Suspicious
Suspect

494e57200976472ecc98a6f65432ee51

MS Office Document
|
MD5: 494e57200976472ecc98a6f65432ee51
|
Size: 4.41 MB
|
application/vnd.ms-office

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
494e57200976472ecc98a6f65432ee51
Sha1
7cd75a50bcc9b1983204000e5b52e40eb01b9c98
Sha256
65de4ef064eba4afe141fd4226cd7cd96a1eaf9a6f2e47d3d9ed2aa4e257396e
Sha384
d6eb54c7743261fbf25e918fad88b44e1b0a2979095231974c0a6749d0a4ed8298038a708c3763f63851d26cb43c9ca2
Sha512
ad65cbf2ebf0397e84c4ac2c17b5cbd6ef5aab4fc4bcdd19b87659b4324b7a89711724a0d27f3540a57a9ff727a0f2027f9869f058a8ae2f642f9d8ca6388ef2
SSDeep
98304:xxakH5oGqKAAOD5CMqjCz6vuTXbCtfgy5rkO4VAynV:rDaChOD5CNCuvGbCqgrkO4VAyn
TLSH
AB16334D32C15957C2DECBB40999B273C1E4CC43958AC96F406DB8984ABEBF42CA47E7
File Structure
494e57200976472ecc98a6f65432ee51
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
WGsIaqTARJXz
[Authenticode]_4a3d9ff1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
EDPENLIGHTENEDAPPINFOID
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
H8pxPoECiq1bo2
[Authenticode]_e4d08f84.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
bprAnf6J
[Authenticode]_3c45be9b.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
owIss0HthIdqG4l
[Authenticode]_9a3452fe.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
E9nApq9Bsh9mmW
[Authenticode]_7a2d11d1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
UKqqACLUALIsaSR
[Authenticode]_cf07cf82.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Oj7ZgVzn9X7NeE9Z4X1
[Authenticode]_95973014.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
cMBVqzqfssy
QAZX2o5H
[Authenticode]_a6fd6765.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
m7mvr72L
[Authenticode]_8df7970a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
SohdEo6Snih
DEWTud3JSrCytqK
[Authenticode]_428d1cb4.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Oj7QkJVzat8
[Authenticode]_fcf378ea.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
hG3vvZDdOfpOjoWGpiXU
[Authenticode]_780f6f01.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
䡀䈖䌧䠤
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䕙䓲䕨䜷
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
SummaryInformation
WGsIaqTARJXz
H8pxPoECiq1bo2
bprAnf6J
owIss0HthIdqG4l
E9nApq9Bsh9mmW
UKqqACLUALIsaSR
Oj7ZgVzn9X7NeE9Z4X1
cMBVqzqfssy
QAZX2o5H
m7mvr72L
SohdEo6Snih
DEWTud3JSrCytqK
Oj7QkJVzat8
hG3vvZDdOfpOjoWGpiXU
Artefacts
Name
 Value
URLs in VB Code - #1

http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
URLs in VB Code - #2

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
URLs in VB Code - #3

http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crl0w
URLs in VB Code - #4

http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt0
URLs in VB Code - #5

http://www.microsoft.com0
URLs in VB Code - #6

http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
URLs in VB Code - #7

http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
URLs in VB Code - #8

http://www.microsoft.com/pkiops/Docs/Repository.htm0
494e57200976472ecc98a6f65432ee51 (4.41 MB)
File Structure
494e57200976472ecc98a6f65432ee51
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
WGsIaqTARJXz
[Authenticode]_4a3d9ff1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
EDPENLIGHTENEDAPPINFOID
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
H8pxPoECiq1bo2
[Authenticode]_e4d08f84.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
bprAnf6J
[Authenticode]_3c45be9b.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
owIss0HthIdqG4l
[Authenticode]_9a3452fe.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
E9nApq9Bsh9mmW
[Authenticode]_7a2d11d1.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
UKqqACLUALIsaSR
[Authenticode]_cf07cf82.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Oj7ZgVzn9X7NeE9Z4X1
[Authenticode]_95973014.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
cMBVqzqfssy
QAZX2o5H
[Authenticode]_a6fd6765.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
m7mvr72L
[Authenticode]_8df7970a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
SohdEo6Snih
DEWTud3JSrCytqK
[Authenticode]_428d1cb4.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Oj7QkJVzat8
[Authenticode]_fcf378ea.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
hG3vvZDdOfpOjoWGpiXU
[Authenticode]_780f6f01.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
䡀䈖䌧䠤
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䕙䓲䕨䜷
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
SummaryInformation
WGsIaqTARJXz
H8pxPoECiq1bo2
bprAnf6J
owIss0HthIdqG4l
E9nApq9Bsh9mmW
UKqqACLUALIsaSR
Oj7ZgVzn9X7NeE9Z4X1
cMBVqzqfssy
QAZX2o5H
m7mvr72L
SohdEo6Snih
DEWTud3JSrCytqK
Oj7QkJVzat8
hG3vvZDdOfpOjoWGpiXU
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #2

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #3

http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crl0w

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #4

http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt0

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #5

http://www.microsoft.com0

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #6

http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #7

http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
URLs in VB Code - #8

http://www.microsoft.com/pkiops/Docs/Repository.htm0

494e57200976472ecc98a6f65432ee51 > Root Entry > 䄦㡥䆾䅤 > UKqqACLUALIsaSR
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙