General
Structural Analysis
Config.0
Yara Rules68
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | d9def5aed3d0701634ed3ad6b66b9bf7
|
| Sha1 | fe5ca7448b1353eb9e2a7b146a77451f0af6ebd8
|
| Sha256 | 75aad50d7df8e668fe606669881d088323263e4c6ed6931d7615da9770904f03
|
| Sha384 | a60dc7fad26d1a458dc576f6da5fede5f0164d58dcdc16eae491b60db1b88004134f8e1e2797145453a636967e7c6d23
|
| Sha512 | 24976c9a8ba335693290f895e68b7472006062b13f97aafe777fd2ea81ff2e773a99c782c0667a1787643c6dcc5099d0853d2e34e1459de1756a987b940e6272
|
| SSDeep | 24576:U2G/nvxW3Ww0tTLHxOHRLV2T7kRlBYyMUpHbwMy:UbA30nW3lb4
|
| TLSH | 4A454A017E44CA11F0191633C2EF464847B9AC516AA6E72FBEBA376D55123E37C0DACB
|
PeID
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
VC8 -> Microsoft Corporation
File Structure
d9def5aed3d0701634ed3ad6b66b9bf7
Malicious
Overlay_c0907651.bin
Malicious
1QKgJoXr.bat
PortSession.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
t6IVF9dGHsQfbpC7gF.ATibPMigNoBiZ5brRU
FXhwhJ3pXuyayS1iCo.JpCYseJwNYwELICMhQ
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
d9def5aed3d0701634ed3ad6b66b9bf7.decoded.vbs
Malicious
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_c0907651.bin (850060 bytes) |
| Info | PDB Path: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
d9def5aed3d0701634ed3ad6b66b9bf7 (1.17 MB)
File Structure
d9def5aed3d0701634ed3ad6b66b9bf7
Malicious
Overlay_c0907651.bin
Malicious
1QKgJoXr.bat
PortSession.exe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
.Net Resources
t6IVF9dGHsQfbpC7gF.ATibPMigNoBiZ5brRU
FXhwhJ3pXuyayS1iCo.JpCYseJwNYwELICMhQ
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
d9def5aed3d0701634ed3ad6b66b9bf7.decoded.vbs
Malicious
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.