8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098 | Triage

Submit
Reports

Overview

overview

Static

static

8676c0af61...98.exe

windows7-x64

8676c0af61...98.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098.exe

Resource

win7-20220901-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098
Size

385KB
MD5

3c17a089c6ad61ff6e3eb5b60c22abf2
SHA1

61db395742c78312458758a930223eb706efca19
SHA256

8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098
SHA512

d900e888565a2e8d676c8499d3cdc1c085114e86f2005ba0d613b99426ed79bc0eb4dd72920f26efd78fa42d49e9c7821169792a73a34b2edf255931f6dfb698
SSDEEP

6144:OQ6LyPcpCG0fJMHneMCDB6sEFu6XwydbyY9gHDtWGDSYAnLCI:wLl4G0fchCd+RXwycY9gkGTALb

Score

N/A

Malware Config

Signatures

Files

8676c0af6135a16f4894cbe13efc5c0e0d29f06289c819f91bdc129d00518098
.exe windows x86

7b209f0e9f94d4b096402cdc8ce506ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetEnvironmentVariableA
InterlockedExchange
ResetEvent
FindVolumeClose
lstrlenA
LocalSize
GetModuleHandleW
LocalFree
VirtualAlloc
CreateThread
GlobalFree
GetMailslotInfo
GetDriveTypeW
GetACP
GetExitCodeProcess
GetPrivateProfileIntW
ResumeThread
WriteFile
FreeConsole

user32

GetCursorInfo
SetFocus
DrawStateW
GetClassInfoA
GetKeyboardType
CallWindowProcW
GetSysColor
GetClientRect
DispatchMessageA
IsWindow
CreateWindowExA
GetSysColor
EndDialog

qedit

DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllGetClassObject
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy