Suspicious
Suspect

9c004138bea1f426fa43b6edbae46da0

PE Executable
|
MD5: 9c004138bea1f426fa43b6edbae46da0
|
Size: 5.45 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9c004138bea1f426fa43b6edbae46da0
Sha1
a7a56f18c067ce06762c335e471b500551683905
Sha256
f28ec66ea72ab255e028b98e3103070e0e412030352b9c66aaf696266fed38ca
Sha384
7494e3e45a39a9865817f3831c347e68323f3e69cd450105295545aa53738324d31871fa966b50fceafff7da5c318972
Sha512
d47adea1fe88abc847c5eb7b4678f5bdb143a071200f3473b98a7be5bf88bc14f72573d057e45f0b2e1335a437c3f3a526a80e8c0d81146dd16fdda1356fd4cf
SSDeep
98304:+p4g1jNGVAjP3tZytkWWr42NZtQwR+r1gzAvtvPHyb2tbklDL0qnKVOqzCX/O84M:+p4g7sMPKtkWWrXmwMrFXSb0oCHCPO7M
TLSH
6D463391B7E27EF6CA92C6774F069B720272D68C1B461E0B768A1F196DC70F066070ED

PeID

Microsoft Visual C++
Microsoft Visual C++ 5.0
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
File Structure
9c004138bea1f426fa43b6edbae46da0
7z-stream @ 0x0002DF4F.7z
Kredcheb.tj
Prol.uw
FileAssociation.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
MSVCP140.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
Qt5Network.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
SwitchEnterprise.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:1033.exif
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
VCRUNTIME140.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_ICON
ID:0001
ID:1049
ID:0002
ID:1049
ID:0003
ID:1049
ID:0004
ID:1049
ID:0005
ID:1049
RT_GROUP_CURSOR4
ID:0065
ID:1049
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Artefacts
Name
 Value
PDB Path

X:\Svn\pdf-convert\FileAssociation\Release\FileAssociation.pdb
PDB Path

D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb
PDB Path

C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb
PDB Path

C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb
PDB Path

t$di
PDB Path

D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb
9c004138bea1f426fa43b6edbae46da0 (5.45 MB)
File Structure
9c004138bea1f426fa43b6edbae46da0
7z-stream @ 0x0002DF4F.7z
Kredcheb.tj
Prol.uw
FileAssociation.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
MSVCP140.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Qt5Core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
Qt5Network.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
SwitchEnterprise.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:1033.exif
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
VCRUNTIME140.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_ICON
ID:0001
ID:1049
ID:0002
ID:1049
ID:0003
ID:1049
ID:0004
ID:1049
ID:0005
ID:1049
RT_GROUP_CURSOR4
ID:0065
ID:1049
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

X:\Svn\pdf-convert\FileAssociation\Release\FileAssociation.pdb

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > FileAssociation.dll
PDB Path

D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > MSVCP140.dll
PDB Path

C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > Qt5Core.dll
PDB Path

C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > Qt5Network.dll
PDB Path

t$di

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > SwitchEnterprise.exe
PDB Path

D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

9c004138bea1f426fa43b6edbae46da0 > 7z-stream @ 0x0002DF4F.7z > VCRUNTIME140.dll
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙