineW
GlobalFree
WriteFile
SuspendThread
LoadLibraryW
GetStdHandle
ResetEvent
CreateEventW
CloseHandle

advapi32

RegCloseKey
CreateServiceW
CloseEventLog
IsValidSid
InitializeSid
RegEnumKeyA
IsValidSecurityDescriptor
ClearEventLogW
RegDeleteValueA
ControlService
RegCreateKeyExW
RegQueryValueW
IsTextUnicode
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy