Suspicious
Suspect

2574a32f22889ce0e24130ee1fe4d50e

PE Executable
|
MD5: 2574a32f22889ce0e24130ee1fe4d50e
|
Size: 8.34 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2574a32f22889ce0e24130ee1fe4d50e
Sha1
018a3bc48106dab4f394ee935b932baf4712e1e2
Sha256
49266c0bda5eb49dd33989b14e7b5b30d68db79ca7bd752afd5eac19a6b2287d
Sha384
6f5a5bfe5276109c2df6b8bca98e1dc399dcd69f693969f6e81dd9a72b8f1901cd87ad5892557570dffc3c4a7a9de46c
Sha512
72ae44d3a29492511d8009a3d0cc922f2436acd63954338d631e25af9553d4ed5169ab3b670db2e4e41b9a4f0d9991fb56a34203a3a451a4dd1d98c702a91c0c
SSDeep
98304:2psc6NecVTBIRv81y48z1WRHDFLDYqXf/WNbJKpvQwnGJPEbDkWt2jI:2akp1yH3f/oJKJnGJMbIWt2jI
TLSH
F4864941FEC751F1E90318724197B26F63345E058B29DBE7EB487F2AF93B6921836209

PeID

HQR data file
Microsoft Visual C++ v6.0 DLL
PeStubOEP v1.x
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
UPolyX 0.3 -> delikon
UPolyx 0.4 -> delikon
File Structure
2574a32f22889ce0e24130ee1fe4d50e
Overlay_dd8a3f06.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.rdata
.eh_fram
.bss
.edata
.idata
.tls
.reloc
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_dd8a3f06.bin (6144 bytes)
Artefacts
Name
 Value
URLs in VB Code - #1

http://upgradechunkedCreatedIM
URLs in VB Code - #2

http://example.comBaidu
URLs in VB Code - #3

https://api.telegram.org/file/bot%s/%s
URLs in VB Code - #4

https://api.telegram.org/bot%s/sendMessage
URLs in VB Code - #5

https://api.telegram.org/bot%s/sendDocumentsql
URLs in VB Code - #6

https://api.telegram.org/bot%s/getFile?file_id=%sProvides
URLs in VB Code - #7

https://api.telegram.org/bot%s/getUpdates?offset=%dJSON
URLs in VB Code - #8

https://api.telegram.org/bot%s/getUpdates?offset=-1&limit=50invalid
URLs in VB Code - #9

https://api.telegram.org/bot%s/getUpdates?offset=-1&limit=1&timeout=30bytes.Buffer
URLs in VB Code - #10

https://go.dev/issue/66821
URLs in VB Code - #11

https://go.dev/pkg/crypto/rsa#hdr-Minimum_key_size
URLs in VB Code - #12

http://schemas.microsoft.com/windows/2004/02/mit/task
2574a32f22889ce0e24130ee1fe4d50e (8.34 MB)
File Structure
2574a32f22889ce0e24130ee1fe4d50e
Overlay_dd8a3f06.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.rdata
.eh_fram
.bss
.edata
.idata
.tls
.reloc
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://upgradechunkedCreatedIM

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #2

http://example.comBaidu

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #3

https://api.telegram.org/file/bot%s/%s

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #4

https://api.telegram.org/bot%s/sendMessage

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #5

https://api.telegram.org/bot%s/sendDocumentsql

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #6

https://api.telegram.org/bot%s/getFile?file_id=%sProvides

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #7

https://api.telegram.org/bot%s/getUpdates?offset=%dJSON

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #8

https://api.telegram.org/bot%s/getUpdates?offset=-1&limit=50invalid

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #9

https://api.telegram.org/bot%s/getUpdates?offset=-1&limit=1&timeout=30bytes.Buffer

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #10

https://go.dev/issue/66821

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #11

https://go.dev/pkg/crypto/rsa#hdr-Minimum_key_size

2574a32f22889ce0e24130ee1fe4d50e
URLs in VB Code - #12

http://schemas.microsoft.com/windows/2004/02/mit/task

2574a32f22889ce0e24130ee1fe4d50e
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙