Suspicious
Suspect

54f79bd899fc0d9364973649424b8cf7

PE Executable
|
MD5: 54f79bd899fc0d9364973649424b8cf7
|
Size: 139.26 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
54f79bd899fc0d9364973649424b8cf7
Sha1
bffbb011d501ec0750233e9dbc1568b94e1ab070
Sha256
12a6b979da40489d768e28882836de2434009bcb436c2901772bed7633d88770
Sha384
ef397e9a6e6eda1bfa9fe2b7d964b40d781adc18fd8b8aefb8ef12a5fc3b9e5907a9cca4daf34e2b5b1f47bbc9ca5655
Sha512
00f00e2406278201f5ae21f90a1c353caa1511fe33f7e825033ff96c409e3f8e76d8a3ec7921dff19c6c10d377cac4d7d29a17093323a53fc55c5ad0b91fbc9e
SSDeep
3072:rs2s5DrMyQc/Wt9eY/qCxcAvkGG0u7Rq3O:rsx8ystbvkGG0u7A+
TLSH
18D3912177ED0039F5F35B752DB6A921DABABDA11E30E01F9290840A1CB1B57E870B73

PeID

Microsoft Visual C++ 6.0 - 8.0
File Structure
54f79bd899fc0d9364973649424b8cf7
Overlay_75053776.bin
[Rebuild from dump]_a7641933.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.bss
Resources
WM_DSP
ID:0066
ID:16393
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
WM_DISP
ID:0065
ID:16393
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Overlay extracted: Overlay_75053776.bin (17920 bytes)
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_a7641933.exe
Info

PDB Path: t
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
54f79bd899fc0d9364973649424b8cf7 (139.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙