Suspicious
Suspect

99623b60fd0a3f7d0d352d7925f7bd20

PE Executable
|
MD5: 99623b60fd0a3f7d0d352d7925f7bd20
|
Size: 2.98 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
99623b60fd0a3f7d0d352d7925f7bd20
Sha1
5b43d8941177b9a18224d6757e463f3d68a9063c
Sha256
d0be3d57938b0b103ac6b128aef12dabd74f0205ae0bef81792ef348b4d97152
Sha384
7f5ecc5e269dce19d0177f70d841bbf2540a3650df2f0e6cecaa49689c9c691c79f2bb4e838cb107ea8f23edf6fdc99c
Sha512
cdc5c6a0fec174ab712b3a1d3eea150b66d70ecbe9d2767fd5afcf27ed3deeac01e1749a8b917ac53e8c2e2a952f51ffe6b27480fd7597e648e45563e088b0e5
SSDeep
24576:mR3tfnJwRm2JoCPa34fCFKBrluxX/ngo5wMNSeSORl5FEtRI48Y2VB/YFlb4+s/q:mR3FJwRnPW4KFE8/ngSwjBHswKqSM7K0
TLSH
E5D59DCBACE108A9C1E693328AB653927B75FC090B3263D72A50B33C2F767D05975764

PeID

HQR data file
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
tElock 1.0 (private) -> tE!
tElock 1.0 (private) -> tE!
File Structure
99623b60fd0a3f7d0d352d7925f7bd20
[Authenticode]_0a9916e9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
.rsrc
Resources
CUSTOM
ID:0087
ID:0
ID:0088
ID:0
[Authenticode]_e4177044.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:2052
ZIPRES
ID:0085
ID:0
img
-down.png
-down.png-preview.png
-hover.png
-hover.png-preview.png
-normal.png
-normal.png-preview.png
bkg
default
bkg1.png
bkg1.png-preview.png
bkg2.png
bkg2.png-preview.png
bkg3.png
bkg3.png-preview.png
combo-lang-hot.png
combo-lang-hot.png-preview.png
combo-lang-normal.png
combo-lang-normal.png-preview.png
logo.png
logo.png-preview.png
msgbox_info.png
msgbox_info.png-preview.png
opt-hover.png
opt-hover.png-preview.png
opt-normal.png
opt-normal.png-preview.png
opt-selected-hover.png
opt-selected-hover.png-preview.png
opt-selected-normal.png
opt-selected-normal.png-preview.png
process_light.png
process_light.png-preview.png
x-down.png
x-down.png-preview.png
x-hover.png
x-hover.png-preview.png
x-normal.png
x-normal.png-preview.png
locale
ar.xml
de.xml
en.xml
es.xml
id.xml
ja.xml
ko.xml
pt.xml
ru.xml
th.xml
tr.xml
vi.xml
zh_CN.xml
zh_TW.xml
messagebox.xml
tgbdownloader.xml
RT_ICON
ID:0001
ID:0
RT_MENU
ID:006D
ID:2052
RT_STRING
ID:0007
ID:2052
RT_GROUP_CURSOR4
ID:006B
ID:0
RT_VERSION
ID:0001
ID:2052
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x2D4400 size 10888 bytes
Artefacts
Name
 Value
URLs in VB Code - #1

http://ocsp.thawte.com0
URLs in VB Code - #2

http://crl.thawte.com/ThawteTimestampingCA.crl0
URLs in VB Code - #3

http://ts-ocsp.ws.symantec.com07
URLs in VB Code - #4

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
URLs in VB Code - #5

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
URLs in VB Code - #6

https://www.verisign.com/rpa
URLs in VB Code - #7

http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
URLs in VB Code - #8

https://www.verisign.com/rpa0
URLs in VB Code - #9

http://ocsp.verisign.com0
URLs in VB Code - #10

http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
URLs in VB Code - #11

https://www.verisign.com/cps0
URLs in VB Code - #12

http://logo.verisign.com/vslogo.gif04
URLs in VB Code - #13

http://crl.verisign.com/pca3-g5.crl04
URLs in VB Code - #14

http://schemas.microsoft.com/SMI/2017/WindowsSettings
URLs in VB Code - #15

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs in VB Code - #16

http://schemas.microsoft.com/SMI/2016/WindowsSettings
URLs in VB Code - #17

http://crl3.digicert.com/assured-cs-g1.crl00
URLs in VB Code - #18

http://crl4.digicert.com/assured-cs-g1.crl0L
URLs in VB Code - #19

https://www.digicert.com/CPS0
URLs in VB Code - #20

http://ocsp.digicert.com0L
URLs in VB Code - #21

http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
URLs in VB Code - #22

http://www.digicert.com/ssl-cps-repository.htm0
URLs in VB Code - #23

http://ocsp.digicert.com0C
URLs in VB Code - #24

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
URLs in VB Code - #25

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
URLs in VB Code - #26

http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
URLs in VB Code - #27

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
URLs in VB Code - #28

http://crl3.digicert.com/sha2-assured-cs-g1.crl05
URLs in VB Code - #29

http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
URLs in VB Code - #30

http://ocsp.digicert.com0N
URLs in VB Code - #31

http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
URLs in VB Code - #32

http://www.digicert.com/CPS0
URLs in VB Code - #33

http://crl3.digicert.com/sha2-assured-ts.crl02
URLs in VB Code - #34

http://crl4.digicert.com/sha2-assured-ts.crl0
URLs in VB Code - #35

http://ocsp.digicert.com0O
URLs in VB Code - #36

http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
URLs in VB Code - #37

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
99623b60fd0a3f7d0d352d7925f7bd20 (2.98 MB)
File Structure
99623b60fd0a3f7d0d352d7925f7bd20
[Authenticode]_0a9916e9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.xdata
.idata
.reloc
.symtab
.rsrc
Resources
CUSTOM
ID:0087
ID:0
ID:0088
ID:0
[Authenticode]_e4177044.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:2052
ZIPRES
ID:0085
ID:0
img
-down.png
-down.png-preview.png
-hover.png
-hover.png-preview.png
-normal.png
-normal.png-preview.png
bkg
default
bkg1.png
bkg1.png-preview.png
bkg2.png
bkg2.png-preview.png
bkg3.png
bkg3.png-preview.png
combo-lang-hot.png
combo-lang-hot.png-preview.png
combo-lang-normal.png
combo-lang-normal.png-preview.png
logo.png
logo.png-preview.png
msgbox_info.png
msgbox_info.png-preview.png
opt-hover.png
opt-hover.png-preview.png
opt-normal.png
opt-normal.png-preview.png
opt-selected-hover.png
opt-selected-hover.png-preview.png
opt-selected-normal.png
opt-selected-normal.png-preview.png
process_light.png
process_light.png-preview.png
x-down.png
x-down.png-preview.png
x-hover.png
x-hover.png-preview.png
x-normal.png
x-normal.png-preview.png
locale
ar.xml
de.xml
en.xml
es.xml
id.xml
ja.xml
ko.xml
pt.xml
ru.xml
th.xml
tr.xml
vi.xml
zh_CN.xml
zh_TW.xml
messagebox.xml
tgbdownloader.xml
RT_ICON
ID:0001
ID:0
RT_MENU
ID:006D
ID:2052
RT_STRING
ID:0007
ID:2052
RT_GROUP_CURSOR4
ID:006B
ID:0
RT_VERSION
ID:0001
ID:2052
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://ocsp.thawte.com0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #2

http://crl.thawte.com/ThawteTimestampingCA.crl0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #3

http://ts-ocsp.ws.symantec.com07

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #4

http://ts-aia.ws.symantec.com/tss-ca-g2.cer0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #5

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #6

https://www.verisign.com/rpa

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #7

http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #8

https://www.verisign.com/rpa0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #9

http://ocsp.verisign.com0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #10

http://csc3-2010-aia.verisign.com/CSC3-2010.cer0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #11

https://www.verisign.com/cps0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #12

http://logo.verisign.com/vslogo.gif04

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #13

http://crl.verisign.com/pca3-g5.crl04

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #14

http://schemas.microsoft.com/SMI/2017/WindowsSettings

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #15

http://schemas.microsoft.com/SMI/2005/WindowsSettings

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #16

http://schemas.microsoft.com/SMI/2016/WindowsSettings

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #17

http://crl3.digicert.com/assured-cs-g1.crl00

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #18

http://crl4.digicert.com/assured-cs-g1.crl0L

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #19

https://www.digicert.com/CPS0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #20

http://ocsp.digicert.com0L

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #21

http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #22

http://www.digicert.com/ssl-cps-repository.htm0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #23

http://ocsp.digicert.com0C

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #24

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #25

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #26

http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #27

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #28

http://crl3.digicert.com/sha2-assured-cs-g1.crl05

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #29

http://crl4.digicert.com/sha2-assured-cs-g1.crl0L

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #30

http://ocsp.digicert.com0N

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #31

http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #32

http://www.digicert.com/CPS0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #33

http://crl3.digicert.com/sha2-assured-ts.crl02

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #34

http://crl4.digicert.com/sha2-assured-ts.crl0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #35

http://ocsp.digicert.com0O

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #36

http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0

99623b60fd0a3f7d0d352d7925f7bd20
URLs in VB Code - #37

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P

99623b60fd0a3f7d0d352d7925f7bd20
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙