Extracted

• • Target

    cfb11e1abacfa8a2ac0354c382f132169a0e314569a9e5b97f0bdf62adb161a8.exe

  • Size

    1.2MB

  • MD5

    627edd7194c593aff1a4a9b20fb9c69d

  • SHA1

    ee168450664c7dadf344144d84f0818714e9a63f

  • SHA256

    cfb11e1abacfa8a2ac0354c382f132169a0e314569a9e5b97f0bdf62adb161a8

  • SHA512

    b18d0d7fca2c78f8c7bdceb7dce1eb864aa49d62c694f68b6e7fddb4f0d379cd24696e3ab4298f8fd6ff764134ac1003efe217e66e98eb39c7dc9c0bbc058677

  • SSDEEP

    24576:mu6J33O0c+JY5UZ+XC0kGso6FamxC6w0BM6P32KNK/5HWY:ou0c++OCvkGs9FamS+932KA/8Y

  Score

  10^/10

  darkclouddiscoverystealerupx

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2