Suspicious
Suspect

0f2198bc8d9de74c454f3cdc35f3fb42

PE Executable
|
MD5: 0f2198bc8d9de74c454f3cdc35f3fb42
|
Size: 10.1 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
0f2198bc8d9de74c454f3cdc35f3fb42
Sha1
e8422f3356748c77b6b1f605c8bfa7e4dad13332
Sha256
3b5e6b20a192f2b3068ba93b216d6425936f665fd02bd90961d2f83e83e98b5a
Sha384
cb23f37c4877b1957ca2cf410c4706a5e0bab7a56c77b06ff8c8cf2f66002a575d0ddabc34896318cc9e989601ea851f
Sha512
10db44bcb4107924c0e769ba265ebd179ce2517b8e0caacb76baaf6c30d3e7a712fde5f5b4f14919c37142c956cc86ea9f27c6db3b832501b0c684be7770ef96
SSDeep
98304:hxO35KhM3QWlv6G0llxWd+aUkaxY8JRMP5NGHQ:hxOpKhM3flCG0lPWd+aUkaxY80
TLSH
ACA6AE06BAE840B6D0BA9234C867A766F771BC154B3163CB2660BB7C2F377D05A39711

PeID

HQR data file
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
tElock 1.0 (private) -> tE!
tElock 1.0 (private) -> tE!
File Structure
0f2198bc8d9de74c454f3cdc35f3fb42
Overlay_45cb6e04.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
0f2198bc8d9de74c454f3cdc35f3fb42
0x005B2780.svg
0x005B2780.svg-preview.jpg
0x005B2A68.svg
0x005B2A68.svg-preview.jpg
0x005B2D60.svg
0x00694EB7.svg
0x00694EB7.svg-preview.jpg
0x006952B7.svg
0x006952B7.svg-preview.jpg
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_45cb6e04.bin (7675392 bytes)
Artefacts
Name
 Value
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2016/WindowsSettings
URLs in VB Code - #2

http://schemas.microsoft.com/SMI/2019/WindowsSettings
URLs in VB Code - #3

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
URLs in VB Code - #4

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
URLs in VB Code - #5

http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
URLs in VB Code - #6

http://www.microsoft.com/pkiops/docs/primarycps.htm0@
URLs in VB Code - #7

http://www.microsoft.com0
URLs in VB Code - #8

http://crl.microsoft.com/pki/crl/products/MicRooCer
URLs in VB Code - #9

http://ocsp.sectigo.com0
URLs in VB Code - #10

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
URLs in VB Code - #11

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
URLs in VB Code - #12

http://ocsp.usertrust.com0
URLs in VB Code - #13

https://sectigo.com/CPS0
URLs in VB Code - #14

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
URLs in VB Code - #15

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
URLs in VB Code - #16

http://schemas.microsoft.com/winfx/2006/xaml/workflow
URLs in VB Code - #17

http://schemas.microsoft.com/winfx/2006/xaml,System.Workflow.ComponentModel.Serialization
URLs in VB Code - #18

http://schemas.microsoft.com/winfx/2006/xaml/workflow%System.Workflow.ComponentModel.Design
URLs in VB Code - #19

http://sc
URLs in VB Code - #20

http://www.w3.org/2000/svg
URLs in VB Code - #21

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
URLs in VB Code - #22

http://www.microsoft.com/windows0
URLs in VB Code - #23

http://ocsp.verisign.com0
URLs in VB Code - #24

http://crl.verisign.com/ThawteTimestampingCA.crl0
URLs in VB Code - #25

http://crl.verisign.com/tss-ca.crl0
URLs in VB Code - #1

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
URLs in VB Code - #2

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
URLs in VB Code - #3

http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
URLs in VB Code - #4

http://www.microsoft.com/pkiops/docs/primarycps.htm0@
URLs in VB Code - #5

http://www.microsoft.com0
URLs in VB Code - #6

http://crl.microsoft.com/pki/crl/products/MicRooCer
URLs in VB Code - #7

http://ocsp.sectigo.com0
URLs in VB Code - #8

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
URLs in VB Code - #9

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
URLs in VB Code - #10

http://ocsp.usertrust.com0
URLs in VB Code - #11

https://sectigo.com/CPS0
URLs in VB Code - #12

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
URLs in VB Code - #13

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
URLs in VB Code - #14

http://schemas.microsoft.com/winfx/2006/xaml/workflow
URLs in VB Code - #15

http://schemas.microsoft.com/winfx/2006/xaml,System.Workflow.ComponentModel.Serialization
URLs in VB Code - #16

http://schemas.microsoft.com/winfx/2006/xaml/workflow%System.Workflow.ComponentModel.Design
URLs in VB Code - #17

http://sc
URLs in VB Code - #18

http://www.w3.org/2000/svg
URLs in VB Code - #19

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
URLs in VB Code - #20

http://www.microsoft.com/windows0
URLs in VB Code - #21

http://ocsp.verisign.com0
URLs in VB Code - #22

http://crl.verisign.com/ThawteTimestampingCA.crl0
URLs in VB Code - #23

http://crl.verisign.com/tss-ca.crl0
0f2198bc8d9de74c454f3cdc35f3fb42 (10.1 MB)
File Structure
0f2198bc8d9de74c454f3cdc35f3fb42
Overlay_45cb6e04.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
0f2198bc8d9de74c454f3cdc35f3fb42
0x005B2780.svg
0x005B2780.svg-preview.jpg
0x005B2A68.svg
0x005B2A68.svg-preview.jpg
0x005B2D60.svg
0x00694EB7.svg
0x00694EB7.svg-preview.jpg
0x006952B7.svg
0x006952B7.svg-preview.jpg
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2016/WindowsSettings

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #2

http://schemas.microsoft.com/SMI/2019/WindowsSettings

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #3

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #4

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #5

http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #6

http://www.microsoft.com/pkiops/docs/primarycps.htm0@

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #7

http://www.microsoft.com0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #8

http://crl.microsoft.com/pki/crl/products/MicRooCer

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #9

http://ocsp.sectigo.com0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #10

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #11

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #12

http://ocsp.usertrust.com0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #13

https://sectigo.com/CPS0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #14

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #15

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #16

http://schemas.microsoft.com/winfx/2006/xaml/workflow

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #17

http://schemas.microsoft.com/winfx/2006/xaml,System.Workflow.ComponentModel.Serialization

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #18

http://schemas.microsoft.com/winfx/2006/xaml/workflow%System.Workflow.ComponentModel.Design

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #19

http://sc

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #20

http://www.w3.org/2000/svg

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #21

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #22

http://www.microsoft.com/windows0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #23

http://ocsp.verisign.com0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #24

http://crl.verisign.com/ThawteTimestampingCA.crl0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #25

http://crl.verisign.com/tss-ca.crl0

0f2198bc8d9de74c454f3cdc35f3fb42
URLs in VB Code - #1

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #2

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #3

http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #4

http://www.microsoft.com/pkiops/docs/primarycps.htm0@

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #5

http://www.microsoft.com0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #6

http://crl.microsoft.com/pki/crl/products/MicRooCer

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #7

http://ocsp.sectigo.com0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #8

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #9

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #10

http://ocsp.usertrust.com0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #11

https://sectigo.com/CPS0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #12

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #13

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #14

http://schemas.microsoft.com/winfx/2006/xaml/workflow

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #15

http://schemas.microsoft.com/winfx/2006/xaml,System.Workflow.ComponentModel.Serialization

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #16

http://schemas.microsoft.com/winfx/2006/xaml/workflow%System.Workflow.ComponentModel.Design

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #17

http://sc

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #18

http://www.w3.org/2000/svg

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #19

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #20

http://www.microsoft.com/windows0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #21

http://ocsp.verisign.com0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #22

http://crl.verisign.com/ThawteTimestampingCA.crl0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
URLs in VB Code - #23

http://crl.verisign.com/tss-ca.crl0

0f2198bc8d9de74c454f3cdc35f3fb42 > Overlay_45cb6e04.bin
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙