Suspicious
Suspect

cf4840ae85d7acba4974d6dd55893d6c

PE Executable
|
MD5: cf4840ae85d7acba4974d6dd55893d6c
|
Size: 1.01 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
cf4840ae85d7acba4974d6dd55893d6c
Sha1
82357963420e55a3e99cfe20bd5bea6ddfa32a54
Sha256
00202340108c101d59bbfb3daa4bbd6b4436c167e3c9734c07bfbdcb1402f746
Sha384
62f84576e5c43d72dcd0ef90cdf4f2735edef6e69887f6b9127e91d96a4f47454b44fb2f7f065065b090547ecb62a9dd
Sha512
3cc9afad940d3ada93c93bf4e9650ff8d5cb3d67584cc3bbc48ea28d42ed3f4a6fe5f9583f7b925e79a0dc797e7fca599af32bacb54af07f9a2011f39531e9a4
SSDeep
24576:bqKAJ2nZBV6vryrLYJtQubXWFl+0vdc3ax0LT:bqr8fV6vQ8JeuDW+0m3ax0LT
TLSH
BD2512AB36A055F4E1675078CA52D78AF3B27452073097CF12A487BA1F277E1AC3E325

PeID

Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
File Structure
cf4840ae85d7acba4974d6dd55893d6c
7z-stream @ 0x0002FAFF.7z
README.bmp.clear
ClearWater_x64.exe
Overlay_e44d382e.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.idata
.tls
.reloc
4
19
31
45
57
70
81
97
113
Overlay_ac9e3211.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
RT_GROUP_CURSOR4
ID:0065
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_ac9e3211.bin (811977 bytes)
cf4840ae85d7acba4974d6dd55893d6c (1.01 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙