Suspect
21bb82d90bb1999322f0a8ce339c04c7
PE Executable | MD5: 21bb82d90bb1999322f0a8ce339c04c7 | Size: 73.73 KB | application/x-dosexec
PE Executable
MD5: 21bb82d90bb1999322f0a8ce339c04c7
Size: 73.73 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 21bb82d90bb1999322f0a8ce339c04c7
|
| Sha1 | d58f998137e27302ff6507127e73d2a596db32be
|
| Sha256 | fceab88e7ebbf3e22350818c11ec7c26afaa97eec27418cdaa193c5551ccebf5
|
| Sha384 | 6c9341559b2c432cdc53d45034cd6dc6690523941fc24558b0f26968b5778270c2fd49b22ed73a85ffa69cad8035d4cf
|
| Sha512 | 108866e529582c95bd7e42fc2e6c55755bb42d2bdd2123eb64bd87af6df28bdc808e4e1058ff590706cfb535a8013998ca402cb7c919e5008c756f045dabc31c
|
| SSDeep | 768:GTAt3k9DQxML+cGCAqOqX4O2eRXtKdUD1GZqLagc4MwqfGl:GTA+DQaPGCxV2eaqLSIqfU
|
| TLSH | 6373184573FD071FE6AF07B86920611203B5F6B0AE03EB9E1E44B1DF1816BD98942B67
|
PeID
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
File Structure
21bb82d90bb1999322f0a8ce339c04c7
[Authenticode]_99cb3820.p7b
Overlay_dd24e916.bin
[Rebuild from dump]_2032ec82.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
.Net Resources
System.IO.Compression.Messages.resources
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Authenticode present at 0xB800 size 25472 bytes |
| Info | Overlay extracted: Overlay_dd24e916.bin (1152 bytes) |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_2032ec82.exe |
| Info | PDB Path: System.IO.Compression.pdb |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
21bb82d90bb1999322f0a8ce339c04c7 (73.73 KB)
File Structure
21bb82d90bb1999322f0a8ce339c04c7
[Authenticode]_99cb3820.p7b
Overlay_dd24e916.bin
[Rebuild from dump]_2032ec82.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
.Net Resources
System.IO.Compression.Messages.resources
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
21bb82d90bb1999322f0a8ce339c04c7 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.