Malicious
d94f2c267950fe9f2a17db0082a126e9
PE Executable | MD5: d94f2c267950fe9f2a17db0082a126e9 | Size: 1.57 MB | application/x-dosexec
PE Executable
MD5: d94f2c267950fe9f2a17db0082a126e9
Size: 1.57 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
High
|
Hash | Hash Value |
|---|---|
| MD5 | d94f2c267950fe9f2a17db0082a126e9
|
| Sha1 | 16ddc8f26b921244845a286610c91c51f298576a
|
| Sha256 | 124e12c7d6ab6a51c38c2f69dc4eb68587aa5d985c1d724a20c1d0c3458ca29b
|
| Sha384 | cdfb0288956bbab6a56e04875e59a6e9713b4dcda7df7483d3f1e608d8e53ba38856c74410b2df384d9566036ecd60c6
|
| Sha512 | 4dd5d8317e2b496d5fd8be134380f311045e8fb945843a6020194d9b9173013e223f78c229517e71dbdf5b7b58c95176c9e14cfc68934e456fcdfea62cb74e46
|
| SSDeep | 24576:+RJC3hIChVXcnyezZ0POw2L6XH7CLCCGng7Dw:+f1zXwimng7D
|
| TLSH | 0B75F807F2928AE1D55E1733C1D7480483E4E5896763E70F7A8E13B929C37BAAD0A357
|
PeID
.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d94f2c267950fe9f2a17db0082a126e9
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WUyV7y8UR8NrTjfLip.eivIZJOZc33FNtK4r5
SW2uFHWRwK3KrTVVV8.EPPxxJfp8Oth9AClMe
1fHDJxwuxYvADREhiH.3fEiXePjJGAAs3VjUK
Microsoft.Win32.TaskScheduler.TaskService.bmp
ZQiItFEgTvnyX44NB1.CENLr1nZiOMMF3eN0n
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: Microsoft.Win32.TaskScheduler.pdb |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 67 |
| Main Method | Not found or no body |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 67 |
| Main Method | Not found or no body |
d94f2c267950fe9f2a17db0082a126e9 (1.57 MB)
File Structure
d94f2c267950fe9f2a17db0082a126e9
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
WUyV7y8UR8NrTjfLip.eivIZJOZc33FNtK4r5
SW2uFHWRwK3KrTVVV8.EPPxxJfp8Oth9AClMe
1fHDJxwuxYvADREhiH.3fEiXePjJGAAs3VjUK
Microsoft.Win32.TaskScheduler.TaskService.bmp
ZQiItFEgTvnyX44NB1.CENLr1nZiOMMF3eN0n
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.