General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | a635702dae2292903ebbc6f006c6f024
|
| Sha1 | 3d75e8cae25d34405bfeb330f5fed6847f954bae
|
| Sha256 | 111991c69b0bad660b72a0746afb87cfc2a94e38bd6e68673587e7204b681695
|
| Sha384 | 43a92c2c3d621f8c0fbf60e369b9990a82a05f34f33ef7838ffadd6f6c23d8c7c5927342a24fa3d26bf1b96481d9d0d6
|
| Sha512 | a0b49689a2a4b393a5c08184c339a2e6259767143364138f8a216703505a5f4302de1d7c1f8e03dd7015fda4d79a1047ae440f67188a45a41de647f8f15c0107
|
| SSDeep | 49152:IBJ+2Fthjj8Nm/UKZ47LA/nO9ZqnVPwimNhKKs+yWxV:yE2FthhUEiLirFIRxj
|
| TLSH | 2DD5DF1A75D24E33C26417318663023D82A5EB357662EF1B3A1F2097AD177F0AB721B7
|
PeID
HQR data file
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
a635702dae2292903ebbc6f006c6f024
Malicious
Overlay_cbd69ab4.bin
Malicious
providerintoBroker.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
2nDTfHjAqv3evSQqaC.XI4uZKx0PJvBjsUvkK
Vrmj5vtQAjivawtNdI.SJimsqEhl6gtlocQVh
H3EPDm73gUApjim9lE.WL97xadn3bf4tKPXt8
RtUVRdR5y0ZsTCeyX1.sSfS5H9hrDVVtHt54a
3nmnUYybDIb0vjElpr.fVaydxBqcUoHRd7BoK
cl1vJfWxgeIiSLOP4J.3Io0W6DGugGUD0PlC1
1xi0mXKKP7RkjJ8gBpQt9u4dCBXuM7h1BeLQipZ5LI5B3X3GEkD0FPJv4Ef1.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
a635702dae2292903ebbc6f006c6f024.decoded.vbs
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_cbd69ab4.bin (2538873 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
a635702dae2292903ebbc6f006c6f024 (2.86 MB)
File Structure
a635702dae2292903ebbc6f006c6f024
Malicious
Overlay_cbd69ab4.bin
Malicious
providerintoBroker.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
2nDTfHjAqv3evSQqaC.XI4uZKx0PJvBjsUvkK
Vrmj5vtQAjivawtNdI.SJimsqEhl6gtlocQVh
H3EPDm73gUApjim9lE.WL97xadn3bf4tKPXt8
RtUVRdR5y0ZsTCeyX1.sSfS5H9hrDVVtHt54a
3nmnUYybDIb0vjElpr.fVaydxBqcUoHRd7BoK
cl1vJfWxgeIiSLOP4J.3Io0W6DGugGUD0PlC1
1xi0mXKKP7RkjJ8gBpQt9u4dCBXuM7h1BeLQipZ5LI5B3X3GEkD0FPJv4Ef1.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
a635702dae2292903ebbc6f006c6f024.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.