Malicious
9749cfb52ba78a1ab0618da7f9e899d6
PE Executable | MD5: 9749cfb52ba78a1ab0618da7f9e899d6 | Size: 8.11 MB | application/x-dosexec
PE Executable
MD5: 9749cfb52ba78a1ab0618da7f9e899d6
Size: 8.11 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 9749cfb52ba78a1ab0618da7f9e899d6
|
| Sha1 | 4bdb79bb578510aa93a525d25f5908da4e72e18e
|
| Sha256 | b0cc835df649b790bf8fde133d284d4bf3b9c6fd65baaa6578f91b9b3fc33b5d
|
| Sha384 | 752e816c6fd197c42325dad9da69db2299fe01acd3a04b4fdeadc284ee49d6648127d9009b46cc851d858b652f8f617d
|
| Sha512 | ec99a09d4dac2dd9f5afba984501b62d504e37d5aeaf4779e7097d6fd7d788737d746bf0bfd3410f2820326514d9ccdc5f393dd6f7e81a511f07cfc21ff463d9
|
| SSDeep | 196608:yGDN3eETMNoyo+YjNyMFMS0XlIr6fpID8u:XN3eETMNp6MU6fpU8u
|
| TLSH | E9869C007F608423F1C4D0F282B9BEF706B958301B6592A7E698F7E9D524FC26EB4756
|
PeID
Borland Delphi 7 - Nstd EP - ASL sign
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
File Structure
9749cfb52ba78a1ab0618da7f9e899d6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0032
ID:0
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.didat
Resources
RT_ICON
ID:0001
ID:1033
ID:1024
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
RT_DIALOG
ID:02BC
ID:1033
ID:02BD
ID:1033
ID:02BE
ID:1033
ID:02BF
ID:1033
ID:02C0
ID:1033
ID:02C1
ID:1033
ID:0000
ID:1033
RT_STRING
ID:0001
ID:1033
ID:0002
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
ID:1024
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
9749cfb52ba78a1ab0618da7f9e899d6.decoded.vbs
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://www.clickteam.com |
| URLs in VB Code - #2 | http://www.clickteam.com/pub |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| PDB Path | t$di |
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9749cfb52ba78a1ab0618da7f9e899d6 (8.11 MB)
File Structure
9749cfb52ba78a1ab0618da7f9e899d6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0032
ID:0
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
.didat
Resources
RT_ICON
ID:0001
ID:1033
ID:1024
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
RT_DIALOG
ID:02BC
ID:1033
ID:02BD
ID:1033
ID:02BE
ID:1033
ID:02BF
ID:1033
ID:02C0
ID:1033
ID:02C1
ID:1033
ID:0000
ID:1033
RT_STRING
ID:0001
ID:1033
ID:0002
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
ID:1024
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:0
9749cfb52ba78a1ab0618da7f9e899d6.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://www.clickteam.com |
9749cfb52ba78a1ab0618da7f9e899d6 |
| URLs in VB Code - #2 | http://www.clickteam.com/pub |
9749cfb52ba78a1ab0618da7f9e899d6 |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9749cfb52ba78a1ab0618da7f9e899d6 |
| PDB Path | t$di |
9749cfb52ba78a1ab0618da7f9e899d6 > Resources > RT_RCDATA > ID:0000 > ID:0 |
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
9749cfb52ba78a1ab0618da7f9e899d6 > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9749cfb52ba78a1ab0618da7f9e899d6 > Resources > RT_RCDATA > ID:0000 > ID:0 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.