Suspicious
Suspect

Share on LinkedIn
Print
PE Executable
MD5: 104a4f8c67f6ac569fadd6d259f7f03b
Size: 2.11 MB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 104a4f8c67f6ac569fadd6d259f7f03b
Sha1 b93ce9b04ae7c536722d1bf9e80c007c67c49058
Sha256 728e75ae848ac62aa705ed4e4c000dd3dfa2a4cf70a5adfbc56c5a9d2b017792
Sha384 a18100ecada23ab5d3808ef01de186338a81189c4b17bcfd8d9267177c18c2bffdbc498ecc6a00d8007e70109a87f18a
Sha512 e736bbd14a5db1b2d541bcfd71bd66858c8a71da3790f903b4ad43aaf4be61a4406051cb6b389b1c20519e1df46e83c13f1ce54fa8e3bd5ecd982a53e9afbec9
SSDeep 24576:s5uYyQO8hVDs/5IdhtQFujoh6m6vBsZZ5PXQBJOKdkjnoor0PfSIgZlHVvtRJQOh:gno8haujVsPAB8KY2+Bz+2
TLSH 9FA58E46B3A501F8D477C078CD466217FA72B4041774ABEB55A08A6A2F33FE13ABE315
PeID
MASM/TASM - sig4 (h)Microsoft Visual C++ 8.0 (DLL)Microsoft Visual C++ v6.0 DLL
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
CAFFEE_CONFIG
ID:007B
ID:0
RT_MANIFEST
ID:0001
ID:1033
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: t$di
URLs in VB Code - #1 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #2 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #3 URIsuspect
https:huhuhuhuhuhuhu
URLs in VB Code - #4 URIsuspect
https:huhuhuhuhuhuhuhuhuhuhu
URLs in VB Code - #5 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
URLs in VB Code - #6 URIsuspect
http:/huhuhuhuhuhuhuhuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙