Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
f42b397b89b19ac66725a9d0323f003d
Sha1
4460414ed8da67fe2747134c13f80d1164cbb648
Sha256
ba3e9f942d19cf6602497b17241249c441ade2d420cc90e43034ff38db4471c5
Sha384
e9cd08df5dae0909136605a03d42eee8bb42e7b50af349469ec1965ae8c54e684fc959a15c92f912c6a63a47d2021d64
Sha512
4c84a0b265c7f1b06fbab2266e4b74ae63427d2decb0f25c96c9653fd9c32896335d2147d0ce65570f20aa5a3b157b5155d0ae5d75d775a3e3986d78e6ddade2
SSDeep
393216:6XqHI0+p7BcdRiR+H0YQU24DDDGhZZgXSi2JwHegsqDsNC3NiSANx:BHacSR+Udi/GhZmXNhVsqDhiv
TLSH
FF27235667FC40E8E266D039C8124A8BEBF2F8520B71C7DF11651A6E1F777A10D6A323

PeID

MASM/TASM - sig4 (h)
Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
File Structure
f42b397b89b19ac66725a9d0323f003d
Malicious
[NSIS Installer] @ #0063AF7D
Malicious
modern-wizard.bmp
nsDialogs.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_DIALOG
ID:0001
ID:1033
System.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.reloc
modern-header.bmp
OemVista.inf
tap0901.cat
tap0901.sys
[Authenticode]_89e08687.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1033
RT_VERSION
ID:0001
ID:1033
tapinstall.exe
[Authenticode]_454917c6.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_STRING
ID:00BC
ID:1033
ID:00BD
ID:1033
RT_RCDATA
ID:0000
ID:1033
RT_MESSAGETABLE
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
Update.exe
7z-stream @ 0x000B0D00.7z
[Authenticode]_fcff993b.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ILRepack.List
Microsoft.Web.XmlTransform.SR.resources
NuGet.CommonResources.resources
NuGet.Resources.AnalysisResources.resources
NuGet.Resources.NuGetResources.resources
NuGet.Authoring.nuspec.xsd
LetsPRO.exe
[Authenticode]_a286c938.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
[Authenticode]_861abe30.p7b
.Net Resources
LetsPRO.g.resources
LetsVPN.Properties.Resources.resources
LetsVPN.Properties.ResourcesOrigin.resources
LetsVPN.Resources.hosts.template
CommunityToolkit.Mvvm.dll
[Authenticode]_d11582ec.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
DeltaCompressionDotNet.MsDelta.dll
[Authenticode]_a0e0b85b.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
DeltaCompressionDotNet.PatchApi.dll
[Authenticode]_2f2b5616.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
DeltaCompressionDotNet.dll
[Authenticode]_e827953d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
FontAwesome.WPF.dll
[Authenticode]_46f22c6c.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FontAwesome.WPF.g.resources
FontAwesome.WPF.FontAwesome.Icon.png
FontAwesome.WPF.FontAwesome.Icon.png-preview.png
Hardcodet.Wpf.TaskbarNotification.dll
[Authenticode]_5b0f8908.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
ICSharpCode.AvalonEdit.dll
[Authenticode]_4bca8efe.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
ICSharpCode.AvalonEdit.g.resources
ICSharpCode.AvalonEdit.Highlighting.Resources.ASPX.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Boo.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Coco-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.CPP-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.CSharp-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.CSS-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.HTML-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Java-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.JavaScript-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Json.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.MarkDown-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.MarkDownWithFontSize-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Patch-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.PHP-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.PowerShell.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Python-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.Tex-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.TSQL-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.VB-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.XML-Mode.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.XmlDoc.xshd
ICSharpCode.AvalonEdit.Highlighting.Resources.ModeV1.xsd
ICSharpCode.AvalonEdit.Highlighting.Resources.ModeV2.xsd
LetsGoogleAnalytics.dll
[Authenticode]_0496c053.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.rdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
LetsGoogleAnalytics.exe
[Authenticode]_90662ac9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.rdata
.bss
.idata
.CRT
.tls
.rsrc
4
19
31
45
57
70
81
92
Resources
RT_VERSION
ID:0001
ID:1033
LetsPRO.exe.config
LetsVPNDomainModel.dll
[Authenticode]_fbaa50af.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
LetsVPNInfraStructure.dll
[Authenticode]_b621910f.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
MdXaml.dll
[Authenticode]_8a44af6a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
MdXaml.g.resources
MdXaml.EmojiTable.txt
Microsoft.Bcl.AsyncInterfaces.dll
[Authenticode]_98a09c2b.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Expression.Interactions.dll
[Authenticode]_b790c2e6.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
ExceptionStringTable.resources
Microsoft.Toolkit.Uwp.Notifications.dll
[Authenticode]_a7a59bc6.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Web.WebView2.Core.dll
[Authenticode]_e43f40dd.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Web.WebView2.WinForms.dll
[Authenticode]_602289b1.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Web.WebView2.Wpf.dll
[Authenticode]_8b534af5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Win32.Primitives.dll
[Authenticode]_45201f61.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Microsoft.Win32.Registry.AccessControl.dll
[Authenticode]_238dd051.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
ILLink.Substitutions.xml
Microsoft.Win32.Registry.dll
[Authenticode]_c74061b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.Microsoft.Win32.Registry.SR.resources
ILLink.Substitutions.xml
Microsoft.Win32.SystemEvents.dll
[Authenticode]_62c6e924.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.Microsoft.Win32.SystemEvents.SR.resources
ILLink.Substitutions.xml
Mono.Cecil.Mdb.dll
[Authenticode]_e61cf2e7.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Mono.Cecil.Pdb.dll
[Authenticode]_f448cbaf.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Mono.Cecil.Rocks.dll
[Authenticode]_56713c6e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Mono.Cecil.dll
[Authenticode]_d1aa3df6.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Newtonsoft.Json.dll
[Authenticode]_657b2e1d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
NuGet.Squirrel.dll
[Authenticode]_31165592.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NuGet.CommonResources.resources
NuGet.Resources.AnalysisResources.resources
NuGet.Resources.NuGetResources.resources
PusherClient.dll
[Authenticode]_60f0666a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLite-net.dll
[Authenticode]_9af06b01.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLiteNetExtensions.dll
[Authenticode]_ddcf0580.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLiteNetExtensionsAsync.dll
[Authenticode]_b1eeee4b.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLitePCLRaw.batteries_v2.dll
[Authenticode]_3928e67a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLitePCLRaw.core.dll
[Authenticode]_0f4be75b.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLitePCLRaw.nativelibrary.dll
[Authenticode]_f24c61c9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SQLitePCLRaw.provider.dynamic_cdecl.dll
[Authenticode]_902f1cbd.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SVGImage.dll
[Authenticode]_8f73abff.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
SVGImage.g.resources
Sentry.dll
[Authenticode]_edebc316.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SharpCompress.dll
7z-stream @ 0x0006C1EC.7z
[Authenticode]_f0407503.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
Squirrel.dll
[Authenticode]_2172b970.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
SuperSocket.ClientEngine.dll
[Authenticode]_052b1562.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
System.AppContext.dll
[Authenticode]_348b7511.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
System.Buffers.dll
[Authenticode]_dda41f12.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
System.CodeDom.dll
[Authenticode]_c3ae9766.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION