Suspect
271aa7c6af13dfcac68548fe00e6ef0e
PE Executable | MD5: 271aa7c6af13dfcac68548fe00e6ef0e | Size: 4.87 MB | application/x-dosexec
PE Executable
MD5: 271aa7c6af13dfcac68548fe00e6ef0e
Size: 4.87 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 271aa7c6af13dfcac68548fe00e6ef0e
|
| Sha1 | 8d9be8789d0b8475d65b6f05aa070c4d77944af0
|
| Sha256 | 2f994afc548d528e56a029cf4481d56a3459d438b46ec38403a977bc7d70dced
|
| Sha384 | e11852741a997464477cddcc2e83cfb224a43ba6e6fcc5042b823bab4975f80a9a2aacf0b6f0651d14427330c9c4dd7f
|
| Sha512 | 6151352db33b733228e11c4562169f463287cf1003e605f930ce1b4a95ae65c3d5da6471ad18db0f9b9a3b5abaaaaa6b8799a5c6d0780e1a5d3a921b21330d4d
|
| SSDeep | 98304:NBNr8BsAnIFbTtQuOPWzoLKK698kBCJOHhPDUO:NDrgsAUQuOf69tyQpDU
|
| TLSH | F0363303E2F2F034FE759F7008BB2BD3943979445B3542AF225DA9AD14233BDA12975A
|
PeID
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
File Structure
271aa7c6af13dfcac68548fe00e6ef0e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
AVI
ID:0BB9
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_DIALOG
ID:07D1
ID:1033
ID:1049
ID:07D2
ID:1033
ID:1049
ID:07D3
ID:1033
ID:1049
ID:07D4
ID:1033
ID:1049
ID:07D5
ID:1033
ID:1049
ID:07D6
ID:1033
ID:1049
RT_STRING
ID:003F
ID:1033
ID:1049
ID:004C
ID:1033
ID:1049
ID:004D
ID:1033
ID:1049
ID:0050
ID:1033
ID:1049
ID:0053
ID:1033
ID:1049
ID:0055
ID:1033
ID:1049
RT_RCDATA
ID:0000
ID:1033
RT_GROUP_CURSOR4
ID:0BB8
ID:1033
RT_VERSION
ID:0001
ID:1033
ID:1049
RT_MANIFEST
ID:0001
ID:1033
v1A01.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1049
ID:1033
1v92L9.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wQ49u9L1EXyP.pujB0.AtGVP
wQ49u9L1EXyP.nI8GOY.DiozL
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.rsrc
.idata
mufrlyup
mtxebaxr
Resources
RT_MANIFEST
ID:0001
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: wextract.pdb |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
271aa7c6af13dfcac68548fe00e6ef0e (4.87 MB)
File Structure
271aa7c6af13dfcac68548fe00e6ef0e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
AVI
ID:0BB9
ID:1033
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:1033-preview.png
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
RT_DIALOG
ID:07D1
ID:1033
ID:1049
ID:07D2
ID:1033
ID:1049
ID:07D3
ID:1033
ID:1049
ID:07D4
ID:1033
ID:1049
ID:07D5
ID:1033
ID:1049
ID:07D6
ID:1033
ID:1049
RT_STRING
ID:003F
ID:1033
ID:1049
ID:004C
ID:1033
ID:1049
ID:004D
ID:1033
ID:1049
ID:0050
ID:1033
ID:1049
ID:0053
ID:1033
ID:1049
ID:0055
ID:1033
ID:1049
RT_RCDATA
ID:0000
ID:1033
RT_GROUP_CURSOR4
ID:0BB8
ID:1033
RT_VERSION
ID:0001
ID:1033
ID:1049
RT_MANIFEST
ID:0001
ID:1033
v1A01.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1049
ID:1033
1v92L9.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
wQ49u9L1EXyP.pujB0.AtGVP
wQ49u9L1EXyP.nI8GOY.DiozL
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.rsrc
.idata
mufrlyup
mtxebaxr
Resources
RT_MANIFEST
ID:0001
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
271aa7c6af13dfcac68548fe00e6ef0e > Resources > RT_RCDATA > ID:0000 > ID:1049 > 3g38f.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.