Malicious
132b57e88f355e4eb3c63d6d51cf6049
PE Executable | MD5: 132b57e88f355e4eb3c63d6d51cf6049 | Size: 1.16 MB | application/x-dosexec
PE Executable
MD5: 132b57e88f355e4eb3c63d6d51cf6049
Size: 1.16 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 132b57e88f355e4eb3c63d6d51cf6049
|
| Sha1 | cb23edc37c59055b4e772f5ab3934d7d162c31f8
|
| Sha256 | 2feb8c5a7c576a92dae677c3b83246883e43f946665f4d923250938b203b16fc
|
| Sha384 | 2a22e834f0e55940024beb873bc617d478102aa39cf829de786d9e3507bcb44beb348104122a733ff91b0942da6e59c5
|
| Sha512 | 4d4b399a385efcb2ad8c4b118973f5bf2a373367322fbb45c7d9ed2fad081ffa7865d738de308b883d438badb7c906f1dc2111fdcced60143b29262da05a5062
|
| SSDeep | 24576:u2G/nvxW3WieCMuZrU2dtjxauXUmI7pSZ:ubA3jMuZAEaTJM
|
| TLSH | 324549027E44CE11F0195633C2EF450847B4AE542AB6E71B7EBA376E56223937C1DACB
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
132b57e88f355e4eb3c63d6d51cf6049
Malicious
Overlay_d876ff58.bin
Malicious
P6S9pfvpvBv3GFAdO0.bat
hyperSessionhost.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
WKwhPiGA0LTnugbgiC.s3TXb3iiVUsa70w8Oq
UvuJfSjal63DgjYTWj.DH5YhB7COJrByyh1Zp
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
132b57e88f355e4eb3c63d6d51cf6049.decoded.vbs
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_d876ff58.bin (848035 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
132b57e88f355e4eb3c63d6d51cf6049 (1.16 MB)
File Structure
132b57e88f355e4eb3c63d6d51cf6049
Malicious
Overlay_d876ff58.bin
Malicious
P6S9pfvpvBv3GFAdO0.bat
hyperSessionhost.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
WKwhPiGA0LTnugbgiC.s3TXb3iiVUsa70w8Oq
UvuJfSjal63DgjYTWj.DH5YhB7COJrByyh1Zp
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
132b57e88f355e4eb3c63d6d51cf6049.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.