Suspicious
Suspect

174662a54e7bce9ee10214c22260edb5

PE Executable
|
MD5: 174662a54e7bce9ee10214c22260edb5
|
Size: 3.32 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
174662a54e7bce9ee10214c22260edb5
Sha1
1dcd7ec7d67db97efbe27a67e2b4781115c66bf7
Sha256
4f163bfa3869ae475b639f1c2caf40828331ca2e6c4a8b30750e5f4a0c164c10
Sha384
4dc294a347f43f120b7afe608c7af64098ae030f37b6b37f0c64bc650e17bf7ef58591cbc59a66b0c32c7109cd41ee51
Sha512
ee7861281f5a8533b7d14dbafeb202fb25ab3ba2f2e18f9bd26e5f251399e7fa37e8fe8cbf48bee3977fc304b95e60e95f31807b5bf1179dc8c28f417b86762d
SSDeep
49152:kQQUzNq6bzxD3lCkytV04rPF1r93KRPec:k+Tp35ytV0mkPec
TLSH
19F5D2467AA0C8B6D057D335CCB792413675B8B5872333C3D9576278EABEAE81B39700

PeID

HQR data file
Microsoft Visual C++ v6.0 DLL
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
File Structure
174662a54e7bce9ee10214c22260edb5
[Authenticode]_c27f767a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
.rsrc
4
19
31
45
57
70
81
92
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
ID:000D
ID:0
ID:000E
ID:0
ID:000F
ID:0
ID:0-preview.png
RT_DIALOG
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006D
ID:1033
ID:006F
ID:1033
RT_GROUP_CURSOR4
ID:0067
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x328FE1 size 10304 bytes
Artefacts
Name
 Value
URLs in VB Code - #1

http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
URLs in VB Code - #2

http://cevcsca2021.ocsp-certum.com07
URLs in VB Code - #3

http://repository.certum.pl/cevcsca2021.cer0
URLs in VB Code - #4

https://www.certum.pl/CPS0
URLs in VB Code - #5

http://crl.certum.pl/ctnca2.crl0l
URLs in VB Code - #6

http://subca.ocsp-certum.com02
URLs in VB Code - #7

http://repository.certum.pl/ctnca2.cer09
URLs in VB Code - #8

http://www.certum.pl/CPS0
URLs in VB Code - #9

http://ocsp.digicert.com0
URLs in VB Code - #10

http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_
URLs in VB Code - #11

http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0
URLs in VB Code - #12

http://ocsp.digicert.com0A
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #15

http://ocsp.digicert.com0C
URLs in VB Code - #16

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #17

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
174662a54e7bce9ee10214c22260edb5 (3.32 MB)
File Structure
174662a54e7bce9ee10214c22260edb5
[Authenticode]_c27f767a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
.rsrc
4
19
31
45
57
70
81
92
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
ID:000D
ID:0
ID:000E
ID:0
ID:000F
ID:0
ID:0-preview.png
RT_DIALOG
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006D
ID:1033
ID:006F
ID:1033
RT_GROUP_CURSOR4
ID:0067
ID:0
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #2

http://cevcsca2021.ocsp-certum.com07

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #3

http://repository.certum.pl/cevcsca2021.cer0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #4

https://www.certum.pl/CPS0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #5

http://crl.certum.pl/ctnca2.crl0l

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #6

http://subca.ocsp-certum.com02

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #7

http://repository.certum.pl/ctnca2.cer09

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #8

http://www.certum.pl/CPS0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #9

http://ocsp.digicert.com0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #10

http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #11

http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #12

http://ocsp.digicert.com0A

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #15

http://ocsp.digicert.com0C

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #16

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E

174662a54e7bce9ee10214c22260edb5
URLs in VB Code - #17

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

174662a54e7bce9ee10214c22260edb5
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙