Extracted

• • Target

    fact34567890-0987651.exe

  • Size

    740KB

  • MD5

    a5e2d3302000da6ea68b650efb356ba8

  • SHA1

    bac1ae702bf83f06dc57e2bf372b823f95cd5722

  • SHA256

    d5d74b300a57fbccea71a5cc653042c19157f3e5e4070bcd29991caedd8f9e5f

  • SHA512

    59fa914aca5729d2e2d388c4c8ff3fc09eea52556cbc68d746125ec16c61f9464abc9c1988833374bd6ba07e75878e375dd139820fafd3e3a8dd4f964c1d23e0

  • SSDEEP

    12288:IquErHF6xC9D6DmR1J98w4oknqOOCyQfNLt2Bmtm209JA1avdgjZMgcCDnEr:Jrl6kD68JmlotQfr7tP136gzw

  Score

  10^/10

  darkclouddiscoverystealerupx

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2