cmd_payload_x64[.]exe | Triage

Submit
Reports

Overview

overview

1

Static

static

1

cmd_payload_x64.exe

windows7-x64

1

cmd_payload_x64.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

cmd_payload_x64.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

cmd_payload_x64.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

cmd_payload_x64.exe
Size

7KB
MD5

96e55dc9884ab668e5cffe572217faa5
SHA1

91e532aaeeaac7a928e7e7b41423dc49c29a6e0f
SHA256

f8ad55c6c6a80781eb944e9f865a82992f35c79c2ae5c7cf363536efe0e823cd
SHA512

12e4a1c87c8f06ca3b7c1274ac08c0190c13eea0d08104c29109d05b20fe0e96b22adb65a2edd5a945376e26bfd8bccd22db4ebe8654b214db68ec37a5f52d09
SSDEEP

96:Uga/nk3DjkRqHn8OaomEz63eVnsbWC1+:F6kTCp2dDF1C1+

Score

1^/10

Malware Config

Signatures

Files

cmd_payload_x64.exe
.exe windows x64

2218b2b4b07b84b86ad31ef60f780103

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_stricmp
printf
memset

kernel32

LocalFree
GetProcAddress
CloseHandle
LoadLibraryA
SetConsoleCtrlHandler
GetLastError
OpenProcess
ResumeThread
LocalAlloc
GetCurrentProcess

advapi32

DuplicateTokenEx
AdjustTokenPrivileges
RevertToSelf
ConvertSidToStringSidA
SetTokenInformation
LookupPrivilegeValueA
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserW
GetTokenInformation

psapi

EnumProcesses

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy