Suspicious
Suspect

11b242a19eb8cfc88922b3fe7e6fd047

MS Office Document
|
MD5: 11b242a19eb8cfc88922b3fe7e6fd047
|
Size: 8.6 MB
|
application/vnd.ms-office

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
11b242a19eb8cfc88922b3fe7e6fd047
Sha1
9b38f307529703bba896848c7f0b43f2922f8a08
Sha256
6d0aec10cf309fac28f1e180a1f19e371db95ac9b4fcf294d3f7a2208119589d
Sha384
3910742d8b847b3032a31a21672e8bee2d431682a8b86e1b78bf86195c5b4a38ab5bd744b9bfe3f21450d20c39ef2234
Sha512
3fde8661085cbeeb40dddd06b5e457641c8ad165c1bd3a608c1f318b47cdf571f5a56afddad21993fa9b61b8d6bf4a5fe5c86942f6366421a935081167637bf5
SSDeep
196608:NW/FpmnGYLnWgziirlb4/ieF3GrAfedpvCs3md8r:UpqGYLpZreF3G82yc6
TLSH
6D862318FBE009AEE5778276C56A8520EA327C8D3720C54F47A4B6295F3B7A075BF701
File Structure
11b242a19eb8cfc88922b3fe7e6fd047
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䈛㵪䆲䗤䕲
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀䓊㼳䄨䆵䠫
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䘌䗶䐲䆊䌷䑲
䡀䈜䙵䆬㬨䑲䕷䏲
䡀䈜䙵䆬㲨䖱䄷䏯
䡀䄕䑸䋦䒌䇱䗬䒬䠱
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䌋䄱䜵䀾䛬㾄䌷㬯䟊㦡䠄
[Authenticode]_f9ab9279.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵㪾䈷䄵㪾䈪䗱㶾䌶㬾䠤
Overlay_70d173e0.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_114ee7b6.p7b
CustomAction.config
DigitalSignature
SummaryInformation
MsiDigitalSignatureEx
Atera.Agent.Installer.Msi.Ca.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Atera.Agent.Installer.Msi.Ca.Properties.Resources.resources
icon
icon-preview.png
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_83e5e138.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixToolset.Dtf.WindowsInstaller.Errors.resources
CustomAction.config
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
11b242a19eb8cfc88922b3fe7e6fd047 (8.6 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙