Malicious
Malicious

9149b449a89f24ebbc726c996a471ccf

PE Executable
|
MD5: 9149b449a89f24ebbc726c996a471ccf
|
Size: 667.65 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9149b449a89f24ebbc726c996a471ccf
Sha1
2f90a4ec18c2597debdd5610aa3a3922f17d195c
Sha256
68bfdc8e5485211e4a6b409d266c98f1f18fb2b5ac06c0b2b83fb724a03ab319
Sha384
35d3df46d681e1fb6b3f61fe4a8687cda0e8b30dca630824ea2aee748c9977120a95ea033d15031accade460d2f70499
Sha512
bf2cb48b15039cd5f11e23495dea7bf19d3ccd10b86efc15de5fa043abce847e1f19461c4466968a3ae801dc95aa23f5f4f7e2b83cf923c7e80bab2a2ff6a699
SSDeep
6144:aWR8rFTMnXbdetg5NTmhhXFnKK03UgPl1vxMBpGb8z/hN/wcTr/Sr3MQSIEOV4uD:fWCXhe4mhLKlRUQGJNTXar3lSnajiQL
TLSH
30E49E21FA9351FDF4B311309C9DE27AEB363A059E159F87E7C09B34EDB02016A1761A

PeID

Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
Safeguard 1.03 -> Simonzh
UPolyX 0.3 -> delikon
VC8 -> Microsoft Corporation
File Structure
9149b449a89f24ebbc726c996a471ccf
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Artefacts
Name
 Value
LummaEncrypted@00083B94 [0123456789abcdef]

????
LummaEncrypted@00083BE4 [0123456789abcdef]

????
LummaEncrypted@00084140 [0123456789]

?
LummaEncrypted@000842C0 [0123456789]

?
LummaEncrypted@000847C7 [0123456789]

?
LummaEncrypted@00087C10 [3333333333333333]

LummaEncrypted@00088E44 [00000000]

LummaEncrypted@00088E5C [000000000000]

LummaEncrypted@00088E69 [0123456789abcdef]

????
LummaEncrypted@00088E88 [00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899]

 $$$$((22226666::@@@@DDDDHHRRRRVVVVZZ````ddddhhrrrrvvvvzz????????????????????
9149b449a89f24ebbc726c996a471ccf (667.65 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙