| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | peparser.dll |
| File Type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| SHA1: | 0d25a6b7d964f262355186b0dbd6609fccb1117c |
| MD5: | 6d02aad36a0b84c5fc7d943fe7737f44 |
| First Seen Date: | 2017-05-22 21:12:39.208612 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2017-05-22 21:12:39.208612 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 6 |
| compilation time stamp | 0x592042EE [Sat May 20 13:21:50 2017 UTC] |
| LegalCopyright | Copyright \xa9 2009-2017 Marc Ochsenmeier |
| InternalName | peparser |
| FileVersion | 8, 60, 0, 0 |
| CompanyName | www.winitor.com |
| LegalTrademarks | www.winitor.com |
| Comments | Malware Initial Assessment |
| ProductName | peparser |
| ProductVersion | 8, 60, 0, 0 |
| FileDescription | Malware Initial Assessment |
| OriginalFilename | peparser.dll |
| Translation | 0x0000 0x04b0 |
| entry point | 0x30094740 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 801792 |
| sha256 | 86db6ae7f3a86a5e8e3dba46523e82d55fa1138b811660e5c9c1babc5035013b |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xa8970 | 0xa8a00 | 6.576794 | - |
| .rdata | 0xaa000 | 0xd0b6 | 0xd200 | 5.526284 | - |
| .data | 0xb8000 | 0x3cfc | 0x1e00 | 3.816384 | - |
| .bss | 0xbc000 | 0xe95 | 0x1000 | 7.954666[SUSPICIOUS] | - |
| .rsrc | 0xbd000 | 0x5a4 | 0x600 | 4.265865 | - |
| .reloc | 0xbe000 | 0xa6de | 0xa800 | 5.405006 | - |
create
RT_VERSION
RT_MANIFEST
- Certificate Validation is not Applicable