Suspicious
Suspect

1f023326c28945f966a289d621f080e9

ZIP Archive
|
MD5: 1f023326c28945f966a289d621f080e9
|
Size: 13.3 MB
|
application/zip

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1f023326c28945f966a289d621f080e9
Sha1
6d3d2650b0d119fbe25c3d8c822063de80e4cfd3
Sha256
f037a658f8a9340faa41f98f2ea03e91966cacf5ac61ba99c049545373e6f4a4
Sha384
eda0c492adc17a77a5fcc50094f4ce9ad9cde22472b689febcf90a7487eb869a9ceafb647700ee46961c7f6c91e58c53
Sha512
7d94405d15be43cf032fbe81eb86719c5a91a144ea29e48899e791ea0f52d7df904cfa52cb0db2188a9c5506e582fd1f52fde08ab8e83dd92fdda162159ad4a3
SSDeep
393216:T4R6risk+S6gBjXpNq59Da1Rwa2PKCMCsVBp9ISbK:T44rwN6kj/q/D4OaFV9ISG
TLSH
C0D63329D02AAA2653B681B544FAEC7D01537FD14D31F11C816BD19CA21EC9F2EEEB0D
File Structure
1f023326c28945f966a289d621f080e9
myapp
CAgent32.exe
[Authenticode]_4b1e9673.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
MSVCP140.dll
[Authenticode]_2cb8e2be.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
physics.yaml
Qt5Core.dll
[Authenticode]_06f13f62.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Gui.dll
[Authenticode]_d11d562d.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Network.dll
[Authenticode]_d1632272.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Widgets.dll
[Authenticode]_0c36be11.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
session_mon.xml
VCRUNTIME140.dll
[Authenticode]_91d55f39.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
vcruntime140_1.dll
[Authenticode]_132cfd07.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VMProtectSDK64.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
Artefacts
Name
 Value
URLs in VB Code - #1

file:///
URLs in VB Code - #2

http://ocsp.thawte.com0
URLs in VB Code - #3

http://crl.thawte.com/ThawteTimestampingCA.crl0
URLs in VB Code - #4

http://t2.symcb.com0
URLs in VB Code - #5

http://t1.symcb.com/ThawtePCA.crl0
URLs in VB Code - #6

http://ts-ocsp.ws.symantec.com07
URLs in VB Code - #7

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
URLs in VB Code - #8

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
URLs in VB Code - #9

http://tl.symcb.com/tl.crl0
URLs in VB Code - #10

https://www.thawte.com/cps0/
URLs in VB Code - #11

https://www.thawte.com/repository0W
URLs in VB Code - #12

http://tl.symcb.com/tl.crt0
1f023326c28945f966a289d621f080e9 (13.3 MB)
File Structure
1f023326c28945f966a289d621f080e9
myapp
CAgent32.exe
[Authenticode]_4b1e9673.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
MSVCP140.dll
[Authenticode]_2cb8e2be.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
physics.yaml
Qt5Core.dll
[Authenticode]_06f13f62.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Gui.dll
[Authenticode]_d11d562d.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Network.dll
[Authenticode]_d1632272.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Widgets.dll
[Authenticode]_0c36be11.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
session_mon.xml
VCRUNTIME140.dll
[Authenticode]_91d55f39.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
vcruntime140_1.dll
[Authenticode]_132cfd07.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VMProtectSDK64.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

file:///

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #2

http://ocsp.thawte.com0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #3

http://crl.thawte.com/ThawteTimestampingCA.crl0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #4

http://t2.symcb.com0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #5

http://t1.symcb.com/ThawtePCA.crl0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #6

http://ts-ocsp.ws.symantec.com07

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #7

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #8

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #9

http://tl.symcb.com/tl.crl0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #10

https://www.thawte.com/cps0/

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #11

https://www.thawte.com/repository0W

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
URLs in VB Code - #12

http://tl.symcb.com/tl.crt0

1f023326c28945f966a289d621f080e9 > myapp > Qt5Widgets.dll
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙