Suspicious
Suspect

6b78d1611e1210e125c302fa2e5acaef

PE Executable
|
MD5: 6b78d1611e1210e125c302fa2e5acaef
|
Size: 1.47 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6b78d1611e1210e125c302fa2e5acaef
Sha1
735cf773fcb194f36ad069abf941081c8431a9b8
Sha256
bc53beaef1311d637b447850e63d25de34c9b70e5cb4dc33184e79db0231e9bc
Sha384
9ecbde4b6481c815b8faf5b18e357d8ab91a7649fd73baeb25fd42d34d20b3d00c77615087f033deb440571e66bfe7d1
Sha512
4bec5f2362463805b0830c4fb291d3306bc41cb6e5960354e34debd8d3b9d8eae7407e2bb352911a59252833db3124bc8a5a9f8e38efba4652ed3436598b1a22
SSDeep
24576:Fa/P5CUNGe4Cw3wLJRG1bZmAyTblU//eobvt0qikzIvD6w9t8nW:G5fQGw3wFQyT5UOittUvD6GWnW
TLSH
1D6533BAF7AA817BF0F549F4563262076A337D5D2096CA7E73203E19751200EC939727

PeID

Microsoft Visual C++ v6.0 DLL
Nullsoft PiMP Stub -> SFX
UPolyX 0.3 -> delikon
File Structure
6b78d1611e1210e125c302fa2e5acaef
Overlay_f754f67d.bin
[Rebuild from dump]_67771a17.exe
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Overlay extracted: Overlay_f754f67d.bin (1395848 bytes)
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_67771a17.exe
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
6b78d1611e1210e125c302fa2e5acaef (1.47 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙