Suspect
54f79bd899fc0d9364973649424b8cf7
PE Executable | MD5: 54f79bd899fc0d9364973649424b8cf7 | Size: 139.26 KB | application/x-dosexec
PE Executable
MD5: 54f79bd899fc0d9364973649424b8cf7
Size: 139.26 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 54f79bd899fc0d9364973649424b8cf7
|
| Sha1 | bffbb011d501ec0750233e9dbc1568b94e1ab070
|
| Sha256 | 12a6b979da40489d768e28882836de2434009bcb436c2901772bed7633d88770
|
| Sha384 | ef397e9a6e6eda1bfa9fe2b7d964b40d781adc18fd8b8aefb8ef12a5fc3b9e5907a9cca4daf34e2b5b1f47bbc9ca5655
|
| Sha512 | 00f00e2406278201f5ae21f90a1c353caa1511fe33f7e825033ff96c409e3f8e76d8a3ec7921dff19c6c10d377cac4d7d29a17093323a53fc55c5ad0b91fbc9e
|
| SSDeep | 3072:rs2s5DrMyQc/Wt9eY/qCxcAvkGG0u7Rq3O:rsx8ystbvkGG0u7A+
|
| TLSH | 18D3912177ED0039F5F35B752DB6A921DABABDA11E30E01F9290840A1CB1B57E870B73
|
PeID
Microsoft Visual C++ 6.0 - 8.0
File Structure
54f79bd899fc0d9364973649424b8cf7
Overlay_75053776.bin
[Rebuild from dump]_a7641933.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Resources
WM_DSP
ID:0066
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
WM_DISP
ID:0065
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Overlay extracted: Overlay_75053776.bin (17920 bytes) |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_a7641933.exe |
| Info | PDB Path: t |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
54f79bd899fc0d9364973649424b8cf7 (139.26 KB)
File Structure
54f79bd899fc0d9364973649424b8cf7
Overlay_75053776.bin
[Rebuild from dump]_a7641933.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Resources
WM_DSP
ID:0066
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
WM_DISP
ID:0065
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
54f79bd899fc0d9364973649424b8cf7 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.