mrstch.exe

Sample information


1

Antivirus detections

0

IDS alerts

1

Processes

0

Http events

0

Contacted hosts

0

DNS Requests

    4.8


    Score

Current activity of this Sample

Blacklist timeline

SpectorKeylogger

Hybrid-Analysis

First seen: Fri Feb 01 2019 23:30:03 GMT+0000
Last seen: Sat Feb 02 2019 00:30:03 GMT+0000
Period: an hour
Hashes
Filename:
mrstch.exe
md5:
780d5050340ed33e9ac4bbd7050c5122
sha1:
d23afdc993ba8497bc683caf2fcba8157fcab39e
sha256:
74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f

In depth details
Filetype:
PE32+ executable (console) x86-64, for MS Windows
Size (Bytes):
7036400
Classification:
malicious

Dates
Indexed:
Sat Feb 02 2019 00:30:03 GMT+0000 (6 years ago)
Last modified:
Sat Feb 02 2019 00:30:03 GMT+0000 (6 years ago)

Developers can check API Specification here:

API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f

Request:

Alternatively you can use Maltiverse Python3 Library: 
          
import requests
import json

url = 'https://api.maltiverse.com/sample/74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))

Request:

          
$url = 'https://api.maltiverse.com/sample/74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f'
$headers =  @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response

Response:

      
{
    "antivirus": [
        {
            "description": "PUA:Win32/SpectorKeylogger",
            "name": "Microsoft"
        }
    ],
    "av_ratio": 1,
    "blacklist": [
        {
            "count": 1,
            "description": "SpectorKeylogger",
            "first_seen": "2019-02-02 00:30:03",
            "last_seen": "2019-02-02 00:30:03",
            "source": "Hybrid-Analysis"
        }
    ],
    "classification": "malicious",
    "creation_time": "2019-02-02 00:30:03",
    "filename": [
        "mrstch.exe"
    ],
    "filetype": "PE32+ executable (console) x86-64, for MS Windows",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "780d5050340ed33e9ac4bbd7050c5122",
    "modification_time": "2019-02-02 00:30:03",
    "process_list": [
        {
            "name": "mrstch.exe",
            "normalizedpath": "C:\\mrstch.exe",
            "sha256": "74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f",
            "uid": "00007210-00003400"
        }
    ],
    "score": 4.8,
    "scoring_executed_time": "2025-05-16 19:43:01",
    "sha1": "d23afdc993ba8497bc683caf2fcba8157fcab39e",
    "sha256": "74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f",
    "size": 7036400,
    "type": "sample"
}

Antivirus positives

Antivirus Threat
Microsoft PUA:Win32/SpectorKeylogger
Process list
uid
00007210-00003400
commandline
name
mrstch.exe
normalizedpath
C:\mrstch.exe
sha256
74d35e4f46748a515796a7371a846b069b57d1d853faedcb376f9702274f550f