Malicious
Malicious

45146b7913dac0de49c391733d38e5c8

PE Executable
|
MD5: 45146b7913dac0de49c391733d38e5c8
|
Size: 5.37 MB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
45146b7913dac0de49c391733d38e5c8
Sha1
291b94fabaae1b4d3b562867fc09396aa4236afb
Sha256
c8ca721da8c1cb2ebd0a1a16a0f56af8bd86f4f281f82a423c1ae88e05aa086b
Sha384
06799acea47fdeddb76ae20ce42b5c231c23ed61148b06c9aa1ddd8d8e219c7e1459be3c1295c5681113036b5c3bec43
Sha512
afc22dd4812b32236f68375293dbaa858bef15cfc507724701e9da7df18849946d2227f176ab92ad3047e76d79470a4585de5c3eb17447b4fcf848e7ac43e5cb
SSDeep
49152:+Vo5rrqzyDAL7CBxnIoeX79r9nRR9tIZn6jJ+dsRlL+qcaTwpDQIAdY:+Vo5rD8U6oy1gZWJ+dARTwpDDAdY
TLSH
41466D10B7719931E5FA07B594BF02A4173894680BD667CB52E0A4FCFD593EB2D3228B

PeID

BobSoft Mini Delphi -> BoB / BobSoft
Borland Delphi 4.0
Borland Delphi v6.0 - v7.0
MASM/TASM - sig4 (h)
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
File Structure
45146b7913dac0de49c391733d38e5c8
Malicious
[Authenticode]_56c42269.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.reloc
.rsrc
.debug
Resources
RT_STRING
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:1046
[Authenticode]_21f97e2f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
.rdata
.data
.fptable
.textbss
.idata
.msvcjmc
.00cfg
Resources
RT_VERSION
ID:0001
ID:0
ID:1033
RT_MANIFEST
ID:0002
ID:1033
ID:0001
ID:1033
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0-preview.png
ID:0005
ID:1033
ID:1033-preview.png
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
ID:0
.Net Resources
iZ5WFY6CkiklF9IX4x.GgKBowSG2mBfvYlAVp
Microsoft.Win32.TaskScheduler.TaskService.bmp
gPfCeyhLcVwHrnD2di.v7dN9ndBGbtk5QKhGe
4UomwUejbwumowMThv.2OAH4HCls9y1CVFcl3
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
[Authenticode]_9a054396.p7b
[Authenticode]_4cf25bdb.p7b
[Authenticode]_2325ae3f.p7b
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x51AF10 size 12120 bytes
Info

PDB Path: 
Artefacts
Name
 Value
URLs in VB Code - #1

https://github.com/dahall/taskscheduler
URLs in VB Code - #2

http://schemas.microsoft.com/windows/2004/02/mit/taskT
URLs in VB Code - #3

http://crl.comodoca.com/AAACertificateServices.crl04
URLs in VB Code - #4

http://ocsp.comodoca.com0
URLs in VB Code - #5

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
URLs in VB Code - #6

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
URLs in VB Code - #7

http://ocsp.sectigo.com0
URLs in VB Code - #8

https://sectigo.com/CPS0
URLs in VB Code - #9

http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
URLs in VB Code - #10

http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
URLs in VB Code - #11

http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
URLs in VB Code - #12

http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
URLs in VB Code - #13

http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0|
URLs in VB Code - #14

http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
URLs in VB Code - #15

http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl05
URLs in VB Code - #16

http://ocsp.usertrust.com0
45146b7913dac0de49c391733d38e5c8 (5.37 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙