General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 77e20c09d58da572e7d2ac213ca95f88
|
| Sha1 | 6d40af31dbbd925c3b3fb3f4a6d4f7f02401cef5
|
| Sha256 | b0b92ed73b4e9254a4e0d353c09305f7f27def9d3a86d70001b17482f7317ef9
|
| Sha384 | b41c53ac413c98865a480bb1831196c532ac51383067342c1afbf9407240ddca490035113c36cc6a52817f60c61c1c96
|
| Sha512 | dc732f52ceca31b91f6ca4c12ad9320773ea1bef82b5819b69ff94b665caf65c9198fef64326b453c2cb815c0a029c36b81d5a2fac8babac0f15acb4c34f8123
|
| SSDeep | 393216:bKQ9OkYK95oSrcPoYfrips62fK6K8QsGAkT/p6xg/okINGg8S00HlKYXDa1mB0ZN:tO+oSAPoM2sJK6K91fLs57plKYz9eZYq
|
| TLSH | 47173325AD824833C52E653C69A662D1583AFD203F1CBD8727D83B59067F680C7EA377
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
VC8 -> Microsoft Corporation
File Structure
77e20c09d58da572e7d2ac213ca95f88
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.qtversi
.pdata
.xdata
.bss
.idata
.CRT
.tls
.reloc
[Authenticode]_4e4511a6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.gfids
.tls
_RDATA
.reloc
[Authenticode]_0484f762.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
20
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_603f8839.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_d69220f8.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_529b3ea6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
generic
[Authenticode]_c65d2887.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
iconengines
[Authenticode]_ed80a7ab.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
imageformats
[Authenticode]_2e24cc43.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_e2ccec78.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_9ec4c856.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_447489ee.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
networkinformation
[Authenticode]_5703616a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
platforms
[Authenticode]_0dff9cc3.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
27
Resources
RT_VERSION
ID:0001
ID:1033
tls
[Authenticode]_eda61384.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_266c181f.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
translations
qt_ar.qm
qt_bg.qm
qt_ca.qm
qt_cs.qm
qt_da.qm
qt_de.qm
qt_en.qm
qt_es.qm
qt_fa.qm
qt_fi.qm
qt_fr.qm
qt_gd.qm
qt_he.qm
qt_hr.qm
qt_hu.qm
qt_it.qm
qt_ja.qm
qt_ka.qm
qt_ko.qm
qt_lg.qm
qt_lv.qm
qt_nl.qm
qt_nn.qm
qt_pl.qm
qt_pt_BR.qm
qt_ru.qm
qt_sk.qm
qt_sv.qm
qt_tr.qm
qt_uk.qm
qt_zh_CN.qm
qt_zh_TW.qm
D3Dcompiler_47.dll
[Authenticode]_a38dbf01.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.pdata
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Overlay extracted: Overlay_484df4ba.bin (17944865 bytes) |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_3ee997f0.exe |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
| PE Layout | MemoryMapped (process dump suspected) |
77e20c09d58da572e7d2ac213ca95f88 (18.81 MB)
File Structure
77e20c09d58da572e7d2ac213ca95f88
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.qtversi
.pdata
.xdata
.bss
.idata
.CRT
.tls
.reloc
[Authenticode]_4e4511a6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.gfids
.tls
_RDATA
.reloc
[Authenticode]_0484f762.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
20
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_603f8839.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_d69220f8.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_529b3ea6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
Resources
RT_VERSION
ID:0001
ID:1033
generic
[Authenticode]_c65d2887.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
iconengines
[Authenticode]_ed80a7ab.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
imageformats
[Authenticode]_2e24cc43.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_e2ccec78.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_9ec4c856.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_447489ee.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
networkinformation
[Authenticode]_5703616a.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
platforms
[Authenticode]_0dff9cc3.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
27
Resources
RT_VERSION
ID:0001
ID:1033
tls
[Authenticode]_eda61384.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
15
27
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_266c181f.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
4
16
27
Resources
RT_VERSION
ID:0001
ID:1033
translations
qt_ar.qm
qt_bg.qm
qt_ca.qm
qt_cs.qm
qt_da.qm
qt_de.qm
qt_en.qm
qt_es.qm
qt_fa.qm
qt_fi.qm
qt_fr.qm
qt_gd.qm
qt_he.qm
qt_hr.qm
qt_hu.qm
qt_it.qm
qt_ja.qm
qt_ka.qm
qt_ko.qm
qt_lg.qm
qt_lv.qm
qt_nl.qm
qt_nn.qm
qt_pl.qm
qt_pt_BR.qm
qt_ru.qm
qt_sk.qm
qt_sv.qm
qt_tr.qm
qt_uk.qm
qt_zh_CN.qm
qt_zh_TW.qm
D3Dcompiler_47.dll
[Authenticode]_a38dbf01.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.pdata
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
77e20c09d58da572e7d2ac213ca95f88 |
| PE Layout | MemoryMapped (process dump suspected) |
77e20c09d58da572e7d2ac213ca95f88 > [Rebuild from dump]_3ee997f0.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.