General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | aebb9fc09538a76a652b496b1af763c8
|
| Sha1 | 13b8b2110bd94c52341122b0c2157c1b9c9d484a
|
| Sha256 | 7ce751500e39727ad51617bdcb3b0a9f56bf3b8fe8bdf05b8940d9484c08da1c
|
| Sha384 | be421e26d623ca5115d17b6f3bb0dcdda51c08b296a1bbf7f5a0f4d81865f0d4a60d9eea654928fbf64ebb1de458d78a
|
| Sha512 | f90e65ece94b51d9b6965cc5b2f8bcfe8dfa896dd78e37b5d076ab954c8e2e81dfdb13a2e8250abbf94d929b1aa473d7e1b40f743bb92ad8bab5b98e79653011
|
| SSDeep | 49152:JQMhy0MXQaRCo6B9RM/pSNCf+78hYwaRdduFfIM3YrRIjCp+Cir14ssDV:N
|
| TLSH | 72D66A649B84974EAEAE194BE07C662F76F33F61D49272FC16633703256FC086639C48
|
File Structure
aebb9fc09538a76a652b496b1af763c8
Malicious
[Base64-Block]
[Base64-Block @0x00000032]
[Authenticode]_195136a2.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:2048
ID:0002
ID:2048
ID:0003
ID:2048
ID:0004
ID:2048
ID:0005
ID:2048
ID:0006
ID:2048
ID:0007
ID:2048
ID:0008
ID:2048
RT_STRING
ID:1000
ID:2048
RT_GROUP_CURSOR4
ID:03E9
ID:2048
RT_VERSION
ID:0001
ID:2048
RT_MANIFEST
ID:0001
ID:2048
[Base64-Block @0x000E2FB7]
[Authenticode]_08d70e14.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_STRING
ID:1000
ID:2048
RT_VERSION
ID:0001
ID:2048
RT_MANIFEST
ID:0002
ID:1033
[Base64-Block @0x000F760F]
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
QWhale.Common.Images.ColorBox.bmp
QWhale.Common.ColorBox.resources
QWhale.Common.TrialWarning.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
pictureBox1.Image
[NBF]root.Data
QWhale.Common.StringConsts.resources
[Base64-Block @0x000B2BBD]
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
QWhale.Syntax.Images.XmlParser.bmp
QWhale.Syntax.Images.Parser.bmp
QWhale.Syntax.Design.Dialogs.DlgSyntaxBuilder.resources
ilButtons.ImageStream
[NBF]root.Data
imButtons.ImageStream
[NBF]root.Data
imLexer.ImageStream
[NBF]root.Data
aebb9fc09538a76a652b496b1af763c8 (13.26 MB)
File Structure
aebb9fc09538a76a652b496b1af763c8
Malicious
[Base64-Block]
[Base64-Block @0x00000032]
[Authenticode]_195136a2.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:2048
ID:0002
ID:2048
ID:0003
ID:2048
ID:0004
ID:2048
ID:0005
ID:2048
ID:0006
ID:2048
ID:0007
ID:2048
ID:0008
ID:2048
RT_STRING
ID:1000
ID:2048
RT_GROUP_CURSOR4
ID:03E9
ID:2048
RT_VERSION
ID:0001
ID:2048
RT_MANIFEST
ID:0001
ID:2048
[Base64-Block @0x000E2FB7]
[Authenticode]_08d70e14.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_STRING
ID:1000
ID:2048
RT_VERSION
ID:0001
ID:2048
RT_MANIFEST
ID:0002
ID:1033
[Base64-Block @0x000F760F]
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
QWhale.Common.Images.ColorBox.bmp
QWhale.Common.ColorBox.resources
QWhale.Common.TrialWarning.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
pictureBox1.Image
[NBF]root.Data
QWhale.Common.StringConsts.resources
[Base64-Block @0x000B2BBD]
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
QWhale.Syntax.Images.XmlParser.bmp
QWhale.Syntax.Images.Parser.bmp
QWhale.Syntax.Design.Dialogs.DlgSyntaxBuilder.resources
ilButtons.ImageStream
[NBF]root.Data
imButtons.ImageStream
[NBF]root.Data
imLexer.ImageStream
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.