Malicious
Malicious

04ed7d5eedc8c3bda9cd09158d6c2400

PE Executable
|
MD5: 04ed7d5eedc8c3bda9cd09158d6c2400
|
Size: 3.15 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
04ed7d5eedc8c3bda9cd09158d6c2400
Sha1
0b13e9d216a2db439a987fe5d7b526e81e5d105f
Sha256
bd52309c600df9be82a2e8afd09bfd19ba20a303ecc05a85e550afd426906283
Sha384
c398309c94b3b91c82b062cf9e4ba0db71364678725c5306efb7e9b55b8a0ac6339e36c109ed0517e2b8d6ce4186dc4c
Sha512
70741d7667e8e76bd76f730ae9be47008a33ced040310e7de9b702c3eec9de3cb1122d3baf580fd114dca840163f4f9ab88707422d672075f37201d27d6c68f9
SSDeep
49152:OuScHxfG4/KCGCzYhQAp7AZb0Tqn5KsdpRla/vDp7Prvd:OaxfG4/KCGCzYhQApcqM5KsXqPrvd
TLSH
1BE53B92B909B5CFD48A2778A527CDB6985D03F94F2048C3DD5CB4BABE63CC111B6D28

PeID

Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
UPolyx 0.4 -> delikon
ZProtect v1.4.6 -> * Sign by phpbb3
File Structure
04ed7d5eedc8c3bda9cd09158d6c2400
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.rsrc
.idata
ynqmdufg
eotpqovp
.taggant
dCUmhzgn
hYdcWYSS
MAfKigom
vtVRBqGB
kLqXRKRx
yUrKldDp
PzahJSSG
OVKfethN
LrPrJjbF
INgiNUzd
Resources
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Artefacts
Name
 Value
LummaEncrypted@00045600 [0123456789abcdef]

????
LummaEncrypted@00045613 [0123456789ABCDEF]

????
LummaEncrypted@00045628 [00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899]

 $$$$((22226666::@@@@DDDDHHRRRRVVVVZZ````ddddhhrrrrvvvvzz????????????????????
LummaEncrypted@00046CD8 [00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899]

 $$$$((22226666::@@@@DDDDHHRRRRVVVVZZ````ddddhhrrrrvvvvzz????????????????????
LummaEncrypted@00046DA1 [000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF]

  $$$$((((,,,,000044448888<<<<@@@@DDDDHHHHLLLLPPPPTTTTXXXX\\\\````ddddhhhhllllppppttttxxxx||||????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LummaEncrypted@000475D5 [0123456789ABCDEF]

????
LummaEncrypted@00057CCA [6595b64144ccf1df]

!YG?
LummaEncrypted@00217022 [DDDDDDDD]

04ed7d5eedc8c3bda9cd09158d6c2400 (3.15 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙