41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a | Triage

Submit
Reports

Overview

overview

Static

static

41c53e90f0...4a.exe

windows7-x64

41c53e90f0...4a.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a.exe

Resource

win7-20221111-en

evasion persistence ransomware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a.exe

Resource

win10v2004-20220901-en

evasion persistence ransomware

windows10-2004-x64

14 signatures

150 seconds

General

Target

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a
Size

27KB
MD5

b0492e56e1246873173e8f7d32f8a278
SHA1

b31e8e98a4b570f739dd1e1098f4e593f930f450
SHA256

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a
SHA512

fa078565f4eab7b1a618dff2182ac0f630f32a151fdbb5c3d73d1544cc4371d283cc76f597dde990eaa9e389355aca9c73cd1e8b3087b769340f3b9642642979
SSDEEP

384:U0Ne12bO+rTx8S0VL+5ka0OXE8vDIXam7JV4DXi4EECyBsnK/8kHaHKczlyDqq:612hTa7JULXEfXamDIy4HBs7HKwQx

Score

N/A

Malware Config

Signatures

Files

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a
.exe windows x86

59e94e5f36f690a93172696aa6586953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetCPInfo
GetOEMCP
HeapAlloc
lstrcmpiW
GetCurrentProcess
lstrcpynW
GetCommandLineA
lstrcmpW
FreeEnvironmentStringsA
HeapFree
GetProcessHeap
GetStartupInfoA
GetEnvironmentVariableW
GetEnvironmentStringsA

user32

ShowStartGlass
EndPaint
IsIconic
GetWindowTextA
SetCursor
BeginPaint
GetCursorPos

oleaut32

SysStringLen
VariantChangeTypeEx
SysAllocStringLen
VarI1FromR8
SafeArrayGetDim
VarDecMul
VarBstrFromR8
VarUI8FromI2
VarDateFromI1
VariantClear
UnRegisterTypeLib
VarTokenizeFormatString
VariantCopyInd
CreateTypeLib2
VarI2FromI8
VarR8Round
VarUI4FromUI8

Sections

.text
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy