Suspicious
Suspect

f2e77c75ddc679f2e7fabdd8b8ac3f20

PE Executable
|
MD5: f2e77c75ddc679f2e7fabdd8b8ac3f20
|
Size: 12.68 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
f2e77c75ddc679f2e7fabdd8b8ac3f20
Sha1
561a8a3e91997818c88089b1464702ce5b72bbee
Sha256
00fa8ab37cdc20fee6d8989dee3ba58c82b952f953d869f8312c3b0b2d599006
Sha384
11b3ea05e56e6a0ee257c3397cd00bbe87f6e1a263ffedda57c59a3e2ae57b65d7ee5e6abca7762df7503336d163f996
Sha512
2f0199cbe57708d7e401ffd955e00a2874fe73e30ae0386b4992cb11654f02c5e03b6690178eba85a00c17d90aef030c53fdc3b6a579fe980c08dbc7a02ef5d5
SSDeep
393216:yNE0+y2PsXV+fdVr96iCww3vvU35phokM4sYg:LpPUVgYRBvvK5Y5
TLSH
45D63359E3F804FCE0A7B4B08EE54952E6763C498B71E69F07B886661F237609D3E710

PeID

Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
UPolyX 0.3 -> delikon
File Structure
f2e77c75ddc679f2e7fabdd8b8ac3f20
Overlay_e9135d29.bin
x64
tradingnetworkingsockets.dll
[Authenticode]_cb3b0570.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
WEVT_TEMPLATE
ID:0001
ID:4147
trading_api64.dll
[Authenticode]_d967d35e.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
SCID
ID:0000
ID:0
RT_VERSION
ID:0001
ID:0
ID:1033
x86
api-ms-win-core-processthreads-l1-1-1.dll
[Authenticode]_43d98961.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
Resources
RT_VERSION
ID:0001
ID:1033
api-ms-win-core-profile-l1-1-0.dll
[Authenticode]_6ca78227.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-rtlsupport-l1-1-0.dll
[Authenticode]_e2a8925c.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-string-l1-1-0.dll
[Authenticode]_c51c8bac.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-synch-l1-1-0.dll
[Authenticode]_9cd9ead8.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-synch-l1-2-0.dll
[Authenticode]_4401f3c0.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-sysinfo-l1-1-0.dll
[Authenticode]_f6f30feb.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-timezone-l1-1-0.dll
[Authenticode]_2b6539aa.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-core-util-l1-1-0.dll
[Authenticode]_849e1860.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-conio-l1-1-0.dll
[Authenticode]_59c3b2e0.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-convert-l1-1-0.dll
[Authenticode]_9162a078.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-environment-l1-1-0.dll
[Authenticode]_a6e64b23.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-filesystem-l1-1-0.dll
[Authenticode]_f08a67ea.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-heap-l1-1-0.dll
[Authenticode]_91fbe78d.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-locale-l1-1-0.dll
[Authenticode]_372005a9.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-math-l1-1-0.dll
[Authenticode]_79edf4d2.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-multibyte-l1-1-0.dll
[Authenticode]_5741d0b2.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-private-l1-1-0.dll
[Authenticode]_3083cfb4.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
api-ms-win-crt-process-l1-1-0.dll
[Authenticode]_fbcfda57.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.rdata
.rsrc
1.exe
Overlay_fa9a6740.bin
2.exe
[Authenticode]_704a8f93.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_ICON
ID:0001
ID:2052
ID:0002
ID:2052
ID:0003
ID:2052
ID:0004
ID:2052
ID:0005
ID:2052
RT_GROUP_CURSOR4
ID:0000
ID:2052
RT_MANIFEST
ID:0001
ID:1033
Jaemvoong.qer
MSVCP80.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
MSVCR80.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
QtCore4.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
QtGui4.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
QtNetwork4.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
QtWebKit4.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.unwante
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
QtXml4.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Stool.ld
updater
manager
ks_tyres.ini
NvStWiz.prx
[Authenticode]_16480133.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:1033-preview.png
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
RT_GROUP_CURSOR4
ID:0098
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.didat
.rsrc
.reloc
Resources
PNG
ID:0065
ID:1033
ID:1033-preview.png
ID:0066
ID:1033
ID:1033-preview.png
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:1033-preview.png
RT_DIALOG
ID:0000
ID:1033
RT_STRING
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
RT_GROUP_CURSOR4
ID:0064
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_e9135d29.bin (12215986 bytes)
Info

PDB Path: D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
URLs in VB Code - #1

file:///
URLs in VB Code - #2

http://www.w3.org/TR/REC-html40/strict.dtd
URLs in VB Code - #3

http://www.w3.org/1999/xlink
URLs in VB Code - #4

http://qt.nokia.com/products/licensing
URLs in VB Code - #5

http://qt.nokia.com/
f2e77c75ddc679f2e7fabdd8b8ac3f20 (12.68 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙