Malicious
e0a2e7d3904bf17510fbf260512c8ec8
PE Executable | MD5: e0a2e7d3904bf17510fbf260512c8ec8 | Size: 1.21 MB | application/x-dosexec
PE Executable
MD5: e0a2e7d3904bf17510fbf260512c8ec8
Size: 1.21 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | e0a2e7d3904bf17510fbf260512c8ec8
|
| Sha1 | b0af6005b3e383189a29fe9f96b5950d37f42042
|
| Sha256 | 9005deed14fb0fa861a3ae3cc1d23f35131a6f809d18640f21a64097f178697a
|
| Sha384 | b64e3e380a1cf6df43d49206c788a4b783b2e147d8fd8064cfa9ff3215d228c2bc81c583f3b28839ef383c1a776dbaf6
|
| Sha512 | d203216e95723b6e2edfe5027030dafd9579311ea6185ade2dd1961cba1661e360a9faee5cf55b6e02e756ec1efa4e6ece73a2ca3f642be69923eebffc98249a
|
| SSDeep | 12288:AqEY/x5pK0jguEkzWBfwzliwDsM2GbLobs8TNAxoleU8vPbpi3r:Aozg4LoPTco383b
|
| TLSH | 0445E737F6D2AAB1D1441733E3DB4D600BA0E5C26767DA4BB6CA335A58437BB8E01217
|
PeID
.NET executable
HQR data file
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e0a2e7d3904bf17510fbf260512c8ec8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
dt3Z2yTvVIIkNMoRrj.JRqUpDJ63akHhJJ9bw
Microsoft.Win32.TaskScheduler.TaskService.bmp
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: Microsoft.Win32.TaskScheduler.pdb |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 64 |
| Main Method | Not found or no body |
| Module Name | Microsoft.Win32.TaskScheduler.dll |
| Full Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Name | Microsoft.Win32.TaskScheduler.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Microsoft.Win32.TaskScheduler |
| Assembly Version | 2.12.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | True |
| PublicKey Token | 2806574b39b74d4b |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 64 |
| Main Method | Not found or no body |
e0a2e7d3904bf17510fbf260512c8ec8 (1.21 MB)
File Structure
e0a2e7d3904bf17510fbf260512c8ec8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
dt3Z2yTvVIIkNMoRrj.JRqUpDJ63akHhJJ9bw
Microsoft.Win32.TaskScheduler.TaskService.bmp
Microsoft.Win32.TaskScheduler.g.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.