Suspicious
Suspect

1b7b5211c9401ba66dca13c42c0d90c5

PE Executable
|
MD5: 1b7b5211c9401ba66dca13c42c0d90c5
|
Size: 3.2 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1b7b5211c9401ba66dca13c42c0d90c5
Sha1
fa91c6430818efac8b4a2e4fe277708d73c8ec8c
Sha256
7ed9fcd12535c4a33f17c29c5f0a0a503f509548b87a535fa7150bd54580bbf7
Sha384
683b2cf1add12768d4ed65ebf05e5554040497d4dacbf050014db2d621e5feab7a4f1f9fe5147b241fba46af91f2a8ad
Sha512
2929c05e46a6f7c57f882954547514ddb12e6d3dc4903ad67cca3856f61dc7141654f1e144f9a2022cea6fdda512f639ddab1226f618a6ae11528dc2642b6370
SSDeep
49152:YLPJKbrPA0EUFQoybb7+y814Vu9/Ch5Y5/NN99TUHVvNYQ3e2oYN7:Y9mmHbb7cSUd5/19C1NYQO2fN7
TLSH
C9E52236DE04B709D43C1B789453016513A7AEC865A38B0EDC9BFF593BFD1874A3262A

PeID

Microsoft Visual C++ v6.0 DLL
RPolyCryptor V1.4.2 -> Vaska
UPolyX 0.3 -> delikon
x64 Themida / Winlicense v3.0.x.0 PACKED sign ASL
File Structure
1b7b5211c9401ba66dca13c42c0d90c5
[Authenticode]_010cb631.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rsrc
.idata
.tls
.themida
.boot
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0-preview.png
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
RT_STRING
ID:0057
ID:1033
ID:005B
ID:1033
ID:0088
ID:1033
ID:00DF
ID:1033
ID:00FF
ID:1033
ID:011B
ID:1033
ID:0127
ID:1033
ID:0161
ID:1033
ID:0186
ID:1033
ID:01B0
ID:1033
ID:01B3
ID:1033
RT_ACCELERATOR
ID:006D
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x30A010 size 11856 bytes
1b7b5211c9401ba66dca13c42c0d90c5 (3.2 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙