Suspicious
Suspect

PE Executable
MD5: 104a4f8c67f6ac569fadd6d259f7f03b
Size: 2.11 MB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 104a4f8c67f6ac569fadd6d259f7f03b
Sha1 b93ce9b04ae7c536722d1bf9e80c007c67c49058
Sha256 728e75ae848ac62aa705ed4e4c000dd3dfa2a4cf70a5adfbc56c5a9d2b017792
Sha384 a18100ecada23ab5d3808ef01de186338a81189c4b17bcfd8d9267177c18c2bffdbc498ecc6a00d8007e70109a87f18a
Sha512 e736bbd14a5db1b2d541bcfd71bd66858c8a71da3790f903b4ad43aaf4be61a4406051cb6b389b1c20519e1df46e83c13f1ce54fa8e3bd5ecd982a53e9afbec9
SSDeep 24576:s5uYyQO8hVDs/5IdhtQFujoh6m6vBsZZ5PXQBJOKdkjnoor0PfSIgZlHVvtRJQOh:gno8haujVsPAB8KY2+Bz+2
TLSH 9FA58E46B3A501F8D477C078CD466217FA72B4041774ABEB55A08A6A2F33FE13ABE315
PeID
MASM/TASM - sig4 (h)Microsoft Visual C++ 8.0 (DLL)Microsoft Visual C++ v6.0 DLL
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
CAFFEE_CONFIG
ID:007B
ID:0
RT_MANIFEST
ID:0001
ID:1033
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: t$di
URLs in VB Code - #1 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #2 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #3 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #4 URIsuspect
https:huhuhuhuhuhuhuhuhuhuhu
URLs in VB Code - #5 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
URLs in VB Code - #6 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
CAFFEE_CONFIG
ID:007B
ID:0
RT_MANIFEST
ID:0001
ID:1033
No malware configuration was found at this point.
URLs in VB Code - #1 URIsuspect
https:huhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
URLs in VB Code - #2 URIsuspect
https:huhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
URLs in VB Code - #3 URIsuspect
https:huhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
URLs in VB Code - #4 URIsuspect
https:huhuhuhuhuhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
URLs in VB Code - #5 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
URLs in VB Code - #6 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
104a4f8c67f6ac569fadd6d259f7f03b
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙