b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d | Triage

Submit
Reports

Overview

overview

Static

static

b8c1a0a88e...1d.exe

windows7-x64

b8c1a0a88e...1d.exe

windows10-2004-x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d
Size

385KB
MD5

6ad53eac7b1ba4621fa5363272f9d989
SHA1

c54371fae2d1b0dab070d9aa2a8c6f49d1a92a4c
SHA256

b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d
SHA512

93663c10aed2b541773416c65ef59d8e3db9583f3264f9f65194e0c1813372f3863f1c19507ec6af809d2a5a83e068f57d94fa650c934326254862fe51fa600f
SSDEEP

6144:2V8ouvgQBOi1KGZ7Njs4WO3uimJhBiX8zTM3zrKAO22j:2puoQv1PhNjsiDMkzrT

Score

N/A

Malware Config

Signatures

Files

b8c1a0a88e744bb62d17cab0be3db9289c12b68c1349a690f1ef16987087351d
.exe windows x86

9e57c1314357f3b97f48232eb76c5388

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ResetEvent
FindVolumeClose
ResumeThread
GetPrivateProfileIntW
InterlockedExchange
GetModuleHandleW
GetACP
LocalFree
lstrlenA
CreateEventA
CloseHandle
GetCommandLineA
VirtualAlloc
GetExitCodeProcess
GlobalSize
GlobalFree
GetStdHandle
CreateMutexA
GetEnvironmentVariableW

advapi32

IsTextUnicode
ControlService
CreateServiceA
RegDeleteValueA
RegQueryValueA
LsaClose
RegDeleteKeyA
IsValidAcl
IsValidSid
RegCloseKey
RegCreateKeyExA
ClearEventLogA
RegEnumKeyA

mspatcha

ApplyPatchToFileA
GetFilePatchSignatureA
GetFilePatchSignatureA
GetFilePatchSignatureA
GetFilePatchSignatureA

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy