Suspicious
Suspect

5a378a55d2972044ba78d10a366306d0

PE Executable
|
MD5: 5a378a55d2972044ba78d10a366306d0
|
Size: 8.99 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
5a378a55d2972044ba78d10a366306d0
Sha1
d322d7e764a14c88d1cefa6925c997a86eff064f
Sha256
66c00afa5d90cc2d1a5c2cd2e4107964fe7765c74f73ab098ebb5d02c074b2f0
Sha384
00c63357553e4b445cb5d48fa3285d8c1269abf60918e0994194ce6365de0b07cc08099797999424c39cb4a019185920
Sha512
ed3ecd94d0ee0c48e3b91e80acd4f288ffaf1a653476442c14b73232a0392542691c2671bf04072fef714efd827e6ab8412a5fbede99c35583d25d40d96f9d2e
SSDeep
196608:ZB9elWWXZ0Wa3sDcJlEQz089lGvbVOZO6KvbIv5w:b9elrZ0Wa3sDSlpzfLGTVA5w
TLSH
BE963321B6C49133C2B61EB86E2C926D963E7F202F1459C76BE03E891E351C25F39677

PeID

Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
VC8 -> Microsoft Corporation
File Structure
5a378a55d2972044ba78d10a366306d0
Overlay_c7c4bf70.bin
main.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_RCDATA
ID:001B
ID:0
RT_MANIFEST
ID:0001
ID:0
[Rebuild from dump]_c93dd87f.exe
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Overlay extracted: Overlay_c7c4bf70.bin (8127117 bytes)
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_c93dd87f.exe
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
5a378a55d2972044ba78d10a366306d0 (8.99 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙