Suspect
AppSuite-PDF
MS Office Document | MD5: 213eca72f00563fa2ed788a1212c67e0 | Size: 2.88 MB | application/vnd.ms-office
MS Office Document
MD5: 213eca72f00563fa2ed788a1212c67e0
Size: 2.88 MB
application/vnd.ms-office
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 213eca72f00563fa2ed788a1212c67e0
|
| Sha1 | 1b77beedb0b99bf5430c1a18315302399d07812c
|
| Sha256 | fde67ba523b2c1e517d679ad4eaf87925c6bbf2f171b9212462dc9a855faa34b
|
| Sha384 | 06216918136601516f4dd0a40e0d097f9e1de6dd0da6594ab3b9e0c5d51e4d43f0e9c1156fa823718231350eb0564db4
|
| Sha512 | 049c59fda2f697feb2116677f16a54953b1153c46790e6623e45e97b294faac055d1a8b99e02df9f35608793e60a34cf5099d426711ebf23e7d1e43445e5ff7e
|
| SSDeep | 49152:8QX5s24KYZZohn+uPDS9SwabQXgmI+5Q+mKEG5wkY9DCewwSPL3nlBb7/7Sej8A:8QGndG0u7S+bQ2pswkY9DfwwSP
|
| TLSH | DFD50107BDC04536E5AB2D301D3547654B2EBD200B3485EBBA84356ACEF1AC1CE76BE6
|
File Structure
AppSuite-PDF
Root Entry
䡀䌏䈯
䡀㲞䈝䗻
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀䌍䏤䊲
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䋌䆨㫮䛲
䡀䒌䗱䒵䠯
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䈝䗻䗜䏼䠨
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䄛䌧㫲䗸䒷䠱
䡀䒌䗱䒵㮯䈹䗱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䙎䑨㶷䓤䌳䊱
㭙㢏㮀䌧䒷䞵䄦䠥
Program.cs_4056852896
䡀䖖㮬䅰䇨䈧㾧䠒
[Authenticode]_24e7d985.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䒌䗱䒵㬯䑲䌧䌷䑲
䌋䄱䜵䀾䛬㲞㫿䓰㷿䚨
䌋䄱䜵䀾䛬㲞㫿䓰㾿䠳
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䌋䄱䜵䀾䛬㲞㲿䒦㲿䉱䠲
䌋䄱䜵䀾䛬䋜䕤䟳㲞䈝䗻
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䌋䄱䜵䀾䛬㲞㫿䓰㫿䑤䈱䠵
䌋䄱䜵䀾䛬㲞㫿䓰㭿䄬䒯䠪
䌋䄱䜵䀾䛬㲞㲿䒦㮿䆻䄯䠰
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䄋䑱䕨
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䄋䑱䕨-preview.png
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䌍䏤䊲
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䌍䏤䊲-preview.png
䌋䄱䜵䀾䛬䋜䕤䟳䌕䈦䆱㯨䏬䠨
DigitalSignature
SummaryInformation
䖖㮬䅰䇨䈧㾧䞒䌠㼻䄫䓵㮿䅰䇨䈧㾧䟒䖊䠰
Overlay_97198cb9.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
ID:1033
䌋䄱䜵䀾䛬䋜䕤䟳䑒䗬䘛䗱䐬䟨䆊䌷䑲㯿䏬䠨
Overlay_52276732.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_114ee7b6.p7b
MsiDigitalSignatureEx
WixSharp.UI.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
WixSharp.UI.ManagedUI.Resources.resources
WixSharpUI_Bmp_Banner
[NBF]root.Data
WixSharpUI_Bmp_Dialog
[NBF]root.Data
WixUI_en_us
wixui_zip
WixUI_Advanced.wxs
WixUI_ar-SA.wxl
WixUI_bg-BG.wxl
WixUI_ca-ES.wxl
WixUI_cs-CZ.wxl
WixUI_da-DK.wxl
WixUI_de-de.wxl
WixUI_el-GR.wxl
WixUI_es-es.wxl
WixUI_et-EE.wxl
WixUI_FeatureTree.wxs
WixUI_fi-FI.wxl
WixUI_fr-fr.wxl
WixUI_he-IL.wxl
WixUI_hi-IN.wxl
WixUI_hr-HR.wxl
WixUI_hu-HU.wxl
WixUI_InstallDir.wxs
WixUI_it-it.wxl
WixUI_ja-jp.wxl
WixUI_kk-KZ.wxl
WixUI_ko-KR.wxl
WixUI_lt-LT.wxl
WixUI_lv-LV.wxl
WixUI_Minimal.wxs
WixUI_Mondo.wxs
WixUI_nb-NO.wxl
WixUI_nl-NL.wxl
WixUI_pl-pl.wxl
WixUI_pt-BR.wxl
WixUI_pt-PT.wxl
WixUI_ro-RO.wxl
WixUI_ru-ru.wxl
WixUI_sk-SK.wxl
WixUI_sl-SI.wxl
WixUI_sr-Latn-CS.wxl
WixUI_sv-SE.wxl
WixUI_th-TH.wxl
WixUI_tr-TR.wxl
WixUI_uk-UA.wxl
WixUI_zh-CN.wxl
WixUI_zh-HK.wxl
WixUI_zh-TW.wxl
EmbeddedUI.config
S3.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
S3.g.resources
WixSharp.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
WixSharp.Nsis.macros.nsh
WixSharp.Bootstrapper.runtime.win_x86.mbanative.dll
[Authenticode]_4888d895.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
WixSharp.UI.WPF.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixSharp.UI.WPF.g.resources
WixSharp.UI.WPF.Properties.Resources.resources
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_19ac9cc9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixToolset.Dtf.WindowsInstaller.Errors.resources
WixToolset.Mba.Core.dll
[Authenticode]_695e8be8.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Program.cs_4056852896
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
AppSuite-PDF (2.88 MB)
File Structure
AppSuite-PDF
Root Entry
䡀䌏䈯
䡀㲞䈝䗻
䡀䈖䌧䠤
䡀䌋䄱䜵
䡀䌍䏤䊲
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䋌䆨㫮䛲
䡀䒌䗱䒵䠯
䡀䓞䕪䇤䠨
䡀䕙䓲䕨䜷
䡀䈝䗻䗜䏼䠨
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䄛䌧㫲䗸䒷䠱
䡀䒌䗱䒵㮯䈹䗱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䙎䑨㶷䓤䌳䊱
㭙㢏㮀䌧䒷䞵䄦䠥
Program.cs_4056852896
䡀䖖㮬䅰䇨䈧㾧䠒
[Authenticode]_24e7d985.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䒌䗱䒵㬯䑲䌧䌷䑲
䌋䄱䜵䀾䛬㲞㫿䓰㷿䚨
䌋䄱䜵䀾䛬㲞㫿䓰㾿䠳
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䌋䄱䜵䀾䛬㲞㲿䒦㲿䉱䠲
䌋䄱䜵䀾䛬䋜䕤䟳㲞䈝䗻
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䌋䄱䜵䀾䛬㲞㫿䓰㫿䑤䈱䠵
䌋䄱䜵䀾䛬㲞㫿䓰㭿䄬䒯䠪
䌋䄱䜵䀾䛬㲞㲿䒦㮿䆻䄯䠰
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䄋䑱䕨
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䄋䑱䕨-preview.png
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䌍䏤䊲
䌋䄱䜵䀾䛬䋜䕤㾳䟒䐋䟳䌍䏤䊲-preview.png
䌋䄱䜵䀾䛬䋜䕤䟳䌕䈦䆱㯨䏬䠨
DigitalSignature
SummaryInformation
䖖㮬䅰䇨䈧㾧䞒䌠㼻䄫䓵㮿䅰䇨䈧㾧䟒䖊䠰
Overlay_97198cb9.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
ID:1033
䌋䄱䜵䀾䛬䋜䕤䟳䑒䗬䘛䗱䐬䟨䆊䌷䑲㯿䏬䠨
Overlay_52276732.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_114ee7b6.p7b
MsiDigitalSignatureEx
WixSharp.UI.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
WixSharp.UI.ManagedUI.Resources.resources
WixSharpUI_Bmp_Banner
[NBF]root.Data
WixSharpUI_Bmp_Dialog
[NBF]root.Data
WixUI_en_us
wixui_zip
WixUI_Advanced.wxs
WixUI_ar-SA.wxl
WixUI_bg-BG.wxl
WixUI_ca-ES.wxl
WixUI_cs-CZ.wxl
WixUI_da-DK.wxl
WixUI_de-de.wxl
WixUI_el-GR.wxl
WixUI_es-es.wxl
WixUI_et-EE.wxl
WixUI_FeatureTree.wxs
WixUI_fi-FI.wxl
WixUI_fr-fr.wxl
WixUI_he-IL.wxl
WixUI_hi-IN.wxl
WixUI_hr-HR.wxl
WixUI_hu-HU.wxl
WixUI_InstallDir.wxs
WixUI_it-it.wxl
WixUI_ja-jp.wxl
WixUI_kk-KZ.wxl
WixUI_ko-KR.wxl
WixUI_lt-LT.wxl
WixUI_lv-LV.wxl
WixUI_Minimal.wxs
WixUI_Mondo.wxs
WixUI_nb-NO.wxl
WixUI_nl-NL.wxl
WixUI_pl-pl.wxl
WixUI_pt-BR.wxl
WixUI_pt-PT.wxl
WixUI_ro-RO.wxl
WixUI_ru-ru.wxl
WixUI_sk-SK.wxl
WixUI_sl-SI.wxl
WixUI_sr-Latn-CS.wxl
WixUI_sv-SE.wxl
WixUI_th-TH.wxl
WixUI_tr-TR.wxl
WixUI_uk-UA.wxl
WixUI_zh-CN.wxl
WixUI_zh-HK.wxl
WixUI_zh-TW.wxl
EmbeddedUI.config
S3.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
S3.g.resources
WixSharp.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.Net Resources
WixSharp.Nsis.macros.nsh
WixSharp.Bootstrapper.runtime.win_x86.mbanative.dll
[Authenticode]_4888d895.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
WixSharp.UI.WPF.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixSharp.UI.WPF.g.resources
WixSharp.UI.WPF.Properties.Resources.resources
WixToolset.Dtf.WindowsInstaller.dll
[Authenticode]_19ac9cc9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WixToolset.Dtf.WindowsInstaller.Errors.resources
WixToolset.Mba.Core.dll
[Authenticode]_695e8be8.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Program.cs_4056852896
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
AppSuite-PDF > Root Entry > 䌋䄱䜵䀾䛬䋜䕤䟳䑒䗬䘛䗱䐬䟨䆊䌷䑲㯿䏬䠨 > WixToolset.Dtf.WindowsInstaller.dll |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.