An error occurred while loading filenames.
Try now !
Malicious
9e6d2e2e599fcc56a563e2b7ff45cfc8
Open options
Share on LinkedIn
Add to favorites
Re-Scan
Delete
VBScript
MD5:
9e6d2e2e599fcc56a563e2b7ff45cfc8
Size:
1.61 MB
text/vbscript
Contains Base64 Block
Base64 Block
Base64 Payload
WScript.Shell
Scripting.FileSystemObject
Microsoft.XMLDOM
ADODB.Stream
DeObfuscated
VBScript
T1059.005
Obfuscated
Executable
PE (Portable Executable)
PE Memory-Mapped (Dump)
PE File Layout
PDB Path
General
Structural Analysis
Config.
0
Yara Rules
26
Sync
Community
Summary by MalvaGPT
Generate AI Summary
Characteristics
Hash
Hash Value
MD5
9e6d2e2e599fcc56a563e2b7ff45cfc8
Sha1
d8e364d37e685b7684f8fddb5532e3d030c6dca0
Sha256
b56d67f497038cfca55a4e7ad62a4f43a2d1267c15cd22094dca9735163bf65d
Sha384
c2e7ba922b2a3a40b5da02235824ce64297109f79f7c27116e6a86174f56611235fded082602d748f11e0da12a0bae32
Sha512
f3f028711c10db53134686a3c29f833613c12b0e919f2447fdcce66451291d663807a39dbd84b585036610aa6c31f9da532e6da79de9279a97e9dc5ee95ab921
SSDeep
24576:maaZwHzp81iARucvNDTPIZx3yrfGAYTPrr/WvrLaXxLs46:m1ZfpNDTw3fzrzkrmc
TLSH
0F751231C677BD7F0A2C2E4654073DD05C3C6BE742ACC1BBBA8676B7E2A2584CD09660
File Structure
9e6d2e2e599fcc56a563e2b7ff45cfc8
Contains Base64 Block
Base64 Block
Base64 Payload
WScript.Shell
Scripting.FileSystemObject
Microsoft.XMLDOM
ADODB.Stream
DeObfuscated
VBScript
T1059.005
Obfuscated
Executable
PE (Portable Executable)
PE Memory-Mapped (Dump)
PE File Layout
PDB Path
Malicious
[Base64-Block @0x00000099]
Base64 Block
Executable
PE (Portable Executable)
PE Memory-Mapped (Dump)
9e6d2e2e599fcc56a563e2b7ff45cfc8.deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Contains Base64 Block
Base64 Block
Base64 Payload
Executable
PE (Portable Executable)
PE File Layout
PDB Path
Malicious
[Base64-Block @0x00000098]
Base64 Block
Executable
PE (Portable Executable)
PE File Layout
Win 64 Exe
x64
PDB Path
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
Artefacts
Name
Value
PE Layout
MemoryMapped (process dump suspected)
9e6d2e2e599fcc56a563e2b7ff45cfc8 (1.61 MB)
File Structure
9e6d2e2e599fcc56a563e2b7ff45cfc8
Contains Base64 Block
Base64 Block
Base64 Payload
WScript.Shell
Scripting.FileSystemObject
Microsoft.XMLDOM
ADODB.Stream
DeObfuscated
VBScript
T1059.005
Obfuscated
Executable
PE (Portable Executable)
PE Memory-Mapped (Dump)
PE File Layout
PDB Path
Malicious
[Base64-Block @0x00000099]
Base64 Block
Executable
PE (Portable Executable)
PE Memory-Mapped (Dump)
9e6d2e2e599fcc56a563e2b7ff45cfc8.deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Contains Base64 Block
Base64 Block
Base64 Payload
Executable
PE (Portable Executable)
PE File Layout
PDB Path
Malicious
[Base64-Block @0x00000098]
Base64 Block
Executable
PE (Portable Executable)
PE File Layout
Win 64 Exe
x64
PDB Path
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
Characteristics
No malware configuration were found at this point.
Artefacts
Name
Value
Location
PE Layout
MemoryMapped (process dump suspected)
9e6d2e2e599fcc56a563e2b7ff45cfc8 > [Base64-Block @0x00000099]
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded.
Reload
🗙
