6b9ca4cb...e64e | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Dropper
Spyware
Threat Names:
Win32.Neshta.A
Generic.Ransom.MedusaLocker.87AF3DD7
Win32.Neshta.H
...

va-1.8.exe

Windows Exe (x86-32)

Created at 2020-02-23T12:46:00

...

Remarks (1/1)

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Remarks

(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.

(0x0200001B): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\va-1.8.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 707.50 KB
MD5 0ea3051e5173035fc97c403746d67437 Copy to Clipboard
SHA1 e04260b5cc147207c3d18b9a486cb636b3a46ff8 Copy to Clipboard
SHA256 6b9ca4cbb68f23e164625614d9d074b7bb9e2c5aeb429034ed4d6440594ce64e Copy to Clipboard
SSDeep 12288:bnrtZu3/Kydq14vyMztq+Mp/t/qiALYr/yxw6mK4PwWV8gIVp0yhegwCVyL6Nm:jB8yydq14Yp/tCR0Gw6VNVVTheT Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
va-1.8.exe 1 0x00400000 0x0041AFFF Relevant Image True 32-bit 0x00402E4C True False
...
va-1.8.exe 1 0x00400000 0x0041AFFF Final Dump True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 859.38 KB
MD5 02ee6a3424782531461fb2f10713d3c1 Copy to Clipboard
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f Copy to Clipboard
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc Copy to Clipboard
SSDeep 24576:XWq1lx7SqE0xJ2pm8FiWCm3LHgZpJEHp37d:XWq171dxJ6mAQm3LHkJEJLd Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.93
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 547.91 KB
MD5 cf6c595d3e5e9667667af096762fd9c4 Copy to Clipboard
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce Copy to Clipboard
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d Copy to Clipboard
SSDeep 12288:4wXwNSO5X3IA1iBihI7XHgZQKhJgeCmvz016:4ew0O1IA1UiuLHgZpJEGgg Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{91140~2\ose.exe Modified File Binary
Malicious
...
»
Also Known As C:\MSOCache\ALLUSE~1\{91140~1\ose.exe (Modified File)
C:\MSOCache\ALLUSE~1\{91140~3\ose.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 210.85 KB
MD5 6cd2df651dc85a4e83f2a41175de1698 Copy to Clipboard
SHA1 800f6384a60a691cd4bff15157887d16af912406 Copy to Clipboard
SHA256 d387e1092ebc476e84d89f9fcef7636657bdf510472abde319cca49839c3fdf0 Copy to Clipboard
SSDeep 3072:sr85CXkXbVjAaX/0EVNt4xXqutFdNciAqnYCDb5+aVjMvhNOSH2S9oQacEHTM:k9XkXbVjF/ZNGtFdNdFnTDYZNjPFEHI Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{91140~1\setup.exe Modified File Binary
Malicious
...
»
Also Known As C:\MSOCache\ALLUSE~1\{91140~2\setup.exe (Modified File)
C:\MSOCache\ALLUSE~1\{91140~3\setup.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.35 MB
MD5 ecebfdda539dc1625cb96192a346b352 Copy to Clipboard
SHA1 540e81daf0010fe244d0597a36a69977f90ba640 Copy to Clipboard
SHA256 0d49226b68b857cebf61e1d88b4b657fc36c8555b47f6ad0dde78dd3d519f63c Copy to Clipboard
SSDeep 12288:20vbfvfhhSVvnB1diKLHH7rKf8YmylcH+zFUib8I7XHgZwKhJAeCGRcAlpjLFSLG:20Dfh6HHfKnE+RUi/LHgZJJkbipjZSMF Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.16
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 328.40 KB
MD5 06833eb240ba77efb86d6a6875e0f2b8 Copy to Clipboard
SHA1 efe3f0c2f678c89d2b8b42788f8f47e94ce1d58e Copy to Clipboard
SHA256 85ffe9ad8612a87195ee1bb9bdf918582434d40195c6ed737546ce534ad7912c Copy to Clipboard
SSDeep 6144:k9DQj1fi21FU9ReCgiq456Y73zFOQlxAQxgwRW9:TjHTU39qrY3VAQKw49 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.27 MB
MD5 c23201ad11384d6cfe20da5009981086 Copy to Clipboard
SHA1 32c020339704f69495c3775249432faee292821c Copy to Clipboard
SHA256 5242f21edb8226981e18c6c3f2c5016258ef689db8b09949a52a2d4733d627b6 Copy to Clipboard
SSDeep 24576:lJ9GKKYHBV9IUX1COOen9FhaFE6IrlWl0LM522MKojo:8YhIU8In9F+3Rl0QBMKoU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.34
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROTE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 88.41 KB
MD5 2f9ca87576c149e3ff08b3adf078a0da Copy to Clipboard
SHA1 39d2acc21701d09754da4389b2d3a0db8dc7e770 Copy to Clipboard
SHA256 288cebb17b66d3f638768d837131fd96554bc20c8e7490bea8f8e1e5489b865a Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJC3aQC0X9oc/Dvy+5oIKW1OXBV:sr85CKq9oGfWIKIOXBV Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.20 MB
MD5 bf1b6ee64688c62446464cbd9b7c29a6 Copy to Clipboard
SHA1 bcb87ecf6bfa3de0213d90d409c580000d1a038b Copy to Clipboard
SHA256 5910058d0ac2c92194cf8188f268908df3a502ffe11ffa010e8044a8b4727e02 Copy to Clipboard
SSDeep 24576:+HF464hrFuhc5r73klPyWQZULLXqr5E8iPwlOLlREi:h6GrFuhDlPZer5E809LlRf Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.24
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 132.89 KB
MD5 45eb25dde1c911e1b7a70dd646c90eef Copy to Clipboard
SHA1 1b1d49dba6556f7118e3074b41bb67d525cda4dd Copy to Clipboard
SHA256 ca82d4f4d983ab1832d9e6a612ab27aaff179b4d698293da50b5cd18d4660d96 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCwZ2hPo7UItUw+OC35QGB1vdmUNO5aQCXZ3afKr0cyifbgJuUXY:sr85CwZ2hQ05O6dNxHgOcf3w Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 348.97 KB
MD5 319632f74bcc6e69bb51397fe3cbd543 Copy to Clipboard
SHA1 24d77fca9f490d1cc7be7c7363a0b5690af05aac Copy to Clipboard
SHA256 a46d0e15b17a00abf38576b4063142b9f7d0cb3de20743992b9d097662729d5b Copy to Clipboard
SSDeep 6144:k9PlPnEGs7vQ1Y9A9ZMA7CQhdL+WTB0zITYbsc7JsOzebYS5kfcIL761g:CnE/74ykZMOAWTyzaWsYsYS5kf/L761g Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\WOW_HE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 112.40 KB
MD5 0c973dcc36b8bccf35e2a0abd05afc87 Copy to Clipboard
SHA1 e21200ab537504e902ff981b2d568e1ee4a7aef9 Copy to Clipboard
SHA256 87e02a3f24822405894212f38dd7c365385a404de2fe535c807c949fa785ef8c Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCUU5ZMrOcaQCjrEaYqnrgGZztdmYd0GWbBXf98K2+E:sr85CUU5Z4O9DYKlfmYd0GWhZ2+E Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 369.95 KB
MD5 fb76912655c09a4d38899ebfe65e3842 Copy to Clipboard
SHA1 c6a8b811066e3647cd04208411eb330bc772d039 Copy to Clipboard
SHA256 754ae95601ede971c1645e383c5a8b0a05ea01d7eb928ed4cb321f3af8a72cc0 Copy to Clipboard
SSDeep 6144:k98MwnQQQjB5eLhCB1wQhjEaHVpACc83ERd7QU4MpOTGlPVsh:fEjB5etCB1wQh3ed8U4kOh Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ACROBA~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 371.41 KB
MD5 3fb2072ae6456557ff4cdac55b3c1e70 Copy to Clipboard
SHA1 4f48076866f16cdba78d06121b193687ac8effd9 Copy to Clipboard
SHA256 127800696045a017a095864fc91a781ecb8d7ddd012209a4ad1c896457c68d72 Copy to Clipboard
SSDeep 6144:k9KIyhUblMIrCidfLALKPLF74wnHpqrMmPUlktXrAZQ:tjQrCiZLAGPLF742/wUStp Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 950.94 KB
MD5 18841715ef2edd5c1b1992965f6d59c1 Copy to Clipboard
SHA1 0d2f611aa6f9024dce932b85eea46f21587b457c Copy to Clipboard
SHA256 bbf61371c896a28c48a5942489493bfabb1ae41144e76ad2438783f751c77156 Copy to Clipboard
SSDeep 12288:c9ugxGsyhjbBMNGl+aS4uqMzvkgvC6EtupNwUMk1Zp3VQHM:c/yD2Gl+aSLzcAC6tPw8X6M Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\READER~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 371.41 KB
MD5 73fa790eb90ae0aad364e082b9455b06 Copy to Clipboard
SHA1 34295cb0db118c9f7ae78c0776458f746cb4f191 Copy to Clipboard
SHA256 c0931cb540ad7d8ec740e10702e46df7a9e70c3b5e2fa8960cae619b0f458cff Copy to Clipboard
SSDeep 6144:k9KIyhUblMIrCidfLALKPLF74wng6qrMmPUFbEXrAZQ:tjQrCiZLAGPLF74BIwUVEp Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaucheck.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 283.38 KB
MD5 044fc38d99f0f34244b90271460a6e5d Copy to Clipboard
SHA1 3a2efbd3af6eb85383070c1d0ac3f7fb75da8a38 Copy to Clipboard
SHA256 a62f842193e6cda8f19a8ba1e6d2b766de04b98fb4161125565df0e127e82eb8 Copy to Clipboard
SSDeep 6144:k9cO92P2jsIVi5CnYav1882nSYXVzJ0J7gl:7UsIVi5CnYjQYlzjl Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 270.38 KB
MD5 c8564c9f6038ea08a1535ec0090b85fd Copy to Clipboard
SHA1 fd438e11a0aecabc35f5cb553457471d1d7c6cac Copy to Clipboard
SHA256 c4c95b5511c0ad449dc502f121da655f3d6f1e5805b7ae36b1203566d451c825 Copy to Clipboard
SSDeep 6144:k9VX1a0SqWxrAbX1yqNNAQHSY52MNLF0g/:NqWxsbXgSiY5/H0i Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 535.88 KB
MD5 bdd42296076c239f66f7565648b0882f Copy to Clipboard
SHA1 6a2a756de486e5313d4cc349e58d4887390ff7b5 Copy to Clipboard
SHA256 ba29501a2becdc3611e11e79bcae5669c335175cf27941d64029794c312c3da7 Copy to Clipboard
SSDeep 6144:k9/BI4Eln+QR9UKWtlLMgEFj1XmmYLua4Qp5SYgCFj+V2Fom0m:u2PlxRCKWtlLMDnzYOV2ZX Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 288.88 KB
MD5 1c14e3664e471b56ce24e364a23a9384 Copy to Clipboard
SHA1 840b54b4bc90b7d909527cc097d665d30da97829 Copy to Clipboard
SHA256 d1781c2cd6ef372824de9d4e75916ad018ce49e22562c952e23457d94930d4d1 Copy to Clipboard
SSDeep 6144:k9/f9h2oXaqARzuE7ko1rWpU3rqjgEFj1F0xEt7p9Fi:0f9h9Xaqsyyko1rWaqjDKqt7Ni Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.5
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.18 MB
MD5 72cdc778871bf451db5e9f59f735b0bf Copy to Clipboard
SHA1 7b94006def143f4764490f0931c8916a69dd4ea8 Copy to Clipboard
SHA256 f3586014ef389443aa162691493bb6a7e828f3584d62c72e94002ab5ea400bd8 Copy to Clipboard
SSDeep 24576:wUOXAoyQy+gCgbKisSzGpMjmkNmAsEUwN1f:P5QrgCMKisijmk0AGwN5 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.08
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 125.84 KB
MD5 68f89d4d69fc5506cedec2f511bf2103 Copy to Clipboard
SHA1 aafc9a1a19f1e07710cc6a978e313bfbfb2a884f Copy to Clipboard
SHA256 8ff23bdec4cb9a8e4aada88a1734df7a44d6d3aeed6d6548bbc543bb1c6322da Copy to Clipboard
SSDeep 3072:sr85CeKyB0QRkTP+c2Bx95fpUHGZo5OiLXpWJwU:k92RkR25E15dLXpWJwU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Google\Chrome\APPLIC~1\580302~1.110\INSTAL~1\chrmstp.exe Modified File Binary
Malicious
...
»
Also Known As C:\PROGRA~2\Google\Chrome\APPLIC~1\580302~1.110\INSTAL~1\setup.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.68 MB
MD5 09d2933fc2d2b334e87b3fd4484c84a2 Copy to Clipboard
SHA1 a82e145ba6e4481701e188b2b58582d54cd134d7 Copy to Clipboard
SHA256 d8f8e68bbd5b555bbafda480dc6576bdad0d1222e553c163837f578f6d230134 Copy to Clipboard
SSDeep 24576:tdCpTfqA4IlU+orMubpXsqGZSCObcuWzbsT5qSTd5vvxqN:yNqRIlTorMubgSZ+zbsTP5vv2 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 2.85
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.13 MB
MD5 d0633026cfc61fd67e2f08930beb5549 Copy to Clipboard
SHA1 c72eb163fc31042e5d3d13c11ed00f6f0af698b9 Copy to Clipboard
SHA256 563bf1eaa6662b8ef225e0345823f4e0dedefe6eaaad3f5a5f288907702fb3b6 Copy to Clipboard
SSDeep 24576:vOAvSfKsu+qp+cxIaCi/6AzEINKC/J/TELPImw7s:7WKsuxp+c+kwA5J/TaIK Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.1
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\JABSWI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 87.41 KB
MD5 9f5e88d480ac62763166757ca12384f2 Copy to Clipboard
SHA1 dac7403ecfc9644676b37ad7c64ed4e4e65157b1 Copy to Clipboard
SHA256 c1ed6fe9490b48c012a3cbf8923e684e66a8b4f55dcc07c67fbedd2db77cb0f6 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCDZuTiy6GaRTUC+nCPlE:sr85C8n67TUC+n2 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\java.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 210.91 KB
MD5 97201492fe2a18ecb5ffc5d1625a6f0e Copy to Clipboard
SHA1 52c7204af851810898f02d0b901e63c99419aab7 Copy to Clipboard
SHA256 a49f9fd708f57c053b06da40b7c4a8c833dcfe6385ddedd8fa4536832cd5da0f Copy to Clipboard
SSDeep 3072:sr85C/qjHbX4UsGZ2GRsMldso2TBfxUsjZqMNNTOkNMsdx8e96OtV4:k9/uUUaGRskB2TB7v5O+MsPftW Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javacpl.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 105.91 KB
MD5 89e308f2b61e49d8ec5f05b0e77595d0 Copy to Clipboard
SHA1 839ce87f00018bdb1d42e545a93e6c88236b468b Copy to Clipboard
SHA256 21e3f9857f936b07fca85485774e1c7f21c6b56f9bb3bfbdc09beccf05e709aa Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJC/rmKqjh3rmKPNWVGB29LBo3soO9qp77:sr85C/qfjZqMNWVGUWO9qx Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javaw.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 211.41 KB
MD5 e249b7239ea0d2d1d3b05c1b78739b97 Copy to Clipboard
SHA1 5754d73e42330c6b627b8430fcbb8626bed7c312 Copy to Clipboard
SHA256 3989347568a7b4cea5b3979fe50d3bf13f8e4e3b99c6f428f4bc6c25bd541a34 Copy to Clipboard
SSDeep 3072:sr85C/qOkqrjb8ac8ChYi2/6XW2TBfhRAjZqMNgVub9DpE9wEWjxrY:k9/Fx78aWYi2yG2TBovCuZ1E9ExU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javaws.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 298.91 KB
MD5 a7462b27a01ab078643de6d16bb9f4ed Copy to Clipboard
SHA1 cc8a534708043a1da6137f17d423d8c05f21548d Copy to Clipboard
SHA256 94cca6e3c376af0a40e1d5678391c557813b5819e4f4556c92fd40475f942877 Copy to Clipboard
SSDeep 6144:k9/dhwHspYalIRnuCC8dLAyzWcWpyo7dv6dkiCx:GkMCaCRtjlJz5W5dv6dknx Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\JP2LAU~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 91.91 KB
MD5 66d1953bd40d4cd03f5ccb30fd96e564 Copy to Clipboard
SHA1 726933a1ec8322fca71a32131c2728587ceadfc0 Copy to Clipboard
SHA256 1b3338c82ade18af800aae1137353950666a578a55f4d686e0998b2718e34433 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCfgnIjhbBaGuDEUjTVsfeC78OtkCXVoT:sr85CfljhV2jTVsfeC78Ot3VoT Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\jqs.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 218.91 KB
MD5 3fa9eca27887a220f1cba28c594c441d Copy to Clipboard
SHA1 564f4b215288b296db810da883a5d24910280a01 Copy to Clipboard
SHA256 4817b7af4f226e95a3ddc3ba5c49eec372b81a5f3e7b18aff6908e43be8d72a4 Copy to Clipboard
SSDeep 3072:sr85CGW2WFxvUHQnkZwHRsDZo+nSOeM6NOoHpHBGh+akAjRr8F:k9GIUHQnkZwHRsrnN6NOoJHBrak0Rr8F Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\ssvagent.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 88.41 KB
MD5 bfe78e9f8f7a709d1b657b8ac33a8106 Copy to Clipboard
SHA1 30b16893521708d791369967d73eacfaa200c71c Copy to Clipboard
SHA256 e5b57c66f9183f5ac14bcc9799148562e5c0ed99ef1b2dff610a8925b2ec375a Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCKAd5pWkqw7RIP1i60WnoTHHkvOpsxds:sr85CrT/IP1ZV4YOpsxy Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\UNPACK~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 183.41 KB
MD5 f9e213c61c11522fe77454d35b176648 Copy to Clipboard
SHA1 1870a9b9de619e5df211df45c42a489fa8a38ba6 Copy to Clipboard
SHA256 fd3ec605ae9d0794aa77328c979b50f3447e3e159dc66e8a7dcdda808baa8509 Copy to Clipboard
SSDeep 3072:sr85C9fnLQobq76TBfPsRF0WkTacsNPY3:k99vJLTBHsRS52A Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 109.88 KB
MD5 44623cc33b1bd689381de8fe6bcd90d1 Copy to Clipboard
SHA1 187d4f8795c6f87dd402802723e4611bf1d8089e Copy to Clipboard
SHA256 380154eab37e79ed26a7142b773b8a8df6627c64c99a434d5a849b18d34805ba Copy to Clipboard
SSDeep 3072:sr85CKdogcgVZlhOP4l9ovN7hYFjZUAFxO9:k9KdJcehOPQcibUoG Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\CRASHR~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 155.11 KB
MD5 fb23c759ccc18cd6806952485d7cee63 Copy to Clipboard
SHA1 23fb357a84f85af9c6caee2c632eaa6df19afa49 Copy to Clipboard
SHA256 d5359c0a78f60e23602e514714554465b4c470f80fe2b23cdb0e76bfe1784507 Copy to Clipboard
SSDeep 3072:sr85CxYn+JsHwIha+owO06V0ZhuW+jgUsucRH68llNjWnQA:k9SkIha+1O06MucucRHrlNjWnr Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.31
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\firefox.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 309.61 KB
MD5 71d12dacfabb3e7b897607ee075332e7 Copy to Clipboard
SHA1 e139cb3f21102196cbc3426f282a5d49006b629d Copy to Clipboard
SHA256 9009bbd3c92aa5c594e421a2197fc3e874737b71dc3bda07a7ad53fb849083e5 Copy to Clipboard
SSDeep 6144:k9R/SHdCzx5xoX3/Di6R/SHdCzxkRNsclL:p+03/DipNN Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.77
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\MAINTE~2.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 230.49 KB
MD5 c2969cf43a28792b2152c48352824361 Copy to Clipboard
SHA1 56a697fc4d4324dad49590847c79829e899f5800 Copy to Clipboard
SHA256 daf27e61c9abad5564856a0b89354e07bb06dd9b471f127d2d4499ed51b93dd2 Copy to Clipboard
SSDeep 3072:sr85CORD5bargK0nFmp6ISnU/RDObs+nFmp6ISLR+UszWOITsEL50jl7yAUY:k9UD56gKcFmcjnU5DOtFmcjdWzZZLUY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\UNINST~1\helper.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 892.41 KB
MD5 dd0c9910a772b54fbe20a7ccfad6543a Copy to Clipboard
SHA1 dcabe122dfce50d4c7fc513cead30c8c2ef5461a Copy to Clipboard
SHA256 4ce1a64fbc57f991f7568ba41e1d532e23d0cc0065f4faa89067ccaf93c572b8 Copy to Clipboard
SSDeep 24576:Tvjgi8i7a4HKvkTgXuquveY+W2o8oT3ezMrl9cekcHhXh9HJUiWUXsmqsqzl87ay:L0i8iNHKvkTgXuquveY+W2o8oT3ezMrT Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\updater.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 308.11 KB
MD5 9b6fb5455717c904fb88215d220c0de8 Copy to Clipboard
SHA1 24096407225a001351bf8984e247a348487a2a98 Copy to Clipboard
SHA256 bbec258d47c6f6dc0a98573b6c0c996cc8c79fde3824d949d597fd9f1ccc4c30 Copy to Clipboard
SSDeep 6144:k9FQZ+Ac2rdvMSu0jLPpyzx3PfcKrKywoNSHhsa30I:7Z7c2BvMl0SZdGy12s9I Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.41
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\WEBAPP~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 207.45 KB
MD5 9ed1efaa9c9985e36b66685163d3d52f Copy to Clipboard
SHA1 086dae1793eb8a9a368d3bc06c3d3f36195b52e5 Copy to Clipboard
SHA256 a20825feb4e7aca781835ce4c5d610b0f9c733b51a7552d34891c571435a6d89 Copy to Clipboard
SSDeep 3072:sr85CfnFmL9nFm++FVs+pwD86szWOITsEL50jl7y6WM:k9PFmLFFm++WDSzZZB Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 2.64
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\WEBAPP~2.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 146.11 KB
MD5 d2397ccc7d42e4a42d0c6507bbe1a600 Copy to Clipboard
SHA1 c26a9f7cdbcdbe3849c62f2e9f154eed71c33df2 Copy to Clipboard
SHA256 f1b62b4f79fbe8047780ec88620d3dbae4e9cf96a0ed21219ba5214b259b2f12 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCTORvmucEnwQIknOch9zcxQORBRVOLsWzvIDfQ3vtMd0u6akYLh:sr85CyDPph9YxQ+kLVIDo9u6aFLR3 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE Modified File Binary
Malicious
...
»
Also Known As C:\PROGRA~2\MOZILL~2\MAINTE~1.EXE (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 157.11 KB
MD5 9698f293ce48e91f1f0b5a1e15a7437b Copy to Clipboard
SHA1 36985011865182cd93f2bf19cb31ee800c880828 Copy to Clipboard
SHA256 1ec370afdc1478aace34ce4942ef9997d8bde370f4dcb3163fe39332cb31f680 Copy to Clipboard
SSDeep 3072:sr85CTisLKjwrYJkgqYznbElRLmypxF1pxK0IvCBrM2wARg3NY:k9TvKjwrYJkgrzomS1rzndM2wAgNY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~2\UNINST~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 144.22 KB
MD5 f42808056456bd6b58962e33659bdd8e Copy to Clipboard
SHA1 c244414497d2934009982e66532140b22df01999 Copy to Clipboard
SHA256 9248229018c6519cb437c32627cc68837acc746b5d95ff3f9b115858f8c2e2a3 Copy to Clipboard
SSDeep 3072:sr85CORD5bar5+nFmp6ISNUszWOITsEL50jl7yAUY:k9UD56UFmcjBzZZLUY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 485.54 KB
MD5 86749cd13537a694795be5d87ef7106d Copy to Clipboard
SHA1 538030845680a8be8219618daee29e368dc1e06c Copy to Clipboard
SHA256 8c35dcc975a5c7c687686a3970306452476d17a89787bc5bd3bf21b9de0d36a5 Copy to Clipboard
SSDeep 12288:/0IursYCYQeSnyZJiqlEbXSb9NtoqOFBqkYHkZH:8MYenGJiKEbXWtpOLl5 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{3C3AA~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 492.66 KB
MD5 1fb52c3b911b16c4025e078942dcbd56 Copy to Clipboard
SHA1 f64adeb53929b6e65d0f13826909bbd25cc22f88 Copy to Clipboard
SHA256 ca85b096091c40bb13521e4186d84b3d8640b85b152e190e0c34a7a3bd4f85fc Copy to Clipboard
SSDeep 12288:9B+pwPprnVmLmDsC+FU+ZOSz09tzZuE8EEXymOz:XDFncLmKDZOSzoFvEXLOz Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 485.40 KB
MD5 87f15006aea3b4433e226882a56f188d Copy to Clipboard
SHA1 e3ad6beb8229af62b0824151dbf546c0506d4f65 Copy to Clipboard
SHA256 8d0045c74270281c705009d49441167c8a51ac70b720f84ff941b39fad220919 Copy to Clipboard
SSDeep 12288:/0IursYCYQeSnyZJiqlEbXSb9NtCGOF2O27MVz+ZH:8MYenGJiKEbXWtfOkU+ Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{E52A6~1\VC_RED~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 804.05 KB
MD5 3499f4a53c097c89b703b7a456a11e48 Copy to Clipboard
SHA1 4249b9f8b9c312e3923780a997ccb1220e16c1eb Copy to Clipboard
SHA256 2c0ee7a40fc29a3dc067a94aea90e614afe006bfdc22baee502d27a6b867ab12 Copy to Clipboard
SSDeep 12288:TCtQO4Nai3jk/PvJKAgpZ9UKI7GLwtl1fAmdB2/a/172SJo10GSc5AqkL:TIgNaPRKAgL9UE8tl1fKa/o1XPxkL Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{E6E75~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 492.62 KB
MD5 075b18e41ed71184f2a2cc5d199cd3db Copy to Clipboard
SHA1 d317487bb047acee0503ed9fd86cbc830b38ff67 Copy to Clipboard
SHA256 500dde1f7a2f805d943acf9da16b77d5cba79fc587e2b27f67371c0c9bbc81cc Copy to Clipboard
SSDeep 12288:9B+pwPprnVmLmDsC+FU+ZOSzLBtzodfwkcAymOz:XDFncLmKDZOSzNFWRTLOz Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{F325F~1\VC_RED~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 804.05 KB
MD5 b2f2e34bd55637b4c83674b4fbe81fd6 Copy to Clipboard
SHA1 4164124cbbe2d29d3c3dbd7c474b2d924f46a1b9 Copy to Clipboard
SHA256 75a3d9954d18205ac9e3498cd862a04234d3b4dcaa4f636335f5b17a5f82d8a3 Copy to Clipboard
SSDeep 12288:TCtQO4Nai3jk/PbdKXyuR/gYawF7f3txXoioeqZqU2/TyW1yAqkL:TIgNaP5KXNt5dxXEeq8fExkL Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5P5NRG~1\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\CLICEX~1.000\GOOGLE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.12 MB
MD5 d189f721090dd0d64d7c470ad366cab5 Copy to Clipboard
SHA1 39583c2f42d8b353e10f4408df4b23ecc69f105e Copy to Clipboard
SHA256 508cf1eb65e09a3139664008b4d692b44991c3f53a7edd000b63ca4e492ea235 Copy to Clipboard
SSDeep 24576:ujDN2+fvw1wh/jSaRjJFS1t/1nCXD8FTI9nZTDReeEYAiBBBp1Ejb:2DN2+HBNRj/inCXDIshZTDRLB7p1ib Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.26
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Windows\svchost.com Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 40.50 KB
MD5 36fd5e09c417c767a952b4609d73a54b Copy to Clipboard
SHA1 299399c5a2403080a5bf67fb46faec210025b36d Copy to Clipboard
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2 Copy to Clipboard
SSDeep 768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5P5NRG~1\AppData\Local\Temp\3582-490\va-1.8.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\svhost.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 667.00 KB
MD5 72874d97065bbcebbd165f0c347910c8 Copy to Clipboard
SHA1 252f9105fe80f0167006569641a769c11c663787 Copy to Clipboard
SHA256 5aa810e4891538670cc0db6274b7276abe84e8ccbbaef1d3b1208b9ad419a9fa Copy to Clipboard
SSDeep 12288:FwCVyL6NTnrtZu3/Kydq14vyMztq+Mp/t/qiALYr/yxw6mK4PwWV8gIVp0yhe:zB8yydq14Yp/tCR0Gw6VNVVThe Copy to Clipboard
ImpHash 1a395bd10b20c116b11c2db5ee44c225 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x439aef
Size Of Code 0x72200
Size Of Initialized Data 0x35800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-12-18 16:34:58+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x72016 0x72200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.54
.rdata 0x474000 0x2ad52 0x2ae00 0x72600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.59
.data 0x49f000 0x4b68 0x3a00 0x9d400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.78
.rsrc 0x4a4000 0x1e0 0x200 0xa0e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
.reloc 0x4a5000 0x5a6c 0x5c00 0xa1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.57
Imports (11)
»
KERNEL32.dll (138)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Process32NextW 0x0 0x474078 0x9dc80 0x9c280 0x42e
Process32FirstW 0x0 0x47407c 0x9dc84 0x9c284 0x42c
CreateProcessW 0x0 0x474080 0x9dc88 0x9c288 0xe5
GetTickCount 0x0 0x474084 0x9dc8c 0x9c28c 0x307
CopyFileW 0x0 0x474088 0x9dc90 0x9c290 0xad
GetCurrentProcess 0x0 0x47408c 0x9dc94 0x9c294 0x217
WriteConsoleW 0x0 0x474090 0x9dc98 0x9c298 0x611
CreateToolhelp32Snapshot 0x0 0x474094 0x9dc9c 0x9c29c 0xfc
OpenProcess 0x0 0x474098 0x9dca0 0x9c2a0 0x40d
WaitForSingleObject 0x0 0x47409c 0x9dca4 0x9c2a4 0x5d7
TerminateProcess 0x0 0x4740a0 0x9dca8 0x9c2a8 0x58c
FindClose 0x0 0x4740a4 0x9dcac 0x9c2ac 0x175
FindNextVolumeW 0x0 0x4740a8 0x9dcb0 0x9c2b0 0x191
GetVolumePathNamesForVolumeNameW 0x0 0x4740ac 0x9dcb4 0x9c2b4 0x324
FindVolumeClose 0x0 0x4740b0 0x9dcb8 0x9c2b8 0x198
SetVolumeMountPointW 0x0 0x4740b4 0x9dcbc 0x9c2bc 0x574
FindFirstVolumeW 0x0 0x4740b8 0x9dcc0 0x9c2c0 0x186
QueryDosDeviceW 0x0 0x4740bc 0x9dcc4 0x9c2c4 0x445
GetEnvironmentVariableW 0x0 0x4740c0 0x9dcc8 0x9c2c8 0x239
GetLogicalDrives 0x0 0x4740c4 0x9dccc 0x9c2cc 0x268
GetProcessHeap 0x0 0x4740c8 0x9dcd0 0x9c2d0 0x2b4
MoveFileExW 0x0 0x4740cc 0x9dcd4 0x9c2d4 0x3e8
SetFilePointerEx 0x0 0x4740d0 0x9dcd8 0x9c2d8 0x523
HeapAlloc 0x0 0x4740d4 0x9dcdc 0x9c2dc 0x345
CloseHandle 0x0 0x4740d8 0x9dce0 0x9c2e0 0x86
GetLastError 0x0 0x4740dc 0x9dce4 0x9c2e4 0x261
SetFileAttributesW 0x0 0x4740e0 0x9dce8 0x9c2e8 0x51d
GetFileAttributesW 0x0 0x4740e4 0x9dcec 0x9c2ec 0x245
CreateFileW 0x0 0x4740e8 0x9dcf0 0x9c2f0 0xcb
WriteFile 0x0 0x4740ec 0x9dcf4 0x9c2f4 0x612
HeapSize 0x0 0x4740f0 0x9dcf8 0x9c2f8 0x34e
GetConsoleMode 0x0 0x4740f4 0x9dcfc 0x9c2fc 0x1fc
GetConsoleCP 0x0 0x4740f8 0x9dd00 0x9c300 0x1ea
FlushFileBuffers 0x0 0x4740fc 0x9dd04 0x9c304 0x19f
SetStdHandle 0x0 0x474100 0x9dd08 0x9c308 0x54a
FreeEnvironmentStringsW 0x0 0x474104 0x9dd0c 0x9c30c 0x1aa
GetEnvironmentStringsW 0x0 0x474108 0x9dd10 0x9c310 0x237
GetCommandLineW 0x0 0x47410c 0x9dd14 0x9c314 0x1d7
GetCommandLineA 0x0 0x474110 0x9dd18 0x9c318 0x1d6
GetOEMCP 0x0 0x474114 0x9dd1c 0x9c31c 0x297
GetACP 0x0 0x474118 0x9dd20 0x9c320 0x1b2
IsValidCodePage 0x0 0x47411c 0x9dd24 0x9c324 0x38b
HeapReAlloc 0x0 0x474120 0x9dd28 0x9c328 0x34c
GetFileType 0x0 0x474124 0x9dd2c 0x9c32c 0x24e
GetTimeZoneInformation 0x0 0x474128 0x9dd30 0x9c330 0x30e
EnumSystemLocalesW 0x0 0x47412c 0x9dd34 0x9c334 0x154
HeapFree 0x0 0x474130 0x9dd38 0x9c338 0x349
GetFileSizeEx 0x0 0x474134 0x9dd3c 0x9c33c 0x24c
GetUserDefaultLCID 0x0 0x474138 0x9dd40 0x9c340 0x312
IsValidLocale 0x0 0x47413c 0x9dd44 0x9c344 0x38d
GetTimeFormatW 0x0 0x474140 0x9dd48 0x9c348 0x30c
GetDateFormatW 0x0 0x474144 0x9dd4c 0x9c34c 0x221
GetStdHandle 0x0 0x474148 0x9dd50 0x9c350 0x2d2
ReadFile 0x0 0x47414c 0x9dd54 0x9c354 0x473
OpenMutexW 0x0 0x474150 0x9dd58 0x9c358 0x409
Sleep 0x0 0x474154 0x9dd5c 0x9c35c 0x57d
CreateMutexW 0x0 0x474158 0x9dd60 0x9c360 0xda
GetModuleFileNameW 0x0 0x47415c 0x9dd64 0x9c364 0x274
SetEnvironmentVariableW 0x0 0x474160 0x9dd68 0x9c368 0x514
EncodePointer 0x0 0x474164 0x9dd6c 0x9c36c 0x12d
DecodePointer 0x0 0x474168 0x9dd70 0x9c370 0x109
RaiseException 0x0 0x47416c 0x9dd74 0x9c374 0x462
GetCurrentThreadId 0x0 0x474170 0x9dd78 0x9c378 0x21c
IsProcessorFeaturePresent 0x0 0x474174 0x9dd7c 0x9c37c 0x386
QueueUserWorkItem 0x0 0x474178 0x9dd80 0x9c380 0x457
GetModuleHandleExW 0x0 0x47417c 0x9dd84 0x9c384 0x277
EnterCriticalSection 0x0 0x474180 0x9dd88 0x9c388 0x131
LeaveCriticalSection 0x0 0x474184 0x9dd8c 0x9c38c 0x3bd
TryEnterCriticalSection 0x0 0x474188 0x9dd90 0x9c390 0x5a7
DeleteCriticalSection 0x0 0x47418c 0x9dd94 0x9c394 0x110
QueryPerformanceCounter 0x0 0x474190 0x9dd98 0x9c398 0x44d
QueryPerformanceFrequency 0x0 0x474194 0x9dd9c 0x9c39c 0x44e
FormatMessageW 0x0 0x474198 0x9dda0 0x9c3a0 0x1a7
WideCharToMultiByte 0x0 0x47419c 0x9dda4 0x9c3a4 0x5fe
MultiByteToWideChar 0x0 0x4741a0 0x9dda8 0x9c3a8 0x3ef
FindFirstFileExW 0x0 0x4741a4 0x9ddac 0x9c3ac 0x17b
FindNextFileW 0x0 0x4741a8 0x9ddb0 0x9c3b0 0x18c
GetFileAttributesExW 0x0 0x4741ac 0x9ddb4 0x9c3b4 0x242
SetLastError 0x0 0x4741b0 0x9ddb8 0x9c3b8 0x532
InitializeCriticalSectionAndSpinCount 0x0 0x4741b4 0x9ddbc 0x9c3bc 0x35f
CreateEventW 0x0 0x4741b8 0x9ddc0 0x9c3c0 0xbf
SwitchToThread 0x0 0x4741bc 0x9ddc4 0x9c3c4 0x587
TlsAlloc 0x0 0x4741c0 0x9ddc8 0x9c3c8 0x59e
TlsGetValue 0x0 0x4741c4 0x9ddcc 0x9c3cc 0x5a0
TlsSetValue 0x0 0x4741c8 0x9ddd0 0x9c3d0 0x5a1
TlsFree 0x0 0x4741cc 0x9ddd4 0x9c3d4 0x59f
GetSystemTimeAsFileTime 0x0 0x4741d0 0x9ddd8 0x9c3d8 0x2e9
GetModuleHandleW 0x0 0x4741d4 0x9dddc 0x9c3dc 0x278
GetProcAddress 0x0 0x4741d8 0x9dde0 0x9c3e0 0x2ae
WaitForSingleObjectEx 0x0 0x4741dc 0x9dde4 0x9c3e4 0x5d8
GetStringTypeW 0x0 0x4741e0 0x9dde8 0x9c3e8 0x2d7
CompareStringW 0x0 0x4741e4 0x9ddec 0x9c3ec 0x9b
LCMapStringW 0x0 0x4741e8 0x9ddf0 0x9c3f0 0x3b1
GetLocaleInfoW 0x0 0x4741ec 0x9ddf4 0x9c3f4 0x265
GetCPInfo 0x0 0x4741f0 0x9ddf8 0x9c3f8 0x1c1
SetEvent 0x0 0x4741f4 0x9ddfc 0x9c3fc 0x516
ResetEvent 0x0 0x4741f8 0x9de00 0x9c400 0x4c6
UnhandledExceptionFilter 0x0 0x4741fc 0x9de04 0x9c404 0x5ad
SetUnhandledExceptionFilter 0x0 0x474200 0x9de08 0x9c408 0x56d
IsDebuggerPresent 0x0 0x474204 0x9de0c 0x9c40c 0x37f
GetStartupInfoW 0x0 0x474208 0x9de10 0x9c410 0x2d0
GetCurrentProcessId 0x0 0x47420c 0x9de14 0x9c414 0x218
InitializeSListHead 0x0 0x474210 0x9de18 0x9c418 0x363
LocalFree 0x0 0x474214 0x9de1c 0x9c41c 0x3cf
CreateTimerQueue 0x0 0x474218 0x9de20 0x9c420 0xfa
SignalObjectAndWait 0x0 0x47421c 0x9de24 0x9c424 0x57b
CreateThread 0x0 0x474220 0x9de28 0x9c428 0xf3
SetThreadPriority 0x0 0x474224 0x9de2c 0x9c42c 0x55e
GetThreadPriority 0x0 0x474228 0x9de30 0x9c430 0x301
GetLogicalProcessorInformation 0x0 0x47422c 0x9de34 0x9c434 0x269
CreateTimerQueueTimer 0x0 0x474230 0x9de38 0x9c438 0xfb
ChangeTimerQueueTimer 0x0 0x474234 0x9de3c 0x9c43c 0x78
DeleteTimerQueueTimer 0x0 0x474238 0x9de40 0x9c440 0x11a
GetNumaHighestNodeNumber 0x0 0x47423c 0x9de44 0x9c444 0x289
GetProcessAffinityMask 0x0 0x474240 0x9de48 0x9c448 0x2af
SetThreadAffinityMask 0x0 0x474244 0x9de4c 0x9c44c 0x553
RegisterWaitForSingleObject 0x0 0x474248 0x9de50 0x9c450 0x4a9
UnregisterWait 0x0 0x47424c 0x9de54 0x9c454 0x5b6
GetCurrentThread 0x0 0x474250 0x9de58 0x9c458 0x21b
GetThreadTimes 0x0 0x474254 0x9de5c 0x9c45c 0x305
FreeLibrary 0x0 0x474258 0x9de60 0x9c460 0x1ab
FreeLibraryAndExitThread 0x0 0x47425c 0x9de64 0x9c464 0x1ac
GetModuleHandleA 0x0 0x474260 0x9de68 0x9c468 0x275
LoadLibraryExW 0x0 0x474264 0x9de6c 0x9c46c 0x3c3
GetVersionExW 0x0 0x474268 0x9de70 0x9c470 0x31b
VirtualAlloc 0x0 0x47426c 0x9de74 0x9c474 0x5c6
VirtualProtect 0x0 0x474270 0x9de78 0x9c478 0x5cc
VirtualFree 0x0 0x474274 0x9de7c 0x9c47c 0x5c9
DuplicateHandle 0x0 0x474278 0x9de80 0x9c480 0x12b
ReleaseSemaphore 0x0 0x47427c 0x9de84 0x9c484 0x4b4
InterlockedPopEntrySList 0x0 0x474280 0x9de88 0x9c488 0x36e
InterlockedPushEntrySList 0x0 0x474284 0x9de8c 0x9c48c 0x36f
InterlockedFlushSList 0x0 0x474288 0x9de90 0x9c490 0x36c
QueryDepthSList 0x0 0x47428c 0x9de94 0x9c494 0x443
UnregisterWaitEx 0x0 0x474290 0x9de98 0x9c498 0x5b7
LoadLibraryW 0x0 0x474294 0x9de9c 0x9c49c 0x3c4
RtlUnwind 0x0 0x474298 0x9dea0 0x9c4a0 0x4d3
ExitProcess 0x0 0x47429c 0x9dea4 0x9c4a4 0x15e
ADVAPI32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptExportKey 0x0 0x474000 0x9dc08 0x9c208 0xd0
RegCreateKeyW 0x0 0x474004 0x9dc0c 0x9c20c 0x267
RegOpenKeyExW 0x0 0x474008 0x9dc10 0x9c210 0x28c
RegSetValueExW 0x0 0x47400c 0x9dc14 0x9c214 0x2a9
RegCloseKey 0x0 0x474010 0x9dc18 0x9c218 0x25b
CryptReleaseContext 0x0 0x474014 0x9dc1c 0x9c21c 0xdc
CryptGenKey 0x0 0x474018 0x9dc20 0x9c220 0xd1
CryptImportKey 0x0 0x47401c 0x9dc24 0x9c224 0xdb
OpenProcessToken 0x0 0x474020 0x9dc28 0x9c228 0x215
GetTokenInformation 0x0 0x474024 0x9dc2c 0x9c22c 0x170
CloseServiceHandle 0x0 0x474028 0x9dc30 0x9c230 0x65
OpenSCManagerW 0x0 0x47402c 0x9dc34 0x9c234 0x217
DeleteService 0x0 0x474030 0x9dc38 0x9c238 0xec
ControlService 0x0 0x474034 0x9dc3c 0x9c23c 0x6a
EnumDependentServicesW 0x0 0x474038 0x9dc40 0x9c240 0x10f
OpenServiceW 0x0 0x47403c 0x9dc44 0x9c244 0x219
QueryServiceStatusEx 0x0 0x474040 0x9dc48 0x9c248 0x251
CryptDestroyKey 0x0 0x474044 0x9dc4c 0x9c24c 0xc8
CryptAcquireContextW 0x0 0x474048 0x9dc50 0x9c250 0xc2
CryptEncrypt 0x0 0x47404c 0x9dc54 0x9c254 0xcb
CryptDuplicateKey 0x0 0x474050 0x9dc58 0x9c258 0xca
RegDeleteValueW 0x0 0x474054 0x9dc5c 0x9c25c 0x273
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHEmptyRecycleBinW 0x0 0x4742ec 0x9def4 0x9c4f4 0x13a
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CLSIDFromString 0x0 0x4742fc 0x9df04 0x9c504 0xc
IIDFromString 0x0 0x474300 0x9df08 0x9c508 0x102
CoInitializeEx 0x0 0x474304 0x9df0c 0x9c50c 0x5e
CoGetObject 0x0 0x474308 0x9df10 0x9c510 0x51
CoInitialize 0x0 0x47430c 0x9df14 0x9c514 0x5d
CoUninitialize 0x0 0x474310 0x9df18 0x9c518 0x8d
CoCreateInstance 0x0 0x474314 0x9df1c 0x9c51c 0x28
CoInitializeSecurity 0x0 0x474318 0x9df20 0x9c520 0x5f
OLEAUT32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocStringByteLen 0x96 0x4742b8 0x9dec0 0x9c4c0 -
VariantClear 0x9 0x4742bc 0x9dec4 0x9c4c4 -
SysAllocString 0x2 0x4742c0 0x9dec8 0x9c4c8 -
SysStringByteLen 0x95 0x4742c4 0x9decc 0x9c4cc -
VariantInit 0x8 0x4742c8 0x9ded0 0x9c4d0 -
SysFreeString 0x6 0x4742cc 0x9ded4 0x9c4d4 -
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptStringToBinaryA 0x0 0x47405c 0x9dc64 0x9c264 0xe3
MPR.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetGetConnectionW 0x0 0x4742a4 0x9deac 0x9c4ac 0x2b
NETAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetApiBufferFree 0x0 0x4742ac 0x9deb4 0x9c4b4 0x51
NetShareEnum 0x0 0x4742b0 0x9deb8 0x9c4b8 0xde
IPHLPAPI.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IcmpSendEcho 0x0 0x474064 0x9dc6c 0x9c26c 0x99
IcmpCloseHandle 0x0 0x474068 0x9dc70 0x9c270 0x96
GetAdaptersInfo 0x0 0x47406c 0x9dc74 0x9c274 0x44
IcmpCreateFile 0x0 0x474070 0x9dc78 0x9c278 0x97
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
inet_addr 0xb 0x4742f4 0x9defc 0x9c4fc -
RstrtMgr.DLL (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RmShutdown 0x0 0x4742d4 0x9dedc 0x9c4dc 0xa
RmRegisterResources 0x0 0x4742d8 0x9dee0 0x9c4e0 0x6
RmStartSession 0x0 0x4742dc 0x9dee4 0x9c4e4 0xb
RmGetList 0x0 0x4742e0 0x9dee8 0x9c4e8 0x4
RmEndSession 0x0 0x4742e4 0x9deec 0x9c4ec 0x2
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
va-1.8.exe 2 0x00090000 0x0013AFFF Relevant Image True 32-bit 0x000FE4F1 True False
...
va-1.8.exe 2 0x00090000 0x0013AFFF Final Dump True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Generic.Ransom.MedusaLocker.87AF3DD7
Malicious
C:\Boot\BOOTSTAT.DAT.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Boot\BOOTSTAT.DAT (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 84dee55e450fb78ec85aa7a793c865ae Copy to Clipboard
SHA1 e615b2ee63915e414f35b56f4d8d806134d48bce Copy to Clipboard
SHA256 f959394d618a02ae0c1e19d930e7c12a5668953a599906cbaebe02c2c6848342 Copy to Clipboard
SSDeep 1536:ENt/jU+wuSOh7KCKVd1351cyN/+l1GpeMcNY4e6lhIC+ExaBSffhe4E:8/D3h7Kr55/+lcdcX/ICTxh3h2 Copy to Clipboard
ImpHash -
C:\BOOTSECT.BAK Modified File Stream
Unknown
...
»
Also Known As C:\BOOTSECT.BAK.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 07548b222e3772b9cae2ffab5f9ce3ce Copy to Clipboard
SHA1 8c72bbd92f032aac039e1c6b4c597e4c9b3f0e8c Copy to Clipboard
SHA256 08dae81289d0637f5d71e60d5bc0f7ca7308cffded6c7a182cbe919c0d017856 Copy to Clipboard
SSDeep 192:c4tzRdkmCam5puCY5Y+dsILQva9RxNyTPuj2+STxidZ8Os7b:5tzX3EpuQ+dsILQvWLNYxiyb Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 32574b089603a28d34c1fc4bbf1b83bd Copy to Clipboard
SHA1 5f5ad77e10aa08f22cebe5394088ae8c4b4d2a49 Copy to Clipboard
SHA256 aa4f2a66745f22f717838ff5cfceff08f58fa32ec171a07b93c2c6ba83859c55 Copy to Clipboard
SSDeep 192:vIpySaaWrbFUMcQASQSkhpGI4/zkPt5hZucRjDZApkpTm0t:g6bvOMdAqkWHrEKcDQ0t Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 7f72c24a7e225c96991f40d53e6bd7b1 Copy to Clipboard
SHA1 7b5f71124dfb963646f903afeae26f399032ac35 Copy to Clipboard
SHA256 108038d1452db4fc16dabc75ba1082bd39708dd9e0115a786f4d07eab843c0b3 Copy to Clipboard
SSDeep 192:v4VxS3U7lPd+hLehDIRxJmx0oZMznkJUfaFgYFc3T82PzPS2vJ3cAr:oxyU7lP4JOomx3MoSfnj82rhJ3cAr Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 1a9542899558b1b6b5b8358611e4fdfe Copy to Clipboard
SHA1 e3ae677a487086949f7d81908b326318cfc6474d Copy to Clipboard
SHA256 f6eba38c513a57e4ac8c7e39bb7b6adcae29edc83e8b94ef5333126ce73aa2d1 Copy to Clipboard
SSDeep 192:vEbP5p5Zf0/IojNtpFYPf9h7s58cKiUn7sDslaNfIjzC+1ABCjhmbLoNNVQM:aP590/r9Fkf9RsycKNsglaNwjzC+Swdj Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 87d44164ecc499529e45dd421695aa5f Copy to Clipboard
SHA1 427f647eef4421465d8f2246ca76464b7a4f1d00 Copy to Clipboard
SHA256 d3d4d6d047187915b46f1b6e5f3cdaab9ee35967b1626402521a6c9c6eee82bb Copy to Clipboard
SSDeep 192:vt3gJPHtYi0gU+0DPduZEOSal8dj7PMj+adzma:dQCiFz0rdFpC8djgjpdzma Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 6fcc99c9c13714c56332600fb1ef29d1 Copy to Clipboard
SHA1 f399c797bc337291f47fc7cb6a68ec8e91a45f5d Copy to Clipboard
SHA256 c08118853e655d8cf29f867acf1a199c86c0af759379077bd827158f0f63450c Copy to Clipboard
SSDeep 192:vyazMryH28AL+8Oj+S+t0wkArvoIruBt1LvdM:a2MryH5Xj+9t0lOvoB1LvdM Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 5db8a22eff13bae659d9faf1a1c3366a Copy to Clipboard
SHA1 89bff99fcded02663bde822cf786c4c902fb6d14 Copy to Clipboard
SHA256 345c0b860cb8754307fd34e2a66628fc84ef1bfffb02bb38269f81084b7417dc Copy to Clipboard
SSDeep 192:vUSKrMI6pbdMdMq6zvWZRGQybA4CWg7h8yeQlPTnnmwC1epc5/dVVd91:ViMI61dMNCORkbALGyeQFTXUIc5/91 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 c77073169d422d6104ca3893fc1fd263 Copy to Clipboard
SHA1 55f67c972fd55be9a87da817ffa4c6424d3643c9 Copy to Clipboard
SHA256 99d3d206f3dba1826828626199380f00a7aa05fde031c8a6c3423e2ecd305595 Copy to Clipboard
SSDeep 192:vEfrLVb4mY1dP8gA1XAepcD0ho10n8wdCQG52id:8frBb4DdkgA1XAeqUo1LwAQgxd Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 83bae0bedb583159d1fdb691b7e477f5 Copy to Clipboard
SHA1 4446d96b88f1263957f3d824a54949248fe11a43 Copy to Clipboard
SHA256 dafc049ca9d1018683fbeee60db4138a854297646ca62d319288c15369717e98 Copy to Clipboard
SSDeep 192:v5+G+9wk0V7q1v6b/oPsZ/jPJm68gqF4mCcD+sJiUkC0G:gG+9Rk7USb/oPB6IV6sMUsG Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 3dc862be3a4668f14948b2320c7201a1 Copy to Clipboard
SHA1 46c4eb1287aa4f6ad4f49c46a37ff826cf00c1db Copy to Clipboard
SHA256 b537b752ffb8a58d998563a9a7fe7ad75897488a6e9c5205a2cc7d5578a0777f Copy to Clipboard
SSDeep 192:vqazf4GYLQyYuGLupv6YgKT+zHpYkuu67g278Kzb7xTpi:Xf4GYcVj66YgVWkuu68JKH19i Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 94b67f4e22abb63ef0ce6a43ede3b903 Copy to Clipboard
SHA1 0f6407a89d915fb859339d8d04e1e657058aa204 Copy to Clipboard
SHA256 e1678b00a772bc3a54c027edafcb78b2ec523a49da75c2571433ed749f71cf24 Copy to Clipboard
SSDeep 192:vNNEj17MGfZLy/8nqpatbKJCEP62fKdMxTgcUslVZmm3E:lclfZLy/uqANKJ1P3+68Cmm3E Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 5a2379b255e430b77504b1e8e861cad7 Copy to Clipboard
SHA1 75b5a085c07341527113609b7affdefc800a32a1 Copy to Clipboard
SHA256 ff4d948de0adef90e513b9594e1d5309470d5f274c9100e9f5ccfcdb3ff372f1 Copy to Clipboard
SSDeep 192:vaYsxVxKY4vo643qTtKoNHbObOHZOprUPvBCwUEeobOeP:3shKm6Dt1NHbKO5CrUnB5XLP Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 58df2429bb50a2e1a537f4341d818148 Copy to Clipboard
SHA1 3bdb7acbd61ca836f087c39f52092c78e96ce024 Copy to Clipboard
SHA256 716b83b90915fac9c620212fd91260c02a4666aa42ef9fce23dd0a9bd5fb7404 Copy to Clipboard
SSDeep 192:vPlrYH0zoZULssnZmUUtyjDlJ3ADJCqa248k7qm/WL4mYk:1rYHTCtnkijMCqa2eqjLWk Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 8b056492ca45729f112b7e8486a8b1a3 Copy to Clipboard
SHA1 e6689992b9a9cccf2dd5d0ad083586327ca44eb9 Copy to Clipboard
SHA256 fe97587a0d50eab5c7d04d6fabbc43ffd97188417cb29cba13abb7768791971d Copy to Clipboard
SSDeep 192:vTiuiVnPrrZDd2vi9cmItpiPa7LgjoPdkzxh09ZeKm8+nx:BcnZZ269JcLIgaG9ZBH+nx Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 0a275fdc5b6404590c9a6a545ba22660 Copy to Clipboard
SHA1 fe729cd7d94cef7308f91bbb1cde19af53648204 Copy to Clipboard
SHA256 b612932f9e896577e2090719c0e2ec3d63ad59964914806786e60911e39ca842 Copy to Clipboard
SSDeep 192:vIA8rVfGIx0kKs7uH2dz3I52yXwKHvyPu2H1F7Njv0R:wAQVfGI4s0d52yXXkH1FND0R Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 9c913161d6d86988db99b0206dafaac4 Copy to Clipboard
SHA1 ae84ced54ff94549f9e65d4dbc50d37ec5892ee6 Copy to Clipboard
SHA256 c1fa2a8119da8e40a2493b7a5bfef249f141cef33076fb88e1a42188788694ba Copy to Clipboard
SSDeep 192:v3hQykq4+xn3fsqR/Dn+GhS7EJBMVrkVlvFNIRKZOUOrMYhNL:/1kq4+llb+GsCBkgVxFNIR3VXNL Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 08572b56fb44104ae3b9b8c08caaed1a Copy to Clipboard
SHA1 8c8bab2bf53a935a857c2dd9fdaecfd3566f3bfb Copy to Clipboard
SHA256 ccbf31ad13034c87940ddb7fa8dbed56609c5095a1417a9e088f9e2243aee961 Copy to Clipboard
SSDeep 192:vxfODvlzL9nZDJWUWzsTF0jHMrWoMeVPpUWUdsofnmxmP+uPVEdxIA8oQ6:Z0f5ZkgR0jE5MeVPkfmxmW0Qxg6 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 3cb4ff857f8d046ff0ad0c908cf48ab2 Copy to Clipboard
SHA1 8fc0cf9e410e334bae6c7e1c4b7d2e145525512a Copy to Clipboard
SHA256 e92dddff9ae3b826b5eb0327974fb3a3b55330b133df04edd56a9d0a47ae30f3 Copy to Clipboard
SSDeep 192:vno87vUpADxLGZT0iIXQJB5RgAmNDrNQ8MwjZed4F4w:/fDUpgtwgtXKB57BGiw Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 b9f5a8ae3ac508850a4581a6ab0b031c Copy to Clipboard
SHA1 ad599928fd8f3e6dd9753a339285e91ec5a95fb5 Copy to Clipboard
SHA256 0f2286dd924659ba9327fb302c3d2fbd79803713095c43e38b1ff640e42ff20f Copy to Clipboard
SSDeep 192:vMD5+r2gfTr7XiRPj4npzOj5toIYgtHWaWwBnrz02rt5c:kVZg7r7yt4pzOj5thtWaWwBnrwuzc Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 982fd3d930c4cec0225e0eb8b7c50122 Copy to Clipboard
SHA1 e3321f27ccbc4bf63aa6bedc7a129c74b2fa36aa Copy to Clipboard
SHA256 b909051d8958588d8b6254b1fddeb47f30f6baed02f77dbb760948f5b2bb5bde Copy to Clipboard
SSDeep 192:vc3eghXYswidPLx+u7GVte1w3d0FNbZrwlUORuOrOMlKRFb:03ecNSSrw3dWBrkuzMARFb Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 0c1215e9404031f6e5bf87ad802b3242 Copy to Clipboard
SHA1 61789cdac04efa6ed5fda5c37af59d984179c70a Copy to Clipboard
SHA256 b817998fb4b432902a482cfd792dc7f46bb67331b54e4681bc13fd936655474b Copy to Clipboard
SSDeep 192:v6GdSBcOXe3OrKCCepNizPM0D+AItHeUIBWPbjZAI:HdcuSNWMRpqkjZAI Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 3bb1a0186279d0554c3c12c126ff6497 Copy to Clipboard
SHA1 69a0120bddc2f441f3cef2deb2944e40a18b830d Copy to Clipboard
SHA256 8704f52377bdd0186847176f4323710cd66954ff2bff0d8926765387e233e7ca Copy to Clipboard
SSDeep 192:vR0vP4qBN8wb+NFVdbxivo+iRWYlQ9dIHu+ImhmhrRECBBmHAQ6i:uHDBCwb+ldbxivdY8Gu+0hrRECTiApi Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 8a58b15fd10e77a0d42859162bcade35 Copy to Clipboard
SHA1 1add6c152d245145e1e3f4e621f1fe9813e85077 Copy to Clipboard
SHA256 56a3b42f398770f83643376bbacb86184f7f77baecdaeeeda58851153432d5c4 Copy to Clipboard
SSDeep 192:vQrqgCpezUsprutMgffR6rfDFqx5lXF0JSBc:yYoovffqfRqt1iSBc Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 e2d385fd2ffce829f0d8d202b851c785 Copy to Clipboard
SHA1 8efca9397a63f3e176700d527faadf9387d0d48f Copy to Clipboard
SHA256 7968bb3dfcd9eca8eb54ac1b1c60a158fa4211bec07dfbb75340d6e15255d492 Copy to Clipboard
SSDeep 192:v366IEDJJpd6pXLJF2qP6TaS8RcBOSHamlYRPi6oCVqCsf:BIEV/QXv2mFcB1Ha+f+4f Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 2d735d4d4e7527dfe47dd29cdfb2cc9a Copy to Clipboard
SHA1 759b39920ecab405d520dd5dca86e4b914b1073d Copy to Clipboard
SHA256 3cd5cd2ba5b09e20b93c6ab9cc04e090cf06c55656ac1558281326dd2ade9373 Copy to Clipboard
SSDeep 96:vHNPp0D8dIyMoNBAVQZUQ5aO2fciGvkwsuzUA7sUIoFrezBKfl62zBKmRC8Oa0uY:vZp0DfoNmF6zcwbfrezIwM0uAwRGnyi Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE (Modified File)
Mime Type application/octet-stream
File Size 864.52 KB
MD5 0e9978b15462ca3a59b3536a4ee285ce Copy to Clipboard
SHA1 33fa89857551d4df3cc44ffde9ef87992ce68447 Copy to Clipboard
SHA256 7a48fb41b34ccc6c992105ef6cfc02417a928354d251898354933d012eebfdf3 Copy to Clipboard
SSDeep 24576:iIdfYproY6keesTcX6ui9Dk+NUSqu30cEH:psrT6Df9DnUST0cEH Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 d68e0836c7979973fdc4b360b7bfd56f Copy to Clipboard
SHA1 e1ab3a0e43c068cd638614a91a53223a25f28aef Copy to Clipboard
SHA256 10b4c060dc650d5a5c4c6a654bd3f7b698e155f11fbe3f8ce0937b55aff445f8 Copy to Clipboard
SSDeep 192:PnOkh/qfQqxZ7uUeAn3fhzyg/ATmoXL4AVJc7+1sdd9ytfVXT:jZsxt3fhmg/ADMAE7+KddKfRT Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 a67bdec487e82d0291197d1e238f87d7 Copy to Clipboard
SHA1 eeb81df3558b0c7c1b4281677ce6de5312076e40 Copy to Clipboard
SHA256 3ae94d50d6f1f4629d467ebb05e76802424b4845c7c1bee48fce26ddf96deb91 Copy to Clipboard
SSDeep 192:vg9t+T9qnahRReVIE7Q0xeZECab4oBDZidQJplHTFl:YfVahRRUBL0ilicpPl Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 e0c384bbce1b5f1538cbeff6ae514f2a Copy to Clipboard
SHA1 b37993c535a6044d0293067fd91eb5bde16f888d Copy to Clipboard
SHA256 cf8cca48b9f3b3e50689491130afab3b074a19befba78d7c7d8c43080149de0b Copy to Clipboard
SSDeep 192:v9tNlSa3Ws2j4k+mZdFcJDZPkpyfELmBjJ:ltNYiWOkPZdF4hpMaBjJ Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 1e1ba0623fef2169a85724d225e4ecfc Copy to Clipboard
SHA1 1d0307ed1756af007c69f5858c6764d1d4d95012 Copy to Clipboard
SHA256 012216b9fc6bc74bca4f4a3f4ef2f19c3a6d2c19590b9b27eca88bbe774f813f Copy to Clipboard
SSDeep 384:P2TOXMe6rtXEitRkX2RsJsx1TOCgqnig2C0wsP:P6AizkdJsx1KCXio0N Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 e45ab7f88c98a4b8485ce4b675b2c4a3 Copy to Clipboard
SHA1 530bc027ac97c36dbba0c09ad257e81250f435f7 Copy to Clipboard
SHA256 65b7a569a4692f56953759ba1357a33dfcfda9f175f38722ab67b410cfd06cee Copy to Clipboard
SSDeep 192:E64GzS0fpUgZjTkEoPzG9EMT8QbnsRnz7k4usV:E2G0ag9TkEUzPdZvdusV Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 f69f7a34f8fadf24e81d12a4e997d74c Copy to Clipboard
SHA1 8b8e562db84629b625b0a029c7c16d0132d9222d Copy to Clipboard
SHA256 a400b876cf0f642465b21c09ada73d5ba8d0d803903770fa8a21ec2aed8cf018 Copy to Clipboard
SSDeep 192:vWpEW+lY4FvtdX1mFIJKSLnUyYBE/x9iFKjfqq3qwVYl:u+PlX8qKSLn2s9imiqTGl Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.ReadInstructions (Dropped File)
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml (Modified File)
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 584.52 KB
MD5 194338eee55da30a0a306e521408d9b6 Copy to Clipboard
SHA1 e5e4e10cdc10931c42738b3ab7c34527e490f0dd Copy to Clipboard
SHA256 52c6f530ee7a9e5431b89aaebc0cb0296f28582ba23e4f8aa007f1324b451010 Copy to Clipboard
SSDeep 12288:QtLl1X/JN753yHhqd1VeTkfI+0T+QG/ectDPbvRdN2V:+BJL9yHhqrzK6zhvLm Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 997e3d321fe67d264bab81cd2c3da599 Copy to Clipboard
SHA1 9fe1db0c4ad92a07340b2a7fb33c4c6e539c62b8 Copy to Clipboard
SHA256 ed4f0f2aaf38da384b4410021003f2135a1032a4ac2c75533859dfbda6574d81 Copy to Clipboard
SSDeep 192:vVxavDnyCerllkuZPTUkFnQMIruLx24C2a5iJ:9en8lGuZP4HMIruLnZakJ Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 0b5923c019e5ad5f8d90e18fa44aa8b0 Copy to Clipboard
SHA1 a65392728fd05477ee27ae25222861c761a5ba7e Copy to Clipboard
SHA256 ec46a4c6270681139064db6ba190fc3ba88babee5ad18adb9f31d55310222a70 Copy to Clipboard
SSDeep 192:vac1Lvkm7+WmBB8/61ILfkfDPQcuz1/BIycK2vmo+5:yOB+Wmr8SILfkfX/ycK2eo+5 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 1405e34bf4e350e18e5da9da977e4b7d Copy to Clipboard
SHA1 7dc76cb2d99a373ee58c4fc89c67eb0ae1b3975d Copy to Clipboard
SHA256 2e9c189810d6c22a4aa5523d8f76d124267f63be25cc973c496082c1ab2c3f4c Copy to Clipboard
SSDeep 768:IpnGalhRNpGWcqO7PhHGlZOMX5AhVY5HzGzObWM:IDl6WcF8ZD5aY5TLT Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 26f798b58d6cbf6cbd5cda24b83aa4c3 Copy to Clipboard
SHA1 b3ebaa735fb1985cdd6cadaf3692f254af95f42e Copy to Clipboard
SHA256 dea3b5c6936adee232c96bac25c12a3adba1e536bf19b565cb6670361d9a7539 Copy to Clipboard
SSDeep 192:vhg7tA38Poesg3SmVifVBI36fySfE8Tntmcjrf+yLx:pg7tc8ADpffVBIertmcH+ux Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 a9a1a4a1b2954467ca27cde32e733d5b Copy to Clipboard
SHA1 0581c25f25895ebb9df5f22b932b14e17570f3a8 Copy to Clipboard
SHA256 e614c3916b44e8f4f5dc03008d749d34d09fa3f1ad1c0d6e2ef0ff5c9163ae96 Copy to Clipboard
SSDeep 384:fkWnboz5oDjvpiy37pJfSRNzxldAUo/EUom7eq/hrNJN9F5jl0c9Its64+jZty++:sWE86vGH8zmiq/hzTXIFjZtN+9 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms (Modified File)
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.ReadInstructions (Dropped File)
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms (Modified File)
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.ReadInstructions (Dropped File)
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms (Modified File)
Mime Type application/octet-stream
File Size 704.52 KB
MD5 3fc97599824da51b6470348e9162520f Copy to Clipboard
SHA1 9014cc494fbdf1715bafe412ceafff8397acce3c Copy to Clipboard
SHA256 4ae16635030d22b568194d9c03ddc7a0c3d80d4b14043284e6342e8d7b6deb3e Copy to Clipboard
SSDeep 12288:7qnvEVn7SE3x0lVBvtHEGpZTQQpnbe9F1WCFm9pbMk1yUr/+XpO52mJ1Bk1:uGnFx0nPEsTHdX9pY4yUrL52e61 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 26e90f9a0c1045b02ab20d80db97328b Copy to Clipboard
SHA1 0fbd91f00a73c4267105b87b6ffc85c2b3023aeb Copy to Clipboard
SHA256 c149f5f372db3db34b63b56911155857c918a3b9b538a7a03d76bc6894c9f3a1 Copy to Clipboard
SSDeep 384:RbM9ZZQ2e3AURN1TwGdxbJhsihQpokDlyjDbqoWkClcuZY:RAzZQPbHTwGnVjAoksjnqoBCuT Copy to Clipboard
ImpHash -
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim (Modified File)
Mime Type application/octet-stream
File Size 161.38 MB
MD5 a3d45794f5e3abe8cecd3cb28e0a36b9 Copy to Clipboard
SHA1 13524e447afc885d7e58f1a362e2a64b8cf51e84 Copy to Clipboard
SHA256 3495760700ee371be50102928390e7ae830b4ac1da75d2ac54721ae7cad8502d Copy to Clipboard
SSDeep 196608:b/xIYK+6iPZcbz0MBWWRBy1Q6oHX9zGPzpyW:Giqbzv7k1Q6oHX9KyW Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact (Modified File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 cb3a683b230a926a8f01b16e3ebbe1a1 Copy to Clipboard
SHA1 42e95af3c2739b9e89509c13bcf2fef88fe3883b Copy to Clipboard
SHA256 f2b261bdbe8da7a062ac8cd7e6c3da36703dc2b43e8dbbde71cb27542c203c96 Copy to Clipboard
SSDeep 1536:5Got9Vt7VACsQLborVI2oGKRiT+nn8yxINEMhN2nBrZijMZ:5G8Vt7VBsQgI2oGYr8yxUP4rZv Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 18948db585f548b5ceec8097751d65aa Copy to Clipboard
SHA1 a76355cef394da7d44e6445d1bc9078151e60d57 Copy to Clipboard
SHA256 5343dad3eaf782a1ed77a32b4c2ca480a5be05097061d173f6fdb97fb0c42819 Copy to Clipboard
SSDeep 192:lug33JFy7l7//wkfRIyiqlf6Lv6/9WpMlDxTK3YtWK/7le2:NJi7//ZIyiwf6LvwWpMlNp5z42 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 4c6e0fb1c9a0242909686dbeca4c62b3 Copy to Clipboard
SHA1 1a9ef739921f412628c0420725327363dfb26fc3 Copy to Clipboard
SHA256 ba3bd330ff586d277a7522853482cfd5fb4c3e7fc3341e478fa59e3efc10609a Copy to Clipboard
SSDeep 192:GuNNMeFUSDzzG79qSChtYqvpHe/hlg69BnZRhft6WKZGw:GuN7VGDGvp4lFnXVnKZGw Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 be19510875c24132d40e432015e0a688 Copy to Clipboard
SHA1 4fcdc16006d237776c5feef2c4827020b6b6262a Copy to Clipboard
SHA256 2a11a58ee7b106201d661ecf5ad4c29760286f327b4c07086082e9bab8aa099e Copy to Clipboard
SSDeep 192:1ph1mVsoRfjTi1WTgjA5r0ZWTLrVxjDW1+EdvteD9cX4IR:njmTZwjG0yxfsoDSIIR Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0eq4J7bKgXwC-.mp4.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0eq4J7bKgXwC-.mp4 (Modified File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 f7288e3588ede095e20ff0bbaa181af2 Copy to Clipboard
SHA1 81da9afe071a3a85f661437c614a853fc087dde4 Copy to Clipboard
SHA256 8feeb26494bfee4e4a31905212b9e29002cdbb0e0aeac8a2895e3d03fdb2197d Copy to Clipboard
SSDeep 1536:XSEqjPXTLxqBg0ZinOwp1X1oKhkUsVh34pe2X6XKSHMnkzgga13U8Z4D:CEys+TOsxqXQev3MrRU2A Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0QQfjstKfS.pps.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0QQfjstKfS.pps (Modified File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 71b2da549aa9076eab21202504911735 Copy to Clipboard
SHA1 60cb4b8ae2e999a21cdf51e314945884e03873d2 Copy to Clipboard
SHA256 923ee43dce3d5b6c026bbbd5d396202e0b87c0cbd801b1047d43ae8998c7638d Copy to Clipboard
SSDeep 1536:mKZpogWpEgQQpBBDWBiFA6TO2E73wkX6KK7b5mxbra5Cs/Tagc:mKZ8pvDWB56T3E7tX6P7dAadTdc Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1dGvxEoi3gm0T.avi.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1dGvxEoi3gm0T.avi (Modified File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 f9dbfc2d4a50ff7a326dbae18e7fb60c Copy to Clipboard
SHA1 cf146b2331715c9d3cc1e6884afcc7826ccbd58e Copy to Clipboard
SHA256 9a2ef80f4fe53a9c1ef3b6fdf0deaa1c0b765507a31c7329246b9467bd92b452 Copy to Clipboard
SSDeep 1536:4IOCsnFYOJ0sTMeZ+4qUqx2c+ptV7qAgsJ5kLr4bnUYuv:45n6Y0sTMk+4dqxF+N2ZsJ5o2Uvv Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\1-R4MP2C4Qbs54.flv Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\1-R4MP2C4Qbs54.flv.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 7690004d1fd9353d40b83cb5fb94d29f Copy to Clipboard
SHA1 86d7a021212e1700368331cf88ff3dc761784c47 Copy to Clipboard
SHA256 2776cb2b4cfad1975585ae486bfb9e469ac43cd640eb978ae95c61e831bd9602 Copy to Clipboard
SSDeep 768:oHfTihctE2U6u1QXHG8mYJS/9xxbcnTIh5ijdo0nJx11tiS:UTihsEZp6W8TJeuTIh50o0V1b Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\bQEKbQfEE.wav Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\bQEKbQfEE.wav.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 909a1ad5d43b31ba0559382b13fdf06f Copy to Clipboard
SHA1 c7c3b188aca0aa05483dd154345bcbec9517d7cc Copy to Clipboard
SHA256 f271ea3e04e845ed2b68836f364a389e116adf5206762a7a65aee4a03ef7e11f Copy to Clipboard
SSDeep 192:u+jR2GTW1eUzDLAW4QtFrU1rZyf7PQEIPkx1jTg:uIR2GIPLArqN8ZVdPC1jTg Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\3T0rH4i0l5QQpYh.flv Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\3T0rH4i0l5QQpYh.flv.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 8559bb493d17864912de0e8e25172c9b Copy to Clipboard
SHA1 97d7bb4111161546fa30092653c67870d7087983 Copy to Clipboard
SHA256 0a39582f6dadf202c01965af761b552048930fd223e18f23ba7fc05012d3af90 Copy to Clipboard
SSDeep 768:oRRVtrfUi7SEjVLwNyj9b/by9q+GlUil3eM/hwAJL:SVtP7SEB4yjJ/by90lTl3v5w4L Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\DOj2q2eoapVkDICDKF.m4a Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\DOj2q2eoapVkDICDKF.m4a.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 0fd804c2512b9c497f095bc212512a60 Copy to Clipboard
SHA1 82b1f9d2ee55d0b1fe02666b225b04f1dd4f91da Copy to Clipboard
SHA256 af69cfdf0e8e41539131daed37374bbf36f0edd5ac6268410b2ed5f98b58d6a7 Copy to Clipboard
SSDeep 768:jSEvvpwF6ie9auMMrDpxfQk4NX4+L1bbHMiwS88xpWfVndbMTjRvVJAS6idy3ihO:jXqre9auMcxfuXlHH1xpWfVndkjRv0h/ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\Hta3pa28.wav Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\Hta3pa28.wav.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 b28df7968089861b533c925d776a6216 Copy to Clipboard
SHA1 3686bd1fd522d600cc2f2c5072cc0544d60b4670 Copy to Clipboard
SHA256 f7aa9e5fdd2dc55c5c3a7314fe1a66afb8d4649731a8a52e0142174a75eba9fd Copy to Clipboard
SSDeep 1536:OfERbJG68wbdkaueJmE8nQ6SwrEA840zwsqzoEO3Dmopln3ltbDhJ3:SERjdkaueJmNnQeE9RUZyp51NFJ3 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\j7gr.mp3 Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\j7gr.mp3.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 1931e8fd45041ac25a2cd0682e70c3ae Copy to Clipboard
SHA1 43f5e7b65f0aad6526e3f656c6ffb1d69d8af929 Copy to Clipboard
SHA256 352f46794c56f58f88fb09b2c0f40ed2bea2b251c192b0ad171fa44ae97d3f1c Copy to Clipboard
SSDeep 1536:Dg1iyIS22wopqj6lHAVoNhNGelsx0IAP/qpQBGlYgbHViX8PQBpyVUmYtV:M8S22rpRseNGeeG/q+grVibBBtV Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\TYJvpp8N_sf.jpg Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\TYJvpp8N_sf.jpg.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 104.52 KB
MD5 667806b7bb5d8d2a9b4a35f5d9e816d7 Copy to Clipboard
SHA1 7c95bdfc0fb24018937c3245120367170344c838 Copy to Clipboard
SHA256 4a6385fdc175bb8996069e86fd8e4e5ac059e93417dfcc1a63bb0b653bec85e6 Copy to Clipboard
SSDeep 3072:N1/4TZ2tx3w7smnjGOc9n9KToykVwXb0Eo:N1ATa+YijGOsn9KszwXbg Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5MhWMyuYeLyf1OE.png Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5MhWMyuYeLyf1OE.png.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 6591a522c215043a7dc4699fa8fead50 Copy to Clipboard
SHA1 20ee05f1ea0593975b59892ea551f9507dcee338 Copy to Clipboard
SHA256 b586ba3f5bb4a471eb227c50c336db956686b8eddcc46a4c3cb53618c48aac42 Copy to Clipboard
SSDeep 1536:ATRdYv+a0ZVdrgJ60DzIPAByGATzIfHlA8RrlQgDvdsL95eH5TMyt:Adi2a0P1CjIO5QzIdA8Rr6gD63eHlj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bO6qEEjs1wiVC-i.m4a.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bO6qEEjs1wiVC-i.m4a (Modified File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 eb4270a6cc26ba03153d0f5ea5143dd0 Copy to Clipboard
SHA1 81077de2c9f89996fe66e17f1fcec67cf8e894e0 Copy to Clipboard
SHA256 fc5af5cce780825ab9f1e8b0f07ac075565367edeb84cced61029836fe663049 Copy to Clipboard
SSDeep 384:MymPLzESu82VUgv7/X71RzKUa+ci5XP8L3b1Puld5yPVh5xil:M1ESu8iUgjTZciV4r1Puld7 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\80haq7i.mkv Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\80haq7i.mkv.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 80ea7ffa34f8a71f73979bd9160efb56 Copy to Clipboard
SHA1 ea191fec8ecc5ca9004f831d3fe228f76497eb6b Copy to Clipboard
SHA256 06afccc62d81ef13d11c6fb44bb10737554ce634acbe460007cb31239acd4724 Copy to Clipboard
SSDeep 1536:DXmNpTCSLpi206/ESlcNzPd1zvG0Te/qEESIEQrDhFBpmPCo2UmTmCxysNrKF:DM+oS6MSOzPzO0QqEESI3ZFB2Co2UQmj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\F_f4rPkCl.xls Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\F_f4rPkCl.xls.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 b931eb6044876f27a54d498512c5bd1d Copy to Clipboard
SHA1 0a7aff212af5035362ec8508dff14946e9844b32 Copy to Clipboard
SHA256 2260c3f76b810fd142d163e2d17e24ea9557cc5f7d1905b7ef77b0bfc5d4f984 Copy to Clipboard
SSDeep 768:j6ltLGfkywpNSMBkGM+RUJh/QtxxKuB35pdSL9o/LGKM1du:j6ltqkzSM+GomdTjdSLy/LGKM+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\NjH2zCvYOXtJz7.wav Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\NjH2zCvYOXtJz7.wav.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 ce02e9c13b5f212df81c5193d46860e9 Copy to Clipboard
SHA1 5b5fe0057b51939d908e17f7f240e11eb7fb3ca4 Copy to Clipboard
SHA256 32d193bc26bd09d6c80a5236703f0d1062ac13844591db22d9c74e66e89ae6ad Copy to Clipboard
SSDeep 768:QaLbWMCsm1y0ydGU98KxyJ2dEUOO1gfC6QdSvJYlSrCc:QaPWMrm8Poi8kddrOOcCldQmc Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Hr4sDXJtn6WwD.m4a Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Hr4sDXJtn6WwD.m4a.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 3d592330f995a8740efec733a87afd6b Copy to Clipboard
SHA1 75ddf62a521d4b0ad1d039484bbd6a36ae0192c6 Copy to Clipboard
SHA256 c9ee95fe5a0fc2c9448fc9d9b3d335105e5871989c5f4e16f41daf7e77a5e1e9 Copy to Clipboard
SSDeep 192:7PBmwF+FXCZJFqNednrU2KylklC67UfbD/pCz6:7MwF60JZ1rU2Dlkl6jDhG6 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\J3Nc SGi7Ix-bCc.gif Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\J3Nc SGi7Ix-bCc.gif.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 8d0521628b0af8f5021bccea7001d415 Copy to Clipboard
SHA1 0581587e2b1d6df9c76318706581354d8aee19c4 Copy to Clipboard
SHA256 162a6fb2eab844ba6b012977639a61dd952b459fd3cf863b6a47286efcb5a496 Copy to Clipboard
SSDeep 384:KB4Qk9MLBZjJSzC4ou+3ERhdkxOTmyinOzcmRjMcAZ:W4Qbk/o/URhd7UnCXi Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jasoy4U.swf Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jasoy4U.swf.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 b3ecb93e835f858e313c6be11d1fe61d Copy to Clipboard
SHA1 9a2e603033061dbed8334419c34d25c1da2b67dd Copy to Clipboard
SHA256 3d0f8cac09e3db27d63b24ab2eacba5db4b7d047c1bf46c9cc8835f532af1054 Copy to Clipboard
SSDeep 1536:v/3BVKlypuNqthVU6cQzFkZzFLMKtiGCDYeppiuuk+1f+jxCy83:3B5sqttLPliuuk+1f+q Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KF7giSobhHyUgYTtS.png.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KF7giSobhHyUgYTtS.png (Modified File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 e49ef077f9dcaf82244fb430801a57bf Copy to Clipboard
SHA1 a932bd8e9e6e33a250126c07d1f38e35d00644f1 Copy to Clipboard
SHA256 b5fa5ac732fde04463d22330387f3b1adf89c7232d3ab5ee064c66a7195853dc Copy to Clipboard
SSDeep 384:UAblLw1sD3YiOxNiobz+HWZj51kWLEHFKcXTUQ0ooR9F0jDTxNm7:1ii3xOdz+2Zj5zLElKOI5fqTzW Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Kltw91fRDuS3Wb7aI2s7.mp3.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Kltw91fRDuS3Wb7aI2s7.mp3 (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 4270f0ba5fe4a10bf15eca09ed1fd918 Copy to Clipboard
SHA1 1b69938028f8dd6f5c1def7e839ae86021a2a24e Copy to Clipboard
SHA256 b73707c6b32f36e313051284c2541552b0ff8224caf762375305f0e9f4135fe9 Copy to Clipboard
SSDeep 1536:Ik/AGkt8Dgy6Q1uz4nb+9P8hfnBn52JoWpqCqRV8FJV77OW:pjFDguE4nbHF5F/R2vV77OW Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lKJHbX_KPoL3z-n.mp3 Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lKJHbX_KPoL3z-n.mp3.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 760a9df7dd77841dbeb73130057e3d57 Copy to Clipboard
SHA1 6f2b6964b1829dcea7d810baa0851171064e86dc Copy to Clipboard
SHA256 45b38da7021c64e8495a0272be159ef56095ce6d5f1dcd6312df91ba57edbeaa Copy to Clipboard
SSDeep 1536:qwZAJFP6v9H6hKkNTX67nkP66PD5dqgSaTrQ+doyHKU:GJFPk9xn/6fVTrQ+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nagQ.pps.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nagQ.pps (Modified File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 af77d84632cbfed910a2a7292c9e8a2b Copy to Clipboard
SHA1 220bc2346246489a6a2f151457dc7d997bef8fe9 Copy to Clipboard
SHA256 343bcef93c10f124620d4088f5dd8c2ce478ca121e014a436641eeb975ee93e7 Copy to Clipboard
SSDeep 768:+/wUBkwKn1brE4vIZMmZapK4EYMZaca58Xnq9kUVZS/icVoM2TAyT1eG7J:KwBwm1/Ex2mZap7EJZac1nq9xZS/TVo9 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NpPNmqhQ7821lpO.docx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NpPNmqhQ7821lpO.docx (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 7b32eb8d09f0033e10c8cd728bac4c35 Copy to Clipboard
SHA1 0c3aa7d2250e0d8149dd6c330a1d864e62261f52 Copy to Clipboard
SHA256 dd8487fccea446191cbfde21238b7c5f825be6f0158b3663743771d1a703d518 Copy to Clipboard
SSDeep 1536:QeRlkFgCkD4MP8ZahB3FkMK+gQfIqwYXJNjBWULlLxWzk45o9y5lco4BO3WmQ:Eg7P8ZVN+clYXJNjnBLxmkp9yZD37Q Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Q0FdRAhE.bmp Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Q0FdRAhE.bmp.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 47925cdf02dcdc163c247d96d6aedde8 Copy to Clipboard
SHA1 7b76977ffa6193ab89215ff451af8afc2839c9de Copy to Clipboard
SHA256 198247df2ed85af7f2dd67d2f8a1e9dafa84521f60760bfbe2c56a2ed8c330ad Copy to Clipboard
SSDeep 1536:AbZa71cbLgoxZEfNOHShyM0VzpvR39KRzPw3iRa6QasLlUHRV2am1:NkLVMwN3V9J39KRDpRa8suRV2v Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t53gs1hiTaXv52EH.mp3.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t53gs1hiTaXv52EH.mp3 (Modified File)
Mime Type application/octet-stream
File Size 104.52 KB
MD5 6e7d1a705e7a9de308c54e4c61edc139 Copy to Clipboard
SHA1 f8e8b5dd408bac601a220dacca0c2bb50e9c247b Copy to Clipboard
SHA256 88cd12f217fc793bb883c009e9d6e23af9ba851ea75cb958c5f73e51bd1d0dae Copy to Clipboard
SSDeep 3072:LAMos7HS9bJ7DR4JmMT77N1WlU4TzLGE79c1r:pos7HoNHimMT77N1WlUizSE79cp Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tBKr0.mp4.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tBKr0.mp4 (Modified File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 35eee3f2074859c46a8e4bcef96d32e8 Copy to Clipboard
SHA1 186a5738b76d436bd0a365f30d1e23e833081011 Copy to Clipboard
SHA256 b538d773ad7b63c428139990e6a0952c6245e447c5fbc5bc30fbfeda642c4135 Copy to Clipboard
SSDeep 1536:tzbMZI2TkjjO5rO1fk/tA1fBqgVn5auTT1/i7saCQItuY+xKdj:JMZI2TKcrTABBqun5aSxEaicdj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\X9BTADwDIzB2uwdwBFhD.gif Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\X9BTADwDIzB2uwdwBFhD.gif.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 e340fdb438836d56ceceb6130f5085b1 Copy to Clipboard
SHA1 fa1af5a605546440e9200d4c5cc0cff9d8aad878 Copy to Clipboard
SHA256 3e71469e2423d8e91a6f25be5e28732cf9db0c26f6b836ea14100d29bf52a23f Copy to Clipboard
SSDeep 192:KFxOM6mDoK8Nlo/UjO6Ov8+LSbmZYdae+TzeWX3DaQ69lkE0:KX36mDvgkUbOv8+rYGnXzaQqkE0 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XU 4jTBlsQNL76e.mp4.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XU 4jTBlsQNL76e.mp4 (Modified File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 93e3081ed51deb73465e40ef5a255b9e Copy to Clipboard
SHA1 48da1dd67f5167232ea3b92cf7d957ebf4c543fc Copy to Clipboard
SHA256 f5c4db2c9a1a8b2f1ac89e174dba8e08c35afb00b16afd809769d07584d2550c Copy to Clipboard
SSDeep 768:E2FCEnPpxDjxeOqH7X5O8JPOz52FOICjilBVnjImLSHC2X+ywgHBqJOZfNYwu:E2UWxDcOSX5O8JmzAOpy3uHB+Sqn3 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yurqzK7drLPM7.m4a.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yurqzK7drLPM7.m4a (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 f17345ccac3ff42d5ed4f59ed03e70d5 Copy to Clipboard
SHA1 185ffb4ff364b1d3bb625cd3d6f84a96b189b9f2 Copy to Clipboard
SHA256 2c4d627d8b952393fa4ac12caaacfe2e363fdba5b8a9008371f4fd735488801b Copy to Clipboard
SSDeep 1536:Eviur3PAIhna+bqFkqyqzYGhvi2qV8vAs+wT7:EvDdhagqypk7lZT Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zLAUPacevLeeeU_O.mkv Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zLAUPacevLeeeU_O.mkv.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 7a5622db653767a2383dbbea58c8ec8c Copy to Clipboard
SHA1 a009ee79927aec1fc09a933e04c8a0246c92df51 Copy to Clipboard
SHA256 202c700e08ba6060e51b609c67c733146b73f4d6ce8a94522782f08154d03d61 Copy to Clipboard
SSDeep 1536:O5c1tSZAalRrK+EyMMCQMB/1O6K5y0ahDS7UZBgUyewVR/6cbK/4op4f6:OlA+bPMa6KkxNS7UM/1uY6 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zXsCJxy6.wav Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zXsCJxy6.wav.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 2e1dbe27ce7edaca9bb6b1d8da12c5fa Copy to Clipboard
SHA1 31587837d7306e1c7a6735472323bcd66c2c37e1 Copy to Clipboard
SHA256 d2214ce7ab29daa41b160ce662a091dfeedde570702192c2fb7403f29212c50e Copy to Clipboard
SSDeep 192:u7BooVv9YEY2FtLLMmg6OB9wa40XX5wDrH+hbOpqizj1rAq:u+elYEYi5E6OB9wa40XXweOpPdAq Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2LiupJvdbti.docx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2LiupJvdbti.docx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 ec1fc40b460433ba93a0f8c466e2080b Copy to Clipboard
SHA1 ea04f70cb726c378035d56efac9d1b9621e0614d Copy to Clipboard
SHA256 f8e9fb51f4b01b335df05344d28c55708aaa9ae4f7351946ac05b72c88034851 Copy to Clipboard
SSDeep 1536:z7oVu1kPreeOg2FA3a+KgQKEKPXGrvkpusU4Fb+/wHu8ePX1UC:z7BkPE9FA3a+KglEKPXGrvk4svFbowHS Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\P23U.pdf Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\P23U.pdf.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 e525cad819a41ae27faead04b69fd628 Copy to Clipboard
SHA1 16f7e4c8c652c95e865fa3783f46cbfbe3b99af0 Copy to Clipboard
SHA256 ea1d8fd7072f46155a4a4d2ca9bd69ca087ca46b1e855d17ebfb42e17e21e941 Copy to Clipboard
SSDeep 1536:5Gq1UaIQbHxB4aGAe5l4g87SW4qZ5nQAnARppyS:HUvqRBsl4gg96mARaS Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\Q7c4oMyc429OroOAX.ods Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\Q7c4oMyc429OroOAX.ods.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 7feee283592a1396ed0deabeebac546d Copy to Clipboard
SHA1 e3d9d648eae74658f28801a40c1a8ef7c62abdde Copy to Clipboard
SHA256 732a2adbba8ce1bf9d191fd856dfd7b178d5e502213e813ac40051f98226d7f2 Copy to Clipboard
SSDeep 384:mcCOzDsco4QonYu9YwhGs4b5iJ4FFt8Qo9Ghx7rpezB0e:mVOz4cPfn36wh34bk4LCGS Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\WPdL.xls Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\WPdL.xls.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 e03a95c3ad1a3e2053728b4c0060d6f1 Copy to Clipboard
SHA1 2419b18959d5010a89fcf31e2848d56cb050bd40 Copy to Clipboard
SHA256 b265925e07ef49306ba214eb6c98332afce86e238d7d7b8294fc437bf47afdab Copy to Clipboard
SSDeep 384:M7kkEfori2vGLQmUTaI4XPiKbeFkIvgkZ5BGaHK/5ChOGlGUL6MhF:MFHoQmUTB2qFk4gQBGcKxCs6xr7 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CRw7MqUMAxdnYPslX_R.xls Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CRw7MqUMAxdnYPslX_R.xls.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 8f6f6c7b6e61bbb7a033bf997699e40e Copy to Clipboard
SHA1 4d4ae5608a28accd009a79ac5079a3a880b49228 Copy to Clipboard
SHA256 1a32069f17cbb70f399ba8141f1765a4c3876901b302c99a4720540fb3eb6d90 Copy to Clipboard
SSDeep 384:IPZIYIguHX2jaxxafoljF1rsyJB/+36Uve9pEiMoP:Ih1IlmRIlHDE5E Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dWlpm.docx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dWlpm.docx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 897c1f4a72cebf44a163f551dda39f3d Copy to Clipboard
SHA1 3086b0b15317bb284531961775acf9fcf05e4bfa Copy to Clipboard
SHA256 910ccddaa9994e474de22a71e47b189090c346a50397c7a1eea3a04bc415c19b Copy to Clipboard
SSDeep 1536:IXxvR90ssZBSaayEdoMPAjwldcLeCSakfjZRcJ+Nkc7ot0fvW30EiLnMBTSxaM3u:IhvT0BZBCyEdRncLe9oJ+Wc8t0fvariM Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fLFPzC180Y.odt.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fLFPzC180Y.odt (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 62f61ddc86cecda74157e0ac04780e37 Copy to Clipboard
SHA1 be5dfe26a81513b60a3004df841252c3414f5eb8 Copy to Clipboard
SHA256 5bec3475fa36b18079bc3e4205128097ff8adda21d04d6d15b681c165e203082 Copy to Clipboard
SSDeep 192:ZrKqGD3PbqCiR1VwGi1OHUNcQvdrYNm7xZMgEADczS:pKq63GPLAOHUquYNm7xZMgKzS Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\LhosEI9F5SFrie.xlsx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\LhosEI9F5SFrie.xlsx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 d7a48c6871cce7ae2caac512e897010c Copy to Clipboard
SHA1 f6cb3e0b704e349401d83d0f0f74d7a7d9a08c92 Copy to Clipboard
SHA256 c7350e24c24f54edfaf4f4910f4580b1b440b9d401bdd4e70f4ac8cf21136af4 Copy to Clipboard
SSDeep 768:YJS7g+BMfN7XbYhnm/iJwE+kPleIbOB0ORjI18yfRJ419Ik78De3ZCwm1hQJMxJ:zyrYVuHE+kNeIbO/pij47T78Csw4xJ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lrC 4tDSD4ceB06u60.pptx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lrC 4tDSD4ceB06u60.pptx (Modified File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 d53239329e12f524b6aee98a13ac1a0b Copy to Clipboard
SHA1 e6dddf0648c84e33c853f4f420d730d17aeb8b2e Copy to Clipboard
SHA256 4e8ef18e5d9c748fdc2846bd3e861cb0635552cab7ec31f519f13af42263060c Copy to Clipboard
SSDeep 768:bRNhpcNdHwC7qd2gVOMfz9fb9m56HhBAQdYP1peLqOIaCTx4Rq:bPfcNDqTNfpTPH7AGG1cbOTx7 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MNqeHyOAhEWRYiaQz_.pdf Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MNqeHyOAhEWRYiaQz_.pdf.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 cf848f114504cc7e3bb47a9904f5cc63 Copy to Clipboard
SHA1 0aaa7b2bec86d183b1b32855285f5a860f67e0e0 Copy to Clipboard
SHA256 623236022a273b7ddb5a0979fd01eaf7ac1c652cf56f46ef7117a349eff6570d Copy to Clipboard
SSDeep 1536:yykZsz0nR8EpsI12+fT+uePMsoQcMAAECmap6Uc04bzM:yykZw0T31CucPowAAElHURYM Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Boot\BCD.LOG2.ReadInstructions (Dropped File)
C:\Boot\BCD.LOG1.ReadInstructions (Dropped File)
C:\Boot\BCD.LOG1 (Modified File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss (Modified File)
C:\Boot\BCD.LOG2 (Modified File)
Mime Type application/octet-stream
File Size 536 Bytes
MD5 e9f7c8e65cd4600b152a023b5a40e372 Copy to Clipboard
SHA1 78d8df8a523b51266b974967edd77750b8e23509 Copy to Clipboard
SHA256 80ab365ee8076ace181d13a8f0912d6b17604f94fe8dcbfcb3f4101b94ad9b93 Copy to Clipboard
SSDeep 12:JlkYj6ehTG/vmf13lY0DMj+QDdU6He4xfayJwlMt:JCS8/vOi6y+Q5U611ayJwlE Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qEt1wi.xls.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qEt1wi.xls (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 59271c533bb1e22ad931f992c0ee8d25 Copy to Clipboard
SHA1 becfb4919b343e6e2bfd89e9367684dc3080a1ff Copy to Clipboard
SHA256 00df33ff4ff2c724b283c5a426efaa2df3d9f4c2bcd50cf33825cbe1c64d0da3 Copy to Clipboard
SSDeep 1536:53kD1ADfNqRV7zKYUKLkQ3fJganfGJ1l77FJdW/2ssM3eYm9GF8c8wM9TxA:tk5cYRVfhrJqdxJdW/2ssMOYm928c8Po Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qnLFDID-KlHDn4Z.pptx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qnLFDID-KlHDn4Z.pptx (Dropped File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 9c76f4b6ba64ab347ad97d0c98b87de6 Copy to Clipboard
SHA1 75f66fc58646670de8c999c3912d2f779108e5fd Copy to Clipboard
SHA256 13fc1226fcea7aff2651792b74dc6651916b5b61030030ccb63c4ecd8530d0f2 Copy to Clipboard
SSDeep 1536:HtPGX8wpGy3qR0phcXeIUsHKTZ8wrgkT4tXnHngSYYRIpruAcgvZhqOJQJEWN:HteMRIhcObN8Hft3HnzYY+pKHgvygCJ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\t4YVY yfDSOQ_pqfU.docx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\t4YVY yfDSOQ_pqfU.docx (Dropped File)
Mime Type application/octet-stream
File Size 96.52 KB
MD5 47ca038af31a7ea9d60d5d8895b051a1 Copy to Clipboard
SHA1 d69688b0058822faef0a7617db2e2efd56a4d139 Copy to Clipboard
SHA256 2f25fd6b5a413822646834951202cb76f808925e6bb5f863ca376a6f4778ce66 Copy to Clipboard
SSDeep 1536:Mgb9Jeqz6N5GCHC93YFbzm2H3iopni5UzGRWWddXdSU+QYcDFsAEZ7:MgRJf6jGCc3YF/m2HLiIIbFAcD+9 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\T9gshfLFkyfs.xlsx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\T9gshfLFkyfs.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 c222150c331db0b7a68e482f0ca8aaa5 Copy to Clipboard
SHA1 d26af0b2b0351613462d9735534388e324184a7d Copy to Clipboard
SHA256 6324c8d1d62165c3e35fb92da6906c51169c0f517132731ed361b83f828e6f4a Copy to Clipboard
SSDeep 768:DkYIAr+D4+G1+yMRSALRXq9D1jbybvhBMz3EPfztKlHib56SxgVH8+:DkYIPD3G1E0cq9D9ybvMI2Hib5ghn Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TAdh5BX-WkuPD9.pptx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TAdh5BX-WkuPD9.pptx (Dropped File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 36061f8150c092d3c8a2100457c66e01 Copy to Clipboard
SHA1 16caff500771d77a3ecbae9450d8e4c3d021a4d7 Copy to Clipboard
SHA256 f7261d0d3e9c2b848878e2d83e64292f8763c2b290941962507f0bd4d1f1acfa Copy to Clipboard
SSDeep 768:DzUxDUMueuXOcxMvlL19dl0PzbWl8g3tj0kNb9z:/CRVcxYlz8za3Cs9z Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\CRottuTys.odt.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\CRottuTys.odt (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 5ffb8050d8917649c8647f0e9285aa85 Copy to Clipboard
SHA1 b1825bb0814a871caa3e73ca67bc54da72a8aef3 Copy to Clipboard
SHA256 b6a3befb4ce7844f3e1150474022e140e9449bebb9ed2a4bb66fd668f2cf8b3f Copy to Clipboard
SSDeep 192:31CC289d/tkJ55oVKeJltcEvHwKS+P4ZImLBfi/3fxERhITJYCSiD6ucqlpqX:R/tkqLJZSQQBdfAfxERCJYCS1uBlpqX Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\tiXfJKSs-S5Tiq0y.pdf.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\tiXfJKSs-S5Tiq0y.pdf (Dropped File)
Mime Type application/octet-stream
File Size 104.52 KB
MD5 76ef7c5b16b6f4ee38d7849f2787ed08 Copy to Clipboard
SHA1 97bbefb41480b5e60e859678286fedb8fa205ef7 Copy to Clipboard
SHA256 30fea0c41efaab2824eb3199e71f636f31810b01a58214f1262bc5ca845d8230 Copy to Clipboard
SSDeep 3072:LtKQeR+2x6i8DOPexZUAQUhuyEzZBqdQ4Y7O0QRcu:DmPPEKXUhEvcQ4stu Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YGCd1S45Lw.xlsx.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YGCd1S45Lw.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 96.52 KB
MD5 1b1e79d437b3860d194fc8949f8cc959 Copy to Clipboard
SHA1 9441c2bdb6fdb33b6d8575ce02c2db37d34a06ab Copy to Clipboard
SHA256 6c517e83239d3d757e14759f41131c05fb15e712e7397c5321828481e3542da2 Copy to Clipboard
SSDeep 1536:GhmMtSgJ59YGVLgKlEBIiA/5YZBmDM/4Xm07ZAtPxaSZep0ls3bHmaol/:mlLmCkKCBIiA/+ZoS0VAxxTZS0IbGBF Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 7572b0edd8c012246fd412ebab669526 Copy to Clipboard
SHA1 4da6dd3bb8c1eb706e10667b77e9b579ac7a01d8 Copy to Clipboard
SHA256 357fbdf1bba516cec88957ccfed48d93c3765b34465023e75173e739434a5dc5 Copy to Clipboard
SSDeep 192:JB6aeSfOIZL6mXasOMmTGigHNem6V48/wSDvNAEXuoY:P68m+mzMAGigteLVS+ND+oY Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.ReadInstructions Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 1b74b3bc02498273f226c9e401cf021f Copy to Clipboard
SHA1 a6d2e968ffcf74992f8fb19c77869b7ebc39db04 Copy to Clipboard
SHA256 6ab202fd9cc875745c6b95daa753e081454259d74e6c2c29c5be492fc6914b3b Copy to Clipboard
SSDeep 192:JwKehcqCYjnEMPooSmWpvkfKXOtKAkm4SnB92LADsEW0QhLY:6KeaYAMPooJWpvkqOiSB92vZbhLY Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html Dropped File Text
Unknown
...
»
Also Known As C:\Boot\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\Recovery_Instructions.html (Dropped File)
C:\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\p7B2aM7S6VhQDF4Q\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Recovery_Instructions.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\Recovery_Instructions.html (Dropped File)
Mime Type text/html
File Size 4.05 KB
MD5 8b15d6a7a3ae443fed09fb8bc85c77f8 Copy to Clipboard
SHA1 cfbd803e2b46e8c7534e6821078f774ab228c5ce Copy to Clipboard
SHA256 4902cd1ca7593657fbe3a1d77380939aee15c06876c5b1a08d0f7854cf369cdd Copy to Clipboard
SSDeep 96:8y+cAl5azln+DtZogV9SFUU7Wjgf4m8CiKMr9JMpd2CDA:8OAl0z8DjFiWj+4ZnKMZJMa Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml (Modified File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 f06ca069fc40ece5a05b4c8ae9ab1d6e Copy to Clipboard
SHA1 c4e3fd0131c62e7017662043ab8610de1d4f6c6b Copy to Clipboard
SHA256 d7d52c706f531324120c7757f4b235103a0bf52a9fb960a59fdbcd9b50babc8c Copy to Clipboard
SSDeep 192:v3MZBp8v8T2JXHLkag/RsLKcWDUbKGUyAc9p:f+T2poagQaDUr/p Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 485a346c0f056ec8fab50ad3e02a467e Copy to Clipboard
SHA1 574daa1e77735ddc9ed17207893a00f9215d29ac Copy to Clipboard
SHA256 b6ca11bf2e25cfa876a3b009d921fe5b357cc898b55b2786bc0294812e9481e5 Copy to Clipboard
SSDeep 192:vFc4RSLlFsDDA3S+ST3p1m5m42u91doqlVvrQaY:y3LlmItS7aV2u9PoqzzhY Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml Modified File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 f74f4b6d12268b3bf35cb31fccab22f0 Copy to Clipboard
SHA1 ef7c83c057bfda2e37d4ee4b2dceb946bd542c46 Copy to Clipboard
SHA256 33b1074d584520c27d56bbe638bd552ff5c89f03ee378c30dedc0df13f45aff5 Copy to Clipboard
SSDeep 384:8DOzLcOj8dejBk9oSWf8q+pNCi1yoaobO5WqdOeHJ1NT:MdetkCmBA8qWWrB Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm (Modified File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 ecbb9f98a2843edab2cf73b5dbf51abc Copy to Clipboard
SHA1 fa1e6f77279cb829f76f2bf45edf995ccaf45c4b Copy to Clipboard
SHA256 b9c9df87c8e52688aaed6c3140e68fdb982e6498414b9129b2fb37bc5b03491a Copy to Clipboard
SSDeep 768:Xss+v3WMaNnm/ZhfixuxPYZwwmL33bAIYk/GNg35M:XsTv3TU5xuxQZwbHsIYNNU5M Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm Modified File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 b50c3b3fa9a86641ffc36475eb620ee9 Copy to Clipboard
SHA1 36cbc07c4a31ffdeeb416ff084f72d987213fe1c Copy to Clipboard
SHA256 92a396f903cc0dad09bb9e1197a1bfb03fb59a4e76ce6bb6cde4862f9690d991 Copy to Clipboard
SSDeep 1536:tkSKNqf9L1ravhVFaip8kiwV+NhDTsjHojr3VrE7geJMsqDqCWunpv+J:n9L1ravhDrSkV+Nl7jr3Vagrs/Cxn6 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml Modified File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 9e9a08c68739dc539846a01f5b2cc1c9 Copy to Clipboard
SHA1 d5daed62872d88ec65bdf2134ce7749bc08542b5 Copy to Clipboard
SHA256 7e908275300545365dfc9acffa02721a4f5aa0491004b7f8a63a54bb521e250d Copy to Clipboard
SSDeep 768:tNzauZEpdJq41zmwbNI52rV7fXkUXy8Vl:tNWHHhmwbKAx7xC87 Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml (Modified File)
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml (Modified File)
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.ReadInstructions (Dropped File)
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml (Modified File)
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 663f126f1a0f0b5d69e33f175e89cd54 Copy to Clipboard
SHA1 d7330212903ee748c840962f50a92e6f2bda8fc1 Copy to Clipboard
SHA256 744f137a4c5461a61605ccd8dc87bee7138f505ce9a61ff93a667e8292fd3bce Copy to Clipboard
SSDeep 192:v2FRyYh2psFPdOPeSTP/hs6QjRyWiIAp8rEbSsGmTV:ZCHy7HQjRMIAmobSjmp Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 31dd7b644295ce92b113c697cd0fd62f Copy to Clipboard
SHA1 9a047f07508e25ad52849d44a01c7c2f0f960fd9 Copy to Clipboard
SHA256 fe3886a0d7ebc849e9183d8f9c78cce975c585d1d62b2a1bbe76b45fd9f48e5f Copy to Clipboard
SSDeep 384:i6GMTcX/NgNjPS9M/3rw2nHp2PMIhRIXSwUUcmQmaWZ3D2MUEyE+7F7e2paU:XGvgM9M/82nJyjICZm1a6sJFDpd Copy to Clipboard
ImpHash -
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi (Modified File)
Mime Type application/octet-stream
File Size 3.02 MB
MD5 4fa1aafc78d9e289f9128ae8a95b386b Copy to Clipboard
SHA1 229e31f4e174b61cd8a5862ccdb13810b108efac Copy to Clipboard
SHA256 b81f9783b1d1e387dfad511c543f59692da3c612f4bbb157406fb34287512545 Copy to Clipboard
SSDeep 98304:/CROTQHy8erdbGoVlc/Bb+0eK9A9EKVepDbwfDEq:/prRflc/Bb+FK9ACAnfV Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 ad39d31a1725367275e914334cf8132f Copy to Clipboard
SHA1 8d22100ee7ad93f6024d2bec30564445ecb1e638 Copy to Clipboard
SHA256 6a4899b458c3032cdac7ec7907fe465afe1db4555b4f0b874a0ce007222acc88 Copy to Clipboard
SSDeep 192:/nzXl7cbuQU/9aH/H8wi7dk3R+7O+XnY1Iw0+U54+j:LqbDO9u/HKk3Rx+WIJtDj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-1okxtK2AJxK.avi.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-1okxtK2AJxK.avi (Modified File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 df6765dadf037962bdb62aa16a7ba107 Copy to Clipboard
SHA1 fd99eb69e4b37e4428e4050fe64ef28772b73725 Copy to Clipboard
SHA256 320947b5031982cbe0f865029fa311218feadf027728b91155fefdb1a4bf5a75 Copy to Clipboard
SSDeep 1536:m0xoDhBex5o65RrlpivBTLh9NshRf2OE3mvnDEftZRT7cNDep:mmaBHKBpituf2O2IQftZp0Dq Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\60BZbE8XuNOo.pptx Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\60BZbE8XuNOo.pptx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 576209337cbf3f8ff3b6ce209ddf9315 Copy to Clipboard
SHA1 f9c07e2de1958073066d922fc504f93f1a346464 Copy to Clipboard
SHA256 e594e6b02b87e77168562dbfc87f957a8a7fa3ec4d63c52cd775c39b88cbd2e1 Copy to Clipboard
SSDeep 768:FjNXbXx0HfoIng2VTzJEdFEdP+vZzBbsoe1c4goR6VwHwIRhbTBTgY6e6S:rXd0/omNPP+v4goYVOhbTyY6e9 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\ffLad6zn6yMjATGS.xls Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\ffLad6zn6yMjATGS.xls.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 96.52 KB
MD5 ae21b339cde74f53279a1ce818676b7b Copy to Clipboard
SHA1 3f9ddfb564d18c58d71b444e28dcdd896c32b45c Copy to Clipboard
SHA256 e0d0f7b8bc70c36e51e4f8211f2b9f0bf925cb6a3f5a9d0265ee490ed28ee805 Copy to Clipboard
SSDeep 3072:8Bbgl2+hdz9dTb9ose0N3D3u8CSjBE8KMx:8hgl20dzTbSYxD3/x Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\JH_iUb0NOl.avi.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2kOePIUk91ashW\iFEL_z\JH_iUb0NOl.avi (Modified File)
Mime Type application/octet-stream
File Size 96.52 KB
MD5 ba29ad4600c62affd277754fa92d0d7d Copy to Clipboard
SHA1 7b00d52b51384886b9455c572888b693bdb8db49 Copy to Clipboard
SHA256 d5c3256b7450ddab7b0b5e93996b028384e6e345b311c114498156f128394c0e Copy to Clipboard
SSDeep 1536:J1YYVB6pHEScLx/geZT56NQVUuzC1L514qeGaWMM5hHtzGfpXYkfYPE9IpWb:/t2gLx195TzzC1vpZFhNqfpIkfEESpe Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7FezEQ.mp3 Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7FezEQ.mp3.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 9154e44a7447a056a49a9c35166eace9 Copy to Clipboard
SHA1 0d9e40ec3c310d9aed9e93196e1e0426870dd70e Copy to Clipboard
SHA256 ef740c27eaa5cc8e730cdb7be03ea82f306176da9045537480b6da111718159c Copy to Clipboard
SSDeep 384:9QN+oREf1MkTEWLsOFFdp+gqaK712MXB4q5JBk6RU7gv:9hoREqa3Q7bvBd Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gkAaBDnf7QM7mOHG5bD3.flv Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gkAaBDnf7QM7mOHG5bD3.flv.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 b0f5bcc7447612c7758f403fceb7a57e Copy to Clipboard
SHA1 0c07af94cce2fbd9c7e001b4d68d354e4e75d448 Copy to Clipboard
SHA256 759104311e683741143307b1fcb46e3275521a8efbdf74d523af3aa0f82833b6 Copy to Clipboard
SSDeep 384:W1DCHK1pPLWILumR+XQXSW17wVjPrSGV2zRBIaNk:omq1RLWILb0/fVrrt6RBIaa Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\eISj5nvAzrReID.mp4.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\eISj5nvAzrReID.mp4 (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 249bf553288e6b110cc3a7ae27f871f5 Copy to Clipboard
SHA1 5e4c1f885be63e82cfe3c494798dc2442e3428b3 Copy to Clipboard
SHA256 8ecce22c661d9f8aaa08f2feda2235aef29a78a8186c7198d836456b3b4d2548 Copy to Clipboard
SSDeep 1536:OUg3WOrNehgsVdOouQqPnX+MomEfHR7GHGBqYboQKKb:ObHugjouQu+EEfHRqmsJpKb Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\qtMMBf.gif Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H79lw\qtMMBf.gif.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 16.52 KB
MD5 01b169f49ac9033ee4ca5cd6f0b1d66c Copy to Clipboard
SHA1 6c1dcd5dcae317fae9dc881c8324d2a70057c7f0 Copy to Clipboard
SHA256 83943eadb52c34fb292db7a7e7e8d131422f48c9cb5a5b8b049ce61ebc2ff3a0 Copy to Clipboard
SSDeep 384:KCXPh9gGhbM+uRMCLoS644Se6WK2PKZcbql6fsRHg25B1f:j5911aSEv7miQzgHP5/ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msuHG62OSkt1uD.avi.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msuHG62OSkt1uD.avi (Modified File)
Mime Type application/octet-stream
File Size 40.52 KB
MD5 846e33af14c52d92bc444c6f6e7fa0a4 Copy to Clipboard
SHA1 0f09659c962e9866a47943c8cb8205170f1bfceb Copy to Clipboard
SHA256 ae004ec337f20eea18914d025d12c674e2dd1f5e3e173462b7276b88e34a545c Copy to Clipboard
SSDeep 768:BO5BrFdTHHBa31l4q09yo5yqoTViQovYvMSZzoE4bp1+mNyz8yJcCN:4PjBm1l4pyqoTVpl/4b2mAPP Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePr4ttvEubz1XfRI.odp.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePr4ttvEubz1XfRI.odp (Modified File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 517157fb716fa30c5a716f58cab6e4f5 Copy to Clipboard
SHA1 7af4d57508287934cbb74b1001f37ae04cbe7c9e Copy to Clipboard
SHA256 927a03a8a7ce881f3f478f36b5dad43407e06e66a70f0dc4a656399ddb3fad01 Copy to Clipboard
SSDeep 1536:GuYzmD/9zIFUFm7wJvRPUCCB+DjWIDJstGqygGzut1h8WOv:zYz4gSmMJ5PUCCYjWEayLcnOv Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pFXMqEWF DJBSxrMwMwS.swf.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pFXMqEWF DJBSxrMwMwS.swf (Modified File)
Mime Type application/octet-stream
File Size 104.52 KB
MD5 b6c3d76fe57f04bf4b7ae55fc0bc1e8e Copy to Clipboard
SHA1 742bf4182f191fa77cefaf54328405ef50302ed9 Copy to Clipboard
SHA256 93833d58a658e6bff29110776f62078762c2205bcd274413a48442f7a74133dc Copy to Clipboard
SSDeep 1536:Qh1seHZ+raW/omb2hIN2e5QsBs+/26afBhKaEN5Fah+D/kKSDg9/x4dDA:Q1seg/omTN2iznu6A9EN5Fah+VSDYkA Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Puwrt.mp3.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Puwrt.mp3 (Modified File)
Mime Type application/octet-stream
File Size 56.52 KB
MD5 8c18414388d1ef02bfb106b9689cafb5 Copy to Clipboard
SHA1 cfd524f0b20b9d628e24d26cb2bdb0a475796b41 Copy to Clipboard
SHA256 a30b02a0d72d910071d85f3d97c76a2a9baefed92fa137f301be0c6ab88bf138 Copy to Clipboard
SSDeep 1536:tYqt7JacVlAgYgIz4eCY/Wxll9nPbW+bLDpqQ8Md0z+3hv:tYqtVVXoeBP3DAzEhv Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RSu4kMBBtJpnCCTeO.csv.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RSu4kMBBtJpnCCTeO.csv (Modified File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 2d7d67c194b1d0d4a1c1490f0e8e0a58 Copy to Clipboard
SHA1 680a96c47221c41c7270b7b766f5981e93fc14c3 Copy to Clipboard
SHA256 a7c8fc604e4d7d5ffbbd2fec7d81aa52c1dfa94dea82c8c212824bba5f2e9d01 Copy to Clipboard
SSDeep 1536:fOiRJntUQ1gZRxgwLnxepQLR/sP8QYa7iMDAvC4w++0qCDHzrD/4/mZBvj:XfnaQ+Rxg/KsP8QYaGMDAsm7B3j Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\S5a0JmL.pptx Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\S5a0JmL.pptx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 5c79fb522df851152fd76739414444c1 Copy to Clipboard
SHA1 cc763f62d70c40caaac61aa2e22331a4f9bf7077 Copy to Clipboard
SHA256 5258b5a32052f9de0ba0cd018407881fc01f092c94069680f8d66f450c0e34c9 Copy to Clipboard
SSDeep 1536:QBRVvtSvS8fqJ6gsDzTJI2+YZDRQBhmdj2bNb:QbnSv7yQPS2v1Q7mdj2hb Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tngj2Z5jiGI.png Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tngj2Z5jiGI.png.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 08aacfac103433e2e82184858921eaf7 Copy to Clipboard
SHA1 87bb2718d72968f319d8850cb880b454760b4f6a Copy to Clipboard
SHA256 0354e77a8a7febdc4581c07869faf60b222836cf687ba374f57eab19d08f9e61 Copy to Clipboard
SSDeep 1536:BoUJrkSvn2pWhoktzurpoMWgCLFGKztbMuyoNc8XIFRpYtq/GGYn:BrJrJn20zur3yFPMIc8Yv6tqOhn Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\ktoCr.ots Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\ktoCr.ots.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 1fea0298ab6deaf2e36eb84187ea6792 Copy to Clipboard
SHA1 f0e40f63c7cdf44e45e830e08f334eed5ca6ed9a Copy to Clipboard
SHA256 598e1d4c5ce6b729eaed2b52310a05c260bbdf67d23e04b20940bd2c168f5062 Copy to Clipboard
SSDeep 1536:xnrO5uOy4rXjvUXoEpnDKCplqN0U5QZXIPxpTQ7nalhcv16P6aHJBE07AzBfVr2z:xrSBrz4LJrfaQUJQmlhL6a3E07A19qz Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\PWD oMs5aZrBZQr-.odt.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\PWD oMs5aZrBZQr-.odt (Modified File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 73c242e710f922a0b9d8f3e2d80b7020 Copy to Clipboard
SHA1 0c2f95b024b2d9f34253d8445f1b020ae054a368 Copy to Clipboard
SHA256 0e49e3b435c2cb2f4d66e1af3a0655c1c1674e4429f84e88f938947357e27c68 Copy to Clipboard
SSDeep 384:B7N3vVnCizMgGgzjUfIG9EAO8klAhsAGNu5ZGheTHjZe3mxAIu0/QKYj8Q2Uh:hN3vZzNnUfIG6BlAhIuaheXkZMWj8Q2C Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\x3QnZuBoW4hy.pdf.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Btb2pBA9FI9D5J\x3QnZuBoW4hy.pdf (Modified File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 c445ba5da9e237bbc93da9cb0a906863 Copy to Clipboard
SHA1 336343c8c9d6432dd62e449ab93421c413a072da Copy to Clipboard
SHA256 c7e6374253099f161ec63352feca0a856ad986d1d185d5b3fd1bd79ef29fe2b3 Copy to Clipboard
SSDeep 1536:qtrUWnFfDbt6SEWSsbGJ4VQMnv/8LxwgRYLXNr:iFfDb8BsbG2QNwoYbNr Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F--a13OJJ2wMulYTfy.doc.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F--a13OJJ2wMulYTfy.doc (Modified File)
Mime Type application/octet-stream
File Size 88.52 KB
MD5 f1e6a2837722e6837b01c6a896f6c946 Copy to Clipboard
SHA1 84cc82fcba27dc9ae0e7145b32ae0101c2bb39fd Copy to Clipboard
SHA256 13a1d0bd395a859af3b311ff781793ea8b0c1c97a47843d4cb70f453ee947584 Copy to Clipboard
SSDeep 1536:1n9PY+WGvp/rMvKz9f97DF/Ef8OdPRVSF9IMLiCHXnvW8emda5WgX5c4qpHKj:1nyjG9MifFa8O7iLf3vn/dkWqc4kHKj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fFDr7WrIUk2o1.pptx Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fFDr7WrIUk2o1.pptx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 8ed7caef5f63cce64a0a4e7467a7d315 Copy to Clipboard
SHA1 b1cb608ebc39f5b97697fb2d6d4ceeb300319ae7 Copy to Clipboard
SHA256 357e5dfc736460e975ab30e718472fdba01d52ca242ffa125b7310304f717c43 Copy to Clipboard
SSDeep 1536:nwB/Ou0oUzQNj/L1dtQlTbfmVVQ/XXtQsaxrkk80+lnBi0vQAG:nwB2u03zGjLt8bfHX+saxQzn5QAG Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FhiVbqcj.docx Modified File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FhiVbqcj.docx.ReadInstructions (Dropped File)
Mime Type application/octet-stream
File Size 32.52 KB
MD5 196df14edb78a7c74b5896fec2f47ddc Copy to Clipboard
SHA1 49adb0c2b48ba4ec4e2207ca1fd9c0cc2848a1f5 Copy to Clipboard
SHA256 1f04dc7dd9d0673aa1c8b3f0fadc17f794c86bb50dc86ef90661bb63f0336ea5 Copy to Clipboard
SSDeep 768:OU4jRYzFxueoBDRl7AG80wJqhrz7gV3CSFaxy/:OjRATODRxKfJKrzkwSFsC Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\hGMrE0n8cW.csv.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\hGMrE0n8cW.csv (Modified File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 fa0b8149c2c2eeafeed540d4c725984c Copy to Clipboard
SHA1 7933545158b5e4d6643e868d4721ed064f7ddf18 Copy to Clipboard
SHA256 7fc5b25435e0f5a9e4d003b036970c58d79850907aa795f10ad8195ba36df1e9 Copy to Clipboard
SSDeep 1536:SLFcRqGnVqHYqoZD2QyTQ2K08gKxA3Oq8C7tfgX4mBeCF4:SQ5nQHAtyTQX9xA3V8C7GrV4 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\IOGviqRTOf.rtf.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\IOGviqRTOf.rtf (Modified File)
Mime Type application/octet-stream
File Size 24.52 KB
MD5 8762f1f393e072933911789d73cb4390 Copy to Clipboard
SHA1 fba810b23e251429b7922ea3de4de8c0e80e48d2 Copy to Clipboard
SHA256 296764bfa9f5e24eefe806ec18abfc90d335772f4479031b696a2879c3a446aa Copy to Clipboard
SSDeep 768:zgMpfEJ7Nj7ann1DzFQymz7dr0Eo1kTwJfFe:9pc3ann1DzFitoET8Fe Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\olchP0XravFS0.ppt.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\olchP0XravFS0.ppt (Dropped File)
Mime Type application/octet-stream
File Size 48.52 KB
MD5 ace1403d1b56790622b1feb67d9fd770 Copy to Clipboard
SHA1 a99e704b9ca9bdc6650eac8e5db6b04cb27b5244 Copy to Clipboard
SHA256 28ba21eeb7f7208bb5277680c6886ad884f034dd3e105ecb9118a48154d7e7e0 Copy to Clipboard
SSDeep 768:HmNLVV3oNCm+otWFriTlulaCdRLOLpJfCrfJRVkk15lC/rOiU59llBxgr2:HmNkNC5otWdQsvtOLCRVC/rOv9llBxe2 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ppGMy.xls.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ppGMy.xls (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 0f0851c1f33d0e63b65912c7d4ade679 Copy to Clipboard
SHA1 642b115c63bf9bbc6ae63ff45f3f0179d689957e Copy to Clipboard
SHA256 0ce1dc066c8d9163f969c9c27926e1955484df814596564b2d585ab08b8adb84 Copy to Clipboard
SSDeep 1536:Kejs43Vpg+zWRAFb3TdhsC/fCGNDDBzLn6U8sQSl2xWlTVQOUpM700:KisYjg+zWSjCGNF6BsRlACRQOt700 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SBdasca95c9zW.xlsx.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SBdasca95c9zW.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 72.52 KB
MD5 4d4903d32c1176cd9990fe658b8a11c0 Copy to Clipboard
SHA1 7a5cd5f02890a2a6ad51b6b137355f4e793e0dfd Copy to Clipboard
SHA256 fe78ff5bb177fd2da1736a2ca8b6b0f48823e846192211bf742abf2797fcc587 Copy to Clipboard
SSDeep 1536:JweTJpEha5GB2vLSthbqFmSBP0UixRiQQr5pKCIcc2ptp47Jm1J2:JweTJSi62v2thb3SB/iHi/Z5fd1J2 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Uju9W8n91s.docx.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Uju9W8n91s.docx (Dropped File)
Mime Type application/octet-stream
File Size 96.52 KB
MD5 698c2227f3c548c615dfd65d513095eb Copy to Clipboard
SHA1 fd1777892252d4bbd68ac973f01ebb0bece7b896 Copy to Clipboard
SHA256 694679730a146951997730aff15914d3707bc826b848fc43ee57a625a01b76b8 Copy to Clipboard
SSDeep 1536:9w4sm5AmenKXmuZqQ6P5o6A2rK9W49Y21Xh7xIeoAPkx8YJ5RkLvlax:5DkQmuZJ2xr74vTxD5M07lax Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XqxbGFCg4US5E_.pptx.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XqxbGFCg4US5E_.pptx (Dropped File)
Mime Type application/octet-stream
File Size 64.52 KB
MD5 15dfe782f9932c31008c1dc5b25cf169 Copy to Clipboard
SHA1 af18cef4f564fccb4a280452715c8b8bae95b14e Copy to Clipboard
SHA256 8eadb64e836c428672bf38373a4c70c9815ab9ec4d80ca2082c21b20d3ea1f85 Copy to Clipboard
SSDeep 1536:NaKAQUh2bL3DK8ery4tD3HEKGeEpXwZM4d4/2unj:4H233OxDVGw+/Z Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y-xx_K69pu.xlsx.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y-xx_K69pu.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 8.52 KB
MD5 771916860ef933f2df5d92d5e104097f Copy to Clipboard
SHA1 5b482afa7ba49df680a89c750d705dd694d0afb2 Copy to Clipboard
SHA256 ea20463dd050702de6fa656191ad9633928da8b95f2adafe0642b49a6a0f9627 Copy to Clipboard
SSDeep 192:XFK7v6wbsc2vnpFFa0pW194DVCPW7fT9udpf8+5Nx1v7M1kXZ0nJc:hwEvpyhADVCgZMpE+91v71Z0nJc Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\aQDE8guAka.odp.ReadInstructions Dropped File Stream
Not Queried
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y9zAFTO-dNzvRVWGMUK\aQDE8guAka.odp (Dropped File)
Mime Type application/octet-stream
File Size 80.52 KB
MD5 426ab00927312dacd7531f6af9ea2b87 Copy to Clipboard
SHA1 a7aceedea3a452fae413656bad58f4a5d8132b0c Copy to Clipboard
SHA256 07d1496ab8b52631a1eebae9f297fa6dd2b8bb8359be61b5a41326b10c4c87ec Copy to Clipboard
SSDeep 1536:gpJqUIHY+8TlF16c3MzbPbhNtU/wJY0v3zMX6iFIqxQXbhdb0:gpJqUIHY+Kf8cmPNNtUwP3w9Fr6XbhdY Copy to Clipboard
ImpHash -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image