Malicious
General
Structural Analysis
Config.0
Yara Rules51
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | cf313a3e0f399dd1b5d44a5a73da19b4
|
| Sha1 | 3c43668241a889d4685f8f117bafac770a708f16
|
| Sha256 | ebdc00c1de3f168e1a3750f0561032d9e2c2a1bd745341f970dc1e395695f341
|
| Sha384 | 03ac1bee883c1489b73d2b864222bf98e447def4cbdeb94c2f5fcf73491ceae2617a8f5d076659cff3ad69e8fb80d9f1
|
| Sha512 | 63847ca21d7937fbda14e4e9822aa7ef9b6f9a39a10e70b8113233f574acfcd8e5f4e389b1ec1ca87cb44bb7f903b47d7a0dd8cf95a97e985264bf7d5ee16f2a
|
| SSDeep | 24576:U2G/nvxW3Ww0tpEtKtr9t1QhA6l6rt3DCAvXuQJLEW8ef1XQyNG6GRUBlQ6owJtc:UbA30uKtFEYX2EIotgEG6XlQLwJONign
|
| TLSH | AE95BE027F54CE11F1191637D2AF890447B4EC502AAAE72B7ABD336E95123937C1CADB
|
PeID
HQR data file
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
cf313a3e0f399dd1b5d44a5a73da19b4
Executable
PE (Portable Executable)
Win 32 Exe
x86
PDB Path
Obfuscated
VBScript Encoded
.Net Obfuscator
.Net Reactor
.Net
WScript.Shell
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
cf313a3e0f399dd1b5d44a5a73da19b4.decoded.vbs
Visual Basic
VBScript
VBScript Encoded
WScript.Shell
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
cf313a3e0f399dd1b5d44a5a73da19b4 (2.06 MB)
File Structure
cf313a3e0f399dd1b5d44a5a73da19b4
Executable
PE (Portable Executable)
Win 32 Exe
x86
PDB Path
Obfuscated
VBScript Encoded
.Net Obfuscator
.Net Reactor
.Net
WScript.Shell
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
cf313a3e0f399dd1b5d44a5a73da19b4.decoded.vbs
Visual Basic
VBScript
VBScript Encoded
WScript.Shell
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
cf313a3e0f399dd1b5d44a5a73da19b4 |
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
cf313a3e0f399dd1b5d44a5a73da19b4 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.