Extracted

• • Target

    DAS09876567800.exe

  • Size

    1.3MB

  • MD5

    0dbeba5dd7585ab072cc0f15a95fd4ac

  • SHA1

    ab1f07574200224ee5ce206d923d6591b8456ff2

  • SHA256

    27b3117f8576dffaf9d057dd4bb67e1a521795518be5796c93a876d2e61d3af7

  • SHA512

    058327c3571bfbf811a37a5b48a55d4ee6b0e39f4c849ce52c5024da3e9833bbfd9c098fcba72ffa852d96df4f06c906acb0bc87f85672046b3033510e398611

  • SSDEEP

    24576:Iu6J33O0c+JY5UZ+XC0kGso6Fa7S47DyWqTY1GZdPyWt7l9WY:iu0c++OCvkGs9Fa7S4SWsyWlaY

  Score

  10^/10

  darkclouddiscoverystealerupx

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2