General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | b1260eac98806415aafd4a498019eed4
|
| Sha1 | 5631dea2b6899640fc6cac58f37b9a0830cb18ef
|
| Sha256 | 811f30601dbe15e0d78bf4f8319caf3dbed4227af4c08bccf8e7b33229375576
|
| Sha384 | 7c82b0db85f24f0401c8fbb7e98970e49fdbbe527777369d8b82341e5de03e77f40d189b2be9806d78c1765179bcb483
|
| Sha512 | f10c87daaf792f393ddf31d9652fc17a39ba3969e672baf5bb7520e4b03b58debf4f4db4adf18882e3132dc15d7bb342930897b610857be0d6f8e2de210dd6a4
|
| SSDeep | 393216:vAA3e8G0Xw675J5bO6nAfnIWN+NPrVyvPlRShdmieNxi09:oAu8G0XVbO6nAfZN+ryHlkhUTNxp9
|
| TLSH | 1A4702CA168145FAC351A735F24756EAE28166E17E33A70B3F8614407D32C86CEA3DF9
|
PeID
Borland Delphi 7 - Nstd EP - ASL sign
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
File Structure
b1260eac98806415aafd4a498019eed4
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
.text
.data
.didat
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.tls
.wt!
.xo(
.QZ,
.rsrc
.reloc
Optional Header (x86)
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
rcnxl7gdwbngqp1xz
yi7mey4vc4th2c35d7fnhaibgbnay
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1024
ID:0002
ID:1024
ID:0003
ID:1024
ID:0004
ID:1024
ID:0005
ID:1024
ID:0006
ID:1024
ID:0007
ID:1024
ID:0008
ID:1024
ID:0009
ID:1024
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1024
RT_MANIFEST
ID:0001
ID:1033
b1260eac98806415aafd4a498019eed4.decoded.vbs
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
b1260eac98806415aafd4a498019eed4 (25.46 MB)
File Structure
b1260eac98806415aafd4a498019eed4
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
.text
.data
.didat
Resources
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.tls
.wt!
.xo(
.QZ,
.rsrc
.reloc
Optional Header (x86)
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
rcnxl7gdwbngqp1xz
yi7mey4vc4th2c35d7fnhaibgbnay
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1024
ID:0002
ID:1024
ID:0003
ID:1024
ID:0004
ID:1024
ID:0005
ID:1024
ID:0006
ID:1024
ID:0007
ID:1024
ID:0008
ID:1024
ID:0009
ID:1024
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1024
RT_MANIFEST
ID:0001
ID:1033
b1260eac98806415aafd4a498019eed4.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
b1260eac98806415aafd4a498019eed4 > Resources > RT_RCDATA > ID:0000 > ID:0 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.