General
-
Target
SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.22959
-
Size
729KB
-
Sample
200801-6feys3e6a6
-
MD5
532524e6b61b197d92f3bd4ed3331d3d
-
SHA1
f1009c96203862812cefa14e186dcff610ccc634
-
SHA256
3e3ab416abadd9093b15f9dcce92f3530709aba8addff16a74e89bd3a7bfd8fd
-
SHA512
5b83ef335563332bb62445ce0d180db0544b793a88b60efb122c990bfe5c00f6bbe5ed5e0437bf59415b989d85f85060434d6aa7b4c1a465672298c142079e03
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.22959.exe
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.22959.exe
Resource
win10
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.22959
-
Size
729KB
-
MD5
532524e6b61b197d92f3bd4ed3331d3d
-
SHA1
f1009c96203862812cefa14e186dcff610ccc634
-
SHA256
3e3ab416abadd9093b15f9dcce92f3530709aba8addff16a74e89bd3a7bfd8fd
-
SHA512
5b83ef335563332bb62445ce0d180db0544b793a88b60efb122c990bfe5c00f6bbe5ed5e0437bf59415b989d85f85060434d6aa7b4c1a465672298c142079e03
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-