General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 1ea188346101b757259c39e80a6590fa
|
| Sha1 | 4bf536a290963e299ce6b699e63a2d10781fb154
|
| Sha256 | bee6b54ab1e1302a7c9e48d41fb233e3d6f2ab0c421254eedb19a0101cf3b1fc
|
| Sha384 | d55f91ae671ffc14321a1108fc7b98ddf3fe6297f9c7d09c488c0afde64588e32f61c25ce5ce7649915e3e6d85e9afc9
|
| Sha512 | eabbb99eeb14f272b3522d9c4cd354f7a142b5b3689efa8c9b48d0c5d0e97c23c03415afd73fbc22efcc755d3e3c410edc667ec8ca42de3fd8bfb5784ce001de
|
| SSDeep | 49152:oYT17pq/X+p1y+kGd7mpHg0KB4O8b8ITDnl1ZkaE:zTtpZjy+77OS
|
| TLSH | BCE5E61266C8C1EBD1652170CC59BBF940646C78CB628DF7BE447E16BA307D29933A3E
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ v6.0 DLL
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
File Structure
1ea188346101b757259c39e80a6590fa
Malicious
[Authenticode]_0b00b3f4.p7b
Overlay_b04071df.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0079
ID:1033
ID:1033-preview.png
ID:007A
ID:1033
ID:1033-preview.png
TYPELIB
ID:0001
ID:16393
RT_BITMAP
ID:0074
ID:16393
ID:0075
ID:16393
ID:0076
ID:16393
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
RT_DIALOG
ID:0065
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:006D
ID:1033
ID:0071
ID:1033
ID:0078
ID:1033
ID:007D
ID:1033
RT_STRING
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0008
ID:1033
ID:0041
ID:1033
ID:0042
ID:1033
RT_RCDATA
ID:0000
ID:1033
RT_MESSAGETABLE
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
ID:0002
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
RT_DLGINIT
ID:0071
ID:1033
[Rebuild from dump]_3857cba8.exe
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Overlay extracted: Overlay_c95a7c1b.bin (2706680 bytes) |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_3857cba8.exe |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
| PE Layout | MemoryMapped (process dump suspected) |
1ea188346101b757259c39e80a6590fa (3.09 MB)
File Structure
1ea188346101b757259c39e80a6590fa
Malicious
[Authenticode]_0b00b3f4.p7b
Overlay_b04071df.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0079
ID:1033
ID:1033-preview.png
ID:007A
ID:1033
ID:1033-preview.png
TYPELIB
ID:0001
ID:16393
RT_BITMAP
ID:0074
ID:16393
ID:0075
ID:16393
ID:0076
ID:16393
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
RT_DIALOG
ID:0065
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:006D
ID:1033
ID:0071
ID:1033
ID:0078
ID:1033
ID:007D
ID:1033
RT_STRING
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0008
ID:1033
ID:0041
ID:1033
ID:0042
ID:1033
RT_RCDATA
ID:0000
ID:1033
RT_MESSAGETABLE
ID:0001
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
ID:0002
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
RT_DLGINIT
ID:0071
ID:1033
[Rebuild from dump]_3857cba8.exe
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
1ea188346101b757259c39e80a6590fa |
| PE Layout | MemoryMapped (process dump suspected) |
1ea188346101b757259c39e80a6590fa > [Rebuild from dump]_3857cba8.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.