General
Structural Analysis
Config.0
Yara Rules31
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
High
|
Hash | Hash Value |
|---|---|
| MD5 | 4e8cb3356db7ef8488c07666688ebae3
|
| Sha1 | ef834093c4ee95212ca952ab4c361fbdf35be92c
|
| Sha256 | 96d4e77c0d433b14c2030be194ad12e159b5292f33da3a7d4d2749475845c253
|
| Sha384 | 5a7503e4ac8e03e0d09b40abbf0a57073540791c26de736edd56ad0583b4ca66437149f86f276e08413564801de7c264
|
| Sha512 | ac14002f7d4a2714ebb0015e3e83e853370c08de458d1de7974887bb423c4a13bb1bc86eb2198c143a5ebdc0ba1e4a8a7c2f20a051e904180107190e84969554
|
| SSDeep | 24576:5yFaAUSYwy//L8OvUe4VkjWIEbvdzbUl:vFwHbv
|
| TLSH | D855B607F253CEA1D25C1733E2D7092003B4D5856623DE0B7A9D1B392AD37BA9E26277
|
PeID
.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
4e8cb3356db7ef8488c07666688ebae3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
VZ4OUS9q3EoP8Ls1mx.RS8BuwnTSw9oVqUcmI
J2p79AkWxDGKZL6NZN.3nxUdIolAOfwVRHU3a
HUpEkUmpHwk9CnQ1Q9.lJEufj6RcYhX0Y1I0H
pTqL4JxZinV6gOUcNw.6GEBo7rfhExT93V46c
Microsoft.Win32.TaskScheduler.TaskService.bmp
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: Microsoft.Win32.TaskScheduler.pdb |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 68 |
| Main Method | Not found or no body |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 68 |
| Main Method | Not found or no body |
4e8cb3356db7ef8488c07666688ebae3 (1.33 MB)
File Structure
4e8cb3356db7ef8488c07666688ebae3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
VZ4OUS9q3EoP8Ls1mx.RS8BuwnTSw9oVqUcmI
J2p79AkWxDGKZL6NZN.3nxUdIolAOfwVRHU3a
HUpEkUmpHwk9CnQ1Q9.lJEufj6RcYhX0Y1I0H
pTqL4JxZinV6gOUcNw.6GEBo7rfhExT93V46c
Microsoft.Win32.TaskScheduler.TaskService.bmp
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.