Suspicious
Suspect

11b242a19eb8cfc88922b3fe7e6fd047

MS Office Document
|
MD5: 11b242a19eb8cfc88922b3fe7e6fd047
|
Size: 8.6 MB
|
application/vnd.ms-office

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
11b242a19eb8cfc88922b3fe7e6fd047
Sha1
9b38f307529703bba896848c7f0b43f2922f8a08
Sha256
6d0aec10cf309fac28f1e180a1f19e371db95ac9b4fcf294d3f7a2208119589d
Sha384
3910742d8b847b3032a31a21672e8bee2d431682a8b86e1b78bf86195c5b4a38ab5bd744b9bfe3f21450d20c39ef2234
Sha512
3fde8661085cbeeb40dddd06b5e457641c8ad165c1bd3a608c1f318b47cdf571f5a56afddad21993fa9b61b8d6bf4a5fe5c86942f6366421a935081167637bf5
SSDeep
196608:NW/FpmnGYLnWgziirlb4/ieF3GrAfedpvCs3md8r:UpqGYLpZreF3G82yc6
TLSH
6D862318FBE009AEE5778276C56A8520EA327C8D3720C54F47A4B6295F3B7A075BF701
File Structure
11b242a19eb8cfc88922b3fe7e6fd047
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䈛㵪䆲䗤䕲
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀䓊㼳䄨䆵䠫
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䘌䗶䐲䆊䌷䑲
䡀䈜䙵䆬㬨䑲䕷䏲
䡀䈜䙵䆬㲨䖱䄷䏯
䡀䄕䑸䋦䒌䇱䗬䒬䠱
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䌋䄱䜵䀾䛬㾄䌷㬯䟊㦡䠄
[Authenticode]_f9ab9279.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵㪾䈷䄵㪾䈪䗱㶾䌶㬾䠤
Overlay_70d173e0.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_114ee7b6.p7b
CustomAction.config
DigitalSignature
SummaryInformation
MsiDigitalSignatureEx
Atera.Agent.Installer.Msi.Ca.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Atera.Agent.Installer.Msi.Ca.Properties.Resources.resources
icon
icon-preview.png
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_83e5e138.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixToolset.Dtf.WindowsInstaller.Errors.resources
CustomAction.config
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
11b242a19eb8cfc88922b3fe7e6fd047 (8.6 MB)
File Structure
11b242a19eb8cfc88922b3fe7e6fd047
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䈛㵪䆲䗤䕲
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀䓊㼳䄨䆵䠫
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䘌䗶䐲䆊䌷䑲
䡀䈜䙵䆬㬨䑲䕷䏲
䡀䈜䙵䆬㲨䖱䄷䏯
䡀䄕䑸䋦䒌䇱䗬䒬䠱
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䌋䄱䜵䀾䛬㾄䌷㬯䟊㦡䠄
[Authenticode]_f9ab9279.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵㪾䈷䄵㪾䈪䗱㶾䌶㬾䠤
Overlay_70d173e0.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_114ee7b6.p7b
CustomAction.config
DigitalSignature
SummaryInformation
MsiDigitalSignatureEx
Atera.Agent.Installer.Msi.Ca.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Atera.Agent.Installer.Msi.Ca.Properties.Resources.resources
icon
icon-preview.png
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_83e5e138.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixToolset.Dtf.WindowsInstaller.Errors.resources
CustomAction.config
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PE Layout

MemoryMapped (process dump suspected)

11b242a19eb8cfc88922b3fe7e6fd047 > Root Entry > 䌋䄱䜵㪾䈷䄵㪾䈪䗱㶾䌶㬾䠤 > WixToolset.Dtf.WindowsInstaller.dll
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙