Suspicious
Suspect

1941b9e679eabffa2f03da240d46038d

PE Executable
|
MD5: 1941b9e679eabffa2f03da240d46038d
|
Size: 6.67 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1941b9e679eabffa2f03da240d46038d
Sha1
c808fd3c9a6eeb374f846b45aee5726459ba61b7
Sha256
987ff4122f40a0a62643db804406d2fa0329f84710f4580da0fa714b5479dd6a
Sha384
74564897ca70696106ab2f174c9d5993ad1d3c4dbd80ab76eb7b3bfd5bba32ca49a71ee62f1e0278be1d185590e4a36d
Sha512
ddef6453a7d58da6fca36164408ad6f701f2b78389951e20ef6929510feb619f8ed67e64903c3254563a1b4d062b3ffc9edcbf2aa24589e38ace62cbe8e62336
SSDeep
98304:eidpBsmVztpaHiM0u3PSDJvPErEMbCramTTM30hMUjnJd1M:vaHi4PSlvPYC+m9MUjnN
TLSH
0966E027B3A947D8D057903885979757D331B804232593CB32CD1A5A6FA3BE03E7E39A

PeID

MASM/TASM - sig4 (h)
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
UPolyX 0.3 -> delikon
File Structure
1941b9e679eabffa2f03da240d46038d
[Rebuild from dump]_8aa36980.exe
1941b9e679eabffa2f03da240d46038d
0x0001BAE9.svg
0x0001BAE9.svg-preview.jpg
0x0001D34D.svg
0x0001D34D.svg-preview.jpg
0x0001D5F3.svg
0x0001D5F3.svg-preview.jpg
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_8aa36980.exe
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
1941b9e679eabffa2f03da240d46038d (6.67 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙