Malicious
PE Executable
MD5: 696266c6422254fb5757c11a6b770644
Size: 101.38 KB
application/x-dosexec
General
Structural Analysis
Config.1
Yara Rules52
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 696266c6422254fb5757c11a6b770644
|
| Sha1 | a0b54884e6f08892e120462823a9c0d6794f2e5f
|
| Sha256 | 4d683b88c061aed2d3b19fd554bfc8480ff5c4394a0bbd6cd437016562b69cc8
|
| Sha384 | 87c58cfc25732789a2ad2669b09b9f76bb7ef0ac93cf3dc0a824705c719aa1b0850a3eae56a5cc868938a54855237ee6
|
| Sha512 | f9c61a4275a9646837ce9b736feaaee800b8c9087733d3dd0151fd11be3435ee35a5bdea2a9e207686e094cba85a885b2e5b86eb240b55b3ab8eacd973011555
|
| SSDeep | 1536:iG6ijoigXyl/btDLieLKsjaARbDikmbfexv0ujXyyed+c7zMlctmulgS6pr:I6D2e3jRRnog0ujyzd+c7zur
|
| TLSH | A1A35C606BBC9F19EAFD1B35B4B2012443F0E48B9092FB4A4EC054B61F677426917EF2
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
696266c6422254fb5757c11a6b770644
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - RedLine Config.
|
Config. Field0 | Value |
|---|---|
| [Configuration Module Name] | EntryPoint |
| [Configuration Module Full Name] | EntryPoint |
Informations
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Happy.exe |
| Full Name | Happy.exe |
| EntryPoint | System.Void Program::Main(System.String[]) |
| Scope Name | Happy.exe |
| Scope Type | ModuleDef |
| Kind | Console |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Happy |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 234 |
| Main Method | System.Void Program::Main(System.String[]) |
| Main IL Instruction Count | 3 |
| Main IL | newobj System.Void EntryPoint::.ctor() call System.Void Program::Execute(EntryPoint) ret <null> |
| Module Name | Happy.exe |
| Full Name | Happy.exe |
| EntryPoint | System.Void Program::Main(System.String[]) |
| Scope Name | Happy.exe |
| Scope Type | ModuleDef |
| Kind | Console |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Happy |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 234 |
| Main Method | System.Void Program::Main(System.String[]) |
| Main IL Instruction Count | 3 |
| Main IL | newobj System.Void EntryPoint::.ctor() call System.Void Program::Execute(EntryPoint) ret <null> |
696266c6422254fb5757c11a6b770644 (101.38 KB)
File Structure
696266c6422254fb5757c11a6b770644
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - RedLine Config.
|
Config. Field0 | Value |
|---|---|
| [Configuration Module Name] | EntryPoint |
| [Configuration Module Full Name] | EntryPoint |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.