8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573 | Triage

Submit
Reports

Overview

overview

6

Static

static

8ba970e0bc...73.exe

windows7-x64

6

8ba970e0bc...73.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573.exe

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

8 signatures

150 seconds

General

Target

8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573
Size

1.1MB
MD5

20e6aae9dadcb96a8bace82687812ec7
SHA1

1a2843ecc7c14d176d3817512c1afb23ee4b0a36
SHA256

8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573
SHA512

3e3c35aa4ace5bf65bcdbddc31e9f36c04cafa0c90eb80acf9bbb44ba4d8def30b7a6ba2959a559dca3291656becbac67816aed8e5ed2fb9cd7b5beeec2ce40c
SSDEEP

24576:K6HnbFrHuQt0rxqljlUYQqln/Umc1iFO0DneqJQ56v:lbFrHdt2syYpB/SDcneq6w

Score

N/A

Malware Config

Signatures

Files

8ba970e0bcf1d1c70887a322fec963efef1be97066b49a3897d3ee1aa215d573
.exe windows x86

85ca310c37fa2ffa592cb14249d3431b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

version

VerQueryValueW

user32

GetDC

gdi32

ArcTo

comdlg32

GetFileTitleA

winspool.drv

GetJobA

advapi32

FreeSid

shell32

DragFinish

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA

ole32

OleRun

oleaut32

LoadTypeLi

dbghelp

StackWalk

imagehlp

ImageRemoveCertificate

rpcrt4

UuidCreate

secur32

DecryptMessage

ws2_32

recv

netapi32

Netbios

Sections

.MPRESS1
Size: 1010KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy