file[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

amadey discovery evasion persistence spyware stealer themida trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

amadey discovery evasion persistence spyware stealer themida trojan

windows10-2004-x64

21 signatures

150 seconds

General

Target

file.exe
Size

3.0MB
MD5

be76ff3a8432e5e199b6a0d66ba3df53
SHA1

8dd9dfb952c3493ed5b4300ce68558c8a04743e4
SHA256

08fa2eaf0a93a4b1cc98e8eb518f3e55f4cd46c8f698b66db9c86eb76c323133
SHA512

744992f79ef712151a3fcda9389537c33d00cad8dd27968ed7549829de74479298a318d4c2c0355b19f33c4a73714a2350cd1dc2e750e5199d60415d9d6bf5b6
SSDEEP

49152:NQrOjUf8BF+HktzkRj887KeKaBnNkmTCEL/sjM1BxCIyoarJ:NQBf8BUHxNnzKM1BcIDar

Score

1^/10

Malware Config

Signatures

Files

file.exe
.exe windows x86

5bd91a0f42fd0a961c30b4fc8a1545ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

BitBlt

advapi32

RegCloseKey

shell32

ord680

wininet

InternetOpenA

gdiplus

GdiplusStartup

Sections

.MPRESS1
Size: 3.0MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy