General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | c78d2f7c9f28c563b544736804d57608
|
| Sha1 | c606fa9a53a421bbdbd459ed49aff4c6cbd122e6
|
| Sha256 | 3ef183c187c16072e3d1644a20f080d8c39727ed1d25e8c869748979825d26db
|
| Sha384 | 2ca84cddaadd11bbc4983a4d7f634ab066beff6a433bd97f0fcc350694b0383e7d0a6fc7d062d433e81c6a7e924d6d60
|
| Sha512 | 360295acc0fc643e87cb943316698c9cf12ec8e9a77b2af0f4d5e3cd50a130e6dff3bac028c85215b6259f89f74bc3e252acdd2af954e366f970aaef1defd22b
|
| SSDeep | 24576:2TbBv5rUyXVZKoC93BaNnrzcmFkZ1zZx0qxJedopZ7/RbO3zbnvCNz+PBlnEg9/+:IBJZ8TfbUqxhRCKNKH50bv0bcIPwn
|
| TLSH | 30B5BF0676928E72C2611B318667423D42A4D7217652FF2F3A1F2497AA077F18E763F3
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
c78d2f7c9f28c563b544736804d57608
Malicious
Overlay_1d7870c0.bin
Malicious
WinPerf.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
N85AqwwJVnB8mm9aEc.ynNm1xZeZDbwTcObeW
vBriDJT9vMxsbw0YlM.NM8R500GnwtWZ1QoU3
uT5ofuSwfpLjNZtbLP.M7NrJVXJFkRvyh2d6D
gemYRsBvxdbNFXe7SB.KeDE0XcIx7w31RD9tc
aLoMifMtha84Prcu2M.yPeopty7TbaYNjcLIK
xwEZx4u9HLDtniu6VW.M3EcbxhN2fLKwCh8xm
MqCUrrgrfkdg.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
c78d2f7c9f28c563b544736804d57608.decoded.vbs
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_1d7870c0.bin (1964229 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
c78d2f7c9f28c563b544736804d57608 (2.29 MB)
File Structure
c78d2f7c9f28c563b544736804d57608
Malicious
Overlay_1d7870c0.bin
Malicious
WinPerf.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
N85AqwwJVnB8mm9aEc.ynNm1xZeZDbwTcObeW
vBriDJT9vMxsbw0YlM.NM8R500GnwtWZ1QoU3
uT5ofuSwfpLjNZtbLP.M7NrJVXJFkRvyh2d6D
gemYRsBvxdbNFXe7SB.KeDE0XcIx7w31RD9tc
aLoMifMtha84Prcu2M.yPeopty7TbaYNjcLIK
xwEZx4u9HLDtniu6VW.M3EcbxhN2fLKwCh8xm
MqCUrrgrfkdg.bat
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
c78d2f7c9f28c563b544736804d57608.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.