Suspicious
Suspect

ce5be389732f7a563bf36859d7aa8a8b

PE Executable
|
MD5: ce5be389732f7a563bf36859d7aa8a8b
|
Size: 13.3 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
ce5be389732f7a563bf36859d7aa8a8b
Sha1
b864bba28ef44433dcbb8799e1820c9ef807ff48
Sha256
eb2df1ba4f3b1a8681594ddcfe605c38749fd6e723bbe5c60dc885d03da0f578
Sha384
50a1f43ccff70c933c94eedb71673e396f2e5b1b9544b61f7b062f0ac28df4883ce5ce75def30ea102c310756e9e7ea4
Sha512
0cf4f2fe19c8917b8c56c0c88620120401d5836ec2165854cc35d827bddeba865c20f2acde330c488b0fd23ca4983f3c36a78038d8beab905089bbba00b0738f
SSDeep
196608:vgO5JSRqnwCQsRBdiFUFlE4Wmk/gIvsxtmfWy78Nsz5mRZY+VT36Dkm/k/w:vgCSRUwClRBSUIf/gIvW9ywg5R237mS
TLSH
09D62327B24A673EE06D1B3759F2D2604D3B7A10A55B8C52AAF4085CCF2E0A01E7F757

PeID

Borland Delphi 4.0
Borland Delphi v3.0
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
File Structure
ce5be389732f7a563bf36859d7aa8a8b
[Authenticode]_1592438e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0064
ID:1033
ID:0065
ID:1033
ID:0066
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:1033-preview.png
ID:006D
ID:1033
ID:006E
ID:1033
ID:006F
ID:1033
ID:0070
ID:1033
RT_STRING
ID:0FF5
ID:0
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:2B67
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xCACF48 size 10464 bytes
Artefacts
Name
 Value
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs in VB Code - #2

http://crl.certum.pl/ctnca2.crl0l
URLs in VB Code - #3

http://subca.ocsp-certum.com02
URLs in VB Code - #4

http://repository.certum.pl/ctnca2.cer09
URLs in VB Code - #5

http://www.certum.pl/CPS0
URLs in VB Code - #6

http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
URLs in VB Code - #7

http://cevcsca2021.ocsp-certum.com07
URLs in VB Code - #8

http://repository.certum.pl/cevcsca2021.cer0
URLs in VB Code - #9

https://www.certum.pl/CPS0
URLs in VB Code - #10

https://www.globalsign.com/repository/0
URLs in VB Code - #11

http://ocsp.globalsign.com/ca/gstsacasha384g40C
URLs in VB Code - #12

http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
URLs in VB Code - #13

http://crl.globalsign.com/ca/gstsacasha384g4.crl0
URLs in VB Code - #14

http://ocsp2.globalsign.com/rootr606
URLs in VB Code - #15

http://crl.globalsign.com/root-r6.crl0G
ce5be389732f7a563bf36859d7aa8a8b (13.3 MB)
File Structure
ce5be389732f7a563bf36859d7aa8a8b
[Authenticode]_1592438e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0064
ID:1033
ID:0065
ID:1033
ID:0066
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
ID:006A
ID:1033
ID:006B
ID:1033
ID:006C
ID:1033
ID:1033-preview.png
ID:006D
ID:1033
ID:006E
ID:1033
ID:006F
ID:1033
ID:0070
ID:1033
RT_STRING
ID:0FF5
ID:0
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:2B67
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #2

http://crl.certum.pl/ctnca2.crl0l

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #3

http://subca.ocsp-certum.com02

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #4

http://repository.certum.pl/ctnca2.cer09

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #5

http://www.certum.pl/CPS0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #6

http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #7

http://cevcsca2021.ocsp-certum.com07

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #8

http://repository.certum.pl/cevcsca2021.cer0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #9

https://www.certum.pl/CPS0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #10

https://www.globalsign.com/repository/0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #11

http://ocsp.globalsign.com/ca/gstsacasha384g40C

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #12

http://secure.globalsign.com/cacert/gstsacasha384g4.crt0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #13

http://crl.globalsign.com/ca/gstsacasha384g4.crl0

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #14

http://ocsp2.globalsign.com/rootr606

ce5be389732f7a563bf36859d7aa8a8b
URLs in VB Code - #15

http://crl.globalsign.com/root-r6.crl0G

ce5be389732f7a563bf36859d7aa8a8b
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙