Suspicious
Suspect

3dea9315e3a05d2d9b31946c303d9eae

ZIP Archive
|
MD5: 3dea9315e3a05d2d9b31946c303d9eae
|
Size: 13.63 MB
|
application/zip

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
3dea9315e3a05d2d9b31946c303d9eae
Sha1
10af46e905370c53ca6b9638fa8ac0852e376822
Sha256
4f9669712b6cd325eba9e94faf73a7d6ac29cdb724e857f5693aebe542f64b94
Sha384
b4dcef612d7a428453a952fb7a03d82afd24eb22981ccea4c0141fd3dd31fb1b58e1927e12dd6b16b65d198db3618476
Sha512
1e3e2542cab7f6fdee6b2581b22108e91379ec58db86837f7232dc5eace7e5898724b23e27ea8212a2daf1e359ad131316c54ca85f5434a0f243014c341c0947
SSDeep
393216:I0UZBV3NDHKU8C+BG+fd0beJvKie46oOZLyv2pyjEs:3UZB5N/8l0CJpe4aZLyvoyws
TLSH
6AD6330099F3A940323D7EB09C68FB90177A9175DF88BF06EF5956C91B4A7C5ED2CA08
File Structure
3dea9315e3a05d2d9b31946c303d9eae
CAgent32.exe
[Authenticode]_4b1e9673.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Qt5Widgets.dll
[Authenticode]_0c36be11.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Network.dll
[Authenticode]_d1632272.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Gui.dll
[Authenticode]_d11d562d.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Core.dll
[Authenticode]_06f13f62.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
MSVCP140.dll
[Authenticode]_2cb8e2be.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VMProtectSDK64.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
vcruntime140_1.dll
[Authenticode]_132cfd07.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VCRUNTIME140.dll
[Authenticode]_91d55f39.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
session_mon.xml
physics.yaml
Artefacts
Name
 Value
URLs in VB Code - #1

file:///
URLs in VB Code - #2

http://ocsp.thawte.com0
URLs in VB Code - #3

http://crl.thawte.com/ThawteTimestampingCA.crl0
URLs in VB Code - #4

http://t2.symcb.com0
URLs in VB Code - #5

http://t1.symcb.com/ThawtePCA.crl0
URLs in VB Code - #6

http://ts-ocsp.ws.symantec.com07
URLs in VB Code - #7

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
URLs in VB Code - #8

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
URLs in VB Code - #9

http://tl.symcb.com/tl.crl0
URLs in VB Code - #10

https://www.thawte.com/cps0/
URLs in VB Code - #11

https://www.thawte.com/repository0W
URLs in VB Code - #12

http://tl.symcb.com/tl.crt0
3dea9315e3a05d2d9b31946c303d9eae (13.63 MB)
File Structure
3dea9315e3a05d2d9b31946c303d9eae
CAgent32.exe
[Authenticode]_4b1e9673.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Qt5Widgets.dll
[Authenticode]_0c36be11.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Network.dll
[Authenticode]_d1632272.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Gui.dll
[Authenticode]_d11d562d.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Core.dll
[Authenticode]_06f13f62.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
MSVCP140.dll
[Authenticode]_2cb8e2be.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VMProtectSDK64.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
vcruntime140_1.dll
[Authenticode]_132cfd07.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
VCRUNTIME140.dll
[Authenticode]_91d55f39.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
session_mon.xml
physics.yaml
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

file:///

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #2

http://ocsp.thawte.com0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #3

http://crl.thawte.com/ThawteTimestampingCA.crl0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #4

http://t2.symcb.com0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #5

http://t1.symcb.com/ThawtePCA.crl0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #6

http://ts-ocsp.ws.symantec.com07

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #7

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #8

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #9

http://tl.symcb.com/tl.crl0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #10

https://www.thawte.com/cps0/

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #11

https://www.thawte.com/repository0W

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
URLs in VB Code - #12

http://tl.symcb.com/tl.crt0

3dea9315e3a05d2d9b31946c303d9eae > Qt5Widgets.dll
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙