Suspicious
Suspect

e96077c8967ef8c5c6c785d0e9d39841

PE Executable
|
MD5: e96077c8967ef8c5c6c785d0e9d39841
|
Size: 4.72 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
e96077c8967ef8c5c6c785d0e9d39841
Sha1
79390e535ede93146a15a9aaff95edafe899c430
Sha256
ae1404972edf59527ec0d2e399000513c09dfbb2a6863a34d396805ef1787d1d
Sha384
8056aeecf2df2a483b5da893d7134418c5a2c71c2154f77acf59d4bf01b9857f06e0bac6dc634680cf1d7490c34c6002
Sha512
6e2c2115381f96effcf1729ae271f34c58c746332fb6ab6c2afa41435ec5cf466fee621fa4700bf3651e1fc50c2ec5071042870deb5ee69b18c57aff13fc2433
SSDeep
98304:TYU5hnuOajWwMPdCpepI3GrwrA+Jn333QM7:NxuHjWfZIzcM7
TLSH
EA265B03B278653ED457DA3E583FE6409C3B7E212A2D8D0A6FEC3C5C8E365416926E53

PeID

BobSoft Mini Delphi -> BoB / BobSoft
Borland Delphi 2006
Borland Delphi 2006 - 2007
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v3.0
Borland Delphi v3.0 - v7.0
Borland Delphi v6.0 - v7.0
Borland Delphi v6.0 - v7.0
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
File Structure
e96077c8967ef8c5c6c785d0e9d39841
7z-stream @ 0x003B4E14.7z
[Authenticode]_f9c64b75.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.reloc
.rsrc
Resources
RT_CURSOR
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_ICON
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0064
ID:1033
ID:0065
ID:1033
ID:0066
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
RT_STRING
ID:0FE2
ID:0
ID:0FE3
ID:0
ID:0FE4
ID:0
ID:0FE5
ID:0
ID:0FE6
ID:0
ID:0FE7
ID:0
ID:0FE8
ID:0
ID:0FE9
ID:0
ID:0FEA
ID:0
ID:0FEB
ID:0
ID:0FEC
ID:0
ID:0FED
ID:0
ID:0FEE
ID:0
ID:0FEF
ID:0
ID:0FF0
ID:0
ID:0FF1
ID:0
ID:0FF2
ID:0
ID:0FF3
ID:0
ID:0FF4
ID:0
ID:0FF5
ID:0
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
Resources
RT_MANIFEST
ID:0001
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR2
ID:7FF9
ID:1033
ID:7FFA
ID:1033
ID:7FFB
ID:1033
ID:7FFC
ID:1033
ID:7FFD
ID:1033
ID:7FFE
ID:1033
ID:7FFF
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x47DA00 size 12128 bytes
Artefacts
Name
 Value
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs in VB Code - #2

http://ocsp.digicert.com0A
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #5

http://www.digicert.com/CPS0
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
URLs in VB Code - #7

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
URLs in VB Code - #8

http://ocsp.digicert.com0
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
URLs in VB Code - #10

http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_
URLs in VB Code - #11

http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0
URLs in VB Code - #12

http://ocsp.digicert.com0C
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
e96077c8967ef8c5c6c785d0e9d39841 (4.72 MB)
File Structure
e96077c8967ef8c5c6c785d0e9d39841
7z-stream @ 0x003B4E14.7z
[Authenticode]_f9c64b75.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.itext
.data
.bss
.idata
.didata
.edata
.tls
.rdata
.reloc
.rsrc
Resources
RT_CURSOR
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
RT_ICON
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0064
ID:1033
ID:0065
ID:1033
ID:0066
ID:1033
ID:0067
ID:1033
ID:0068
ID:1033
ID:0069
ID:1033
RT_STRING
ID:0FE2
ID:0
ID:0FE3
ID:0
ID:0FE4
ID:0
ID:0FE5
ID:0
ID:0FE6
ID:0
ID:0FE7
ID:0
ID:0FE8
ID:0
ID:0FE9
ID:0
ID:0FEA
ID:0
ID:0FEB
ID:0
ID:0FEC
ID:0
ID:0FED
ID:0
ID:0FEE
ID:0
ID:0FEF
ID:0
ID:0FF0
ID:0
ID:0FF1
ID:0
ID:0FF2
ID:0
ID:0FF3
ID:0
ID:0FF4
ID:0
ID:0FF5
ID:0
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
ID:0000
ID:0
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
Resources
RT_MANIFEST
ID:0001
ID:1033
ID:1033-preview.png
RT_GROUP_CURSOR2
ID:7FF9
ID:1033
ID:7FFA
ID:1033
ID:7FFB
ID:1033
ID:7FFC
ID:1033
ID:7FFD
ID:1033
ID:7FFE
ID:1033
ID:7FFF
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #2

http://ocsp.digicert.com0A

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #5

http://www.digicert.com/CPS0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #6

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #7

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #8

http://ocsp.digicert.com0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #10

http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #11

http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #12

http://ocsp.digicert.com0C

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #13

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E

e96077c8967ef8c5c6c785d0e9d39841
URLs in VB Code - #14

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

e96077c8967ef8c5c6c785d0e9d39841
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙