General
Structural Analysis
Config.0
Yara Rules92
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 0094e9198a63ba831db0c65b9f748aa3
|
| Sha1 | 4f62568da5ae4410627509dff87667e267cb788b
|
| Sha256 | 1d3227d59735f14311c66a990fbafb2528eb7b1710b5dec6de1c600e46c36cfd
|
| Sha384 | cf1f256141fa80e72f465d2af0102f3a3e6b6d3fe46d2edaff7bf2f050306feb335b6757399ca7dbd39100a273a5f4c0
|
| Sha512 | 88cce3a1a4785fffe20d9679af9625aad123d393666de17dc4741990510aad852595516f6eb2069e17a942e4fd55c48f23035eb07df90d74db7e621c73d0ec93
|
| SSDeep | 24576:2TbBv5rUyXVKwO8k+1KDFhkJeayqtnVw2bji1HpPMbSiJxnAkC4/870gCBCKS8Gw:IBJB1mZqtVwD1dBiJGxe/T48xTYcQA
|
| TLSH | D8A5BF06B6D28E32D3A117318597563DA2A1D7223A11EF5B360F20D6AD4B7F18E721F3
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
0094e9198a63ba831db0c65b9f748aa3
Malicious
Overlay_e9b6e85a.bin
Malicious
Webruntime.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
faXbmnLRFYdQuM7c3V.IDNCWlMKjTQS5wIRO1
v36ZZjkulfPjSw1Np9.2F0RfMeUY3D5SMZ7rC
LU1IqXYsdbAuOlmu3p.A5UlE1xP2I7hYEupXT
L1Y1lVlt3IA6dsaGQp.Wsqtkdug0hijAYEMtg
YA06fgBRL58V95uf6w.InKR3N1vhWkbl80YN8
BsxkaNnC9W0g4cnqXF.Ya9Sto3CiAMAr36rPD
Wr8O5wwe5nthYx1oxfBV0J7ibO7nKF7jrT3muVKb4Gcnrk2uyGgGwce.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
0094e9198a63ba831db0c65b9f748aa3.decoded.vbs
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_e9b6e85a.bin (1915318 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
0094e9198a63ba831db0c65b9f748aa3 (2.24 MB)
File Structure
0094e9198a63ba831db0c65b9f748aa3
Malicious
Overlay_e9b6e85a.bin
Malicious
Webruntime.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
faXbmnLRFYdQuM7c3V.IDNCWlMKjTQS5wIRO1
v36ZZjkulfPjSw1Np9.2F0RfMeUY3D5SMZ7rC
LU1IqXYsdbAuOlmu3p.A5UlE1xP2I7hYEupXT
L1Y1lVlt3IA6dsaGQp.Wsqtkdug0hijAYEMtg
YA06fgBRL58V95uf6w.InKR3N1vhWkbl80YN8
BsxkaNnC9W0g4cnqXF.Ya9Sto3CiAMAr36rPD
Wr8O5wwe5nthYx1oxfBV0J7ibO7nKF7jrT3muVKb4Gcnrk2uyGgGwce.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
0094e9198a63ba831db0c65b9f748aa3.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.