General
Structural Analysis
Config.0
Yara Rules86
Sync
Community
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | c2bde35c4e4b5bc34674f51dee2e2e32
|
| Sha1 | f1e6d04e2bd3a5edff6af50137a922f7bfb97833
|
| Sha256 | fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33
|
| Sha384 | 98f402013141632e60ade277a71b6cbdee18e9f86821bb7cfa25798adc00108f5084c03a5f48f6f0c4c1df104836e4af
|
| Sha512 | 825e59956f17475dd57f74a6cf7320ef311fd1d7d69ece594acc166f10fa85bd63cf0ffb1e05562c4ce9078ab853aa0879ba4d06d51d627a1b23aee23db3370f
|
| SSDeep | 98304:aFkn6R/9tpgruNeW0VHhi/waOMULeySnMQTAfVbwotpgruNeW0VHhL3S5VicLaj4:arGruNeW0DWTXUyyS9TAdbw+GruNeW0G
|
| TLSH | AB461226B7F481B5E4BB663489A64261EB7ABC601A30C74F13D045AE1F737D0AE35723
|
PeID
MASM/TASM - sig4 (h)
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
File Structure
c2bde35c4e4b5bc34674f51dee2e2e32
Overlay_7763b2e3.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.detourc
.detourd
.rsrc
.reloc
Resources
BINRES
ID:0000
Microsoft.Diagnostics.DebugServices.dll
[Authenticode]_c499023f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.DebugServices.Implementation.dll
[Authenticode]_8d37aea5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.ExtensionCommands.dll
[Authenticode]_14813bf5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.Runtime.dll
[Authenticode]_9f611dd6.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.FileFormats.dll
[Authenticode]_d98f6d45.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.SymbolStore.dll
[Authenticode]_a3fa2c60.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SOS.Extensions.dll
[Authenticode]_c0250235.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SOS.Hosting.dll
[Authenticode]_b8d695a0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
System.CommandLine.dll
[Authenticode]_82702988.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.DiaSymReader.Native.x86.dll
[Authenticode]_77972f8f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_4fe04091.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
TEXT
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
[Authenticode]_36dd6bce.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.detourc
.detourd
_RDATA
.rsrc
.reloc
Optional Header (x86)
Resources
BINRES
ID:0000
[Authenticode]_e4e8cc37.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.detourc
.detourd
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
Microsoft.DiaSymReader.Native.amd64.dll
[Authenticode]_193d37b6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_e2c377d9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
[Authenticode]_29145b2f.p7b
RT_CURSOR
ID:0001
ID:1033
ID:0002
ID:1033
RT_ICON
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_MENU
ID:0000
ID:1033
RT_DIALOG
ID:0000
ID:1033
RT_ACCELERATOR
ID:0000
ID:1033
RT_RCDATA
ID:0696
ID:0
RT_GROUP_CURSOR2
ID:0000
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:0079
ID:1033
ID:007A
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_7763b2e3.bin (10176 bytes) |
| Info | PDB Path: D:\a\1\s\exe\Win32\Release\vmmap.pdb |
c2bde35c4e4b5bc34674f51dee2e2e32 (5.81 MB)
File Structure
c2bde35c4e4b5bc34674f51dee2e2e32
Overlay_7763b2e3.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.detourc
.detourd
.rsrc
.reloc
Resources
BINRES
ID:0000
Microsoft.Diagnostics.DebugServices.dll
[Authenticode]_c499023f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.DebugServices.Implementation.dll
[Authenticode]_8d37aea5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.ExtensionCommands.dll
[Authenticode]_14813bf5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Diagnostics.Runtime.dll
[Authenticode]_9f611dd6.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.FileFormats.dll
[Authenticode]_d98f6d45.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.SymbolStore.dll
[Authenticode]_a3fa2c60.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SOS.Extensions.dll
[Authenticode]_c0250235.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SOS.Hosting.dll
[Authenticode]_b8d695a0.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
System.CommandLine.dll
[Authenticode]_82702988.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.DiaSymReader.Native.x86.dll
[Authenticode]_77972f8f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.didat
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_4fe04091.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
TEXT
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
[Authenticode]_36dd6bce.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.detourc
.detourd
_RDATA
.rsrc
.reloc
Optional Header (x86)
Resources
BINRES
ID:0000
[Authenticode]_e4e8cc37.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.detourc
.detourd
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
Microsoft.DiaSymReader.Native.amd64.dll
[Authenticode]_193d37b6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_e2c377d9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
[Authenticode]_29145b2f.p7b
RT_CURSOR
ID:0001
ID:1033
ID:0002
ID:1033
RT_ICON
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_MENU
ID:0000
ID:1033
RT_DIALOG
ID:0000
ID:1033
RT_ACCELERATOR
ID:0000
ID:1033
RT_RCDATA
ID:0696
ID:0
RT_GROUP_CURSOR2
ID:0000
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:0079
ID:1033
ID:007A
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.