Malicious
Malicious

2c38d87650929640b2f04d813e1e6224

PE Executable
|
MD5: 2c38d87650929640b2f04d813e1e6224
|
Size: 536.72 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
2c38d87650929640b2f04d813e1e6224
Sha1
79d60d51ec47c32fef7c69746b91cbe2c914f85f
Sha256
fbd439ccc92eb7001421e0cd50efaffa599cc4d3856e65799e51ed64a93bdf1f
Sha384
7d36d69c1760a718fe4a8ca8284bf60c776fab54c84f5de3447de16a55d7643a898f7c7cd8717b61efc3024d40409357
Sha512
b4a065e72f263c21a43a70a7bab8f8cd5df2b04e6d8caa031dfc6ecd9019cc69b02d76f81d5c611d38fd6755900adf6999e1e36ad6d9f95cb65bf4a90d222dd3
SSDeep
12288:SjPkKh6c5bCYaF824EMQ+hCZIqfBACYccvvm:okKh5OYceEMQ+h0qvvm
TLSH
76B49E88F293726DC783453067BA6B7E9FF639258325CD83E697C788196B5C38933901

PeID

Microsoft Visual C++ v6.0 DLL
File Structure
2c38d87650929640b2f04d813e1e6224
Malicious
Overlay_3c1df609.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_3c1df609.bin (11411 bytes)
Module Name

TessaTessaWilliam.lnkozbw
Full Name

TessaTessaWilliam.lnkozbw
EntryPoint

System.Void ‭‎​‫‫‏‫‏‬‬‏‪‭‍‪‎‫​‏‮‫‏‮/‭‏‮‎‏‍‬‎‍‎‫​‬‬‮‫​‮‭‍‏‍‬‎‏‮::‪‪​​‌‬‏‎‍‍​‪​‬‫‏​​‏‬‬‭‏‬‮()
Scope Name

TessaTessaWilliam.lnkozbw
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

TessaTessaWilliam
Assembly Version

9.0.4.6
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

35
Main Method

System.Void ‭‎​‫‫‏‫‏‬‬‏‪‭‍‪‎‫​‏‮‫‏‮/‭‏‮‎‏‍‬‎‍‎‫​‬‬‮‫​‮‭‍‏‍‬‎‏‮::‪‪​​‌‬‏‎‍‍​‪​‬‫‏​​‏‬‬‭‏‬‮()
Main IL Instruction Count

4
Main IL

nop <null> call System.Void ‎‭‬‮‌‎‭‫‮‍‫‌‏‍‪‏‮‎​‎‍​​‌‮::‏‏‮‌‫‪‮‌‌​‌‭‪‭‪‌‬‭‪‏​‎‍‏‪‮() nop <null> ret <null>
Artefacts
Name
 Value
LummaEncrypted@00015976 [dddddddd]

LummaEncrypted@0001B4AB [9876543210]

?
LummaEncrypted@0001B62B [9876543210]

?
LummaEncrypted@00064052 [0123456789abcdef]

????
LummaEncrypted@00064065 [0123456789ABCDEF]

????
LummaEncrypted@0006407A [00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899]

 $$$$((22226666::@@@@DDDDHHRRRRVVVVZZ````ddddhhrrrrvvvvzz????????????????????
LummaEncrypted@000656CC [00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899]

 $$$$((22226666::@@@@DDDDHHRRRRVVVVZZ````ddddhhrrrrvvvvzz????????????????????
LummaEncrypted@00065795 [000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF]

  $$$$((((,,,,000044448888<<<<@@@@DDDDHHHHLLLLPPPPTTTTXXXX\\\\````ddddhhhhllllppppttttxxxx||||????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
LummaEncrypted@00065A38 [c8a131f8922d]

Z?
LummaEncrypted@00065EEA [0123456789ABCDEF]

????
LummaEncrypted@00065F12 [b9abc76ce53b6fc3a03566f8f764f5ea]

\??????N?2?
LummaEncrypted@00070370 [55555555]

LummaEncrypted@0007BA28 [F7C6B63E2E47C088B97B4366DC5B68C37CA992C18646FD5BA3F8BDF29734427C]

??v?N??X+????o$?q?KeT> ?`??B
LummaEncrypted@0007F4B8 [94bb7b44]

LummaEncrypted@0007F4D0 [8dd1a5ab2dd4]

?
2c38d87650929640b2f04d813e1e6224 (536.72 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙