General
Structural Analysis
Config.0
Yara Rules19
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 5abc4f85343b846275da1edf093fb1ba
|
| Sha1 | 2ea5f53c8edee8feb35eb011f3e9390dd6fb62f2
|
| Sha256 | 2ce02a9f26d699d65588073a8f2be54e422cb28cdc69aabb89acb0250f2d2fe2
|
| Sha384 | 40c65a382903e700aa0472df948274f50cedd8eb422fcf626d9154f2470cd3120a4cdcc762a296dc00cde572f3b2b201
|
| Sha512 | 5b998898c1f86d4ff6000464198961af930b76e8742bdc3cc7a40ed820255a5f1a4501e6799a7a2705520df751a7677f684b9bf36b3f490b505e0d2055d923ca
|
| SSDeep | 196608:m0c6BABXGQs0TfWmv781BT5nZ6vqR1cZLhm9+LmT9bXm3e9/eYPmPk6K/rgrpuJn:8VB2iS0Sd5ZuaYLUYST9bWG/eYPmPk6Q
|
| TLSH | 11C63349DBE418F8D8F3C674985A4803E77EBC4A1750D78F07B6AA5A1F272918E38770
|
PeID
Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
UPolyX 0.3 -> delikon
File Structure
5abc4f85343b846275da1edf093fb1ba
Malicious
Overlay_94093f38.bin
Malicious
[Authenticode]_c368417a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.fptable
.FSw
.xt8
.)jp
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1049
ID:0002
ID:1049
ID:0003
ID:1049
ID:0004
ID:1049
ID:0005
ID:1049
ID:0006
ID:1049
ID:0007
ID:1049
ID:0008
ID:1049
ID:0009
ID:1049
ID:1049-preview.png
RT_GROUP_CURSOR4
ID:0069
ID:1049
RT_VERSION
ID:0001
ID:1049
RT_MANIFEST
ID:0001
ID:1033
Xone.exe
Malicious
Overlay_ed42dffe.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_94093f38.bin (11326919 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb |
5abc4f85343b846275da1edf093fb1ba (11.79 MB)
File Structure
5abc4f85343b846275da1edf093fb1ba
Malicious
Overlay_94093f38.bin
Malicious
[Authenticode]_c368417a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.fptable
.FSw
.xt8
.)jp
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1049
ID:0002
ID:1049
ID:0003
ID:1049
ID:0004
ID:1049
ID:0005
ID:1049
ID:0006
ID:1049
ID:0007
ID:1049
ID:0008
ID:1049
ID:0009
ID:1049
ID:1049-preview.png
RT_GROUP_CURSOR4
ID:0069
ID:1049
RT_VERSION
ID:0001
ID:1049
RT_MANIFEST
ID:0001
ID:1033
Xone.exe
Malicious
Overlay_ed42dffe.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.