Advanced File Analysis System

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\rus.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\rus.lng	Type : data MD5 : e6504c0019035549de659bea0c0f0fbb SHA-1 : 57b92cd3e17f498ffc1722d31302967bf0a65b6a SHA-256 : c1eddc3f94c6e843c357b1018d826e209c7c4af7c379f1721b0f6124dd5e8a1c SHA-512 : a1a394b8ccf787ea67751226edc36260e8b64c20283bb3991730333935cfb8f59ce1f12f6d276856ebb3a0468313e4067e8f49ecea1f7bf0d00e19a583fd68ef Size : 101.902 Kilobytes.
C:\Windows\sysnative\Tasks\Auslogics\Anti-Malware\Start Anti-Malware \xd0\xben user logon	Type : XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators MD5 : d99ce12fa7328bb64f58c21ef33ac09e SHA-1 : c1acb13e92194a1cbfe83c4b3437b16ab9edea74 SHA-256 : e1fb3a4d164072d208a5a59869decf543063ada59a9b4f45f03cac3924c18286 SHA-512 : d1924b163cd20d99f8c142cd5a788924a48cdcd22ef8dbed3d899d1ae7b92ae579fa265d565302b3215234e0bd5d5b45a6ab1ea4b75ae2b4cc56896d01ca929d Size : 3.576 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\AxComponentsRTL.bpl C:\Program Files (x86)\Auslogics\Anti-Malware\AxComponentsRTL.bpl	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 62d0be44a93b8cbd8b55beba4f4af702 SHA-1 : 955ccbfb8b9b92cdd19efd6d936817f5e1244193 SHA-256 : 387466f1c000fd10e45924ce978ec243be661f11a5fd3badc01f024cb6d27b71 SHA-512 : df9c30a8bba33ba87b82485d33cd06fa91c03dfbbf031a16ffc030366c414eb42e5763d0e4b29c00487df3e7f52d36b6c2699a7744ea2db1057c845a48f72f5e Size : 1792.584 Kilobytes.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Anti-Malware\Auslogics Anti-Malware.lnk	Type : MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue May 15 12:11:11 2018, mtime=Tue May 15 12:11:11 2018, atime=Mon Apr 16 08:27:50 2018, length=1904712, window=hide MD5 : 070d3a913408f75a6e1c7229499c9405 SHA-1 : ac14108cf46c1d1e0a415e0eac6a63676c9cd036 SHA-256 : 56b0300cb4d9d6dda8f291f1e4b47ce6d67c5cb3c9e515c0b314ad31dca0f56e SHA-512 : ab1f81608cacbb02fc6208983dc06850185be7164a30363b83922284d3ffc8a6e9c4efe56be83090428e8ec7beedcc95cde38fe958382c2922549fb1e2989a39 Size : 1.305 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\vclimg160.bpl C:\Program Files (x86)\Auslogics\Anti-Malware\vclimg160.bpl	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 23f4de2a720448099e7c33803b3f1b7b SHA-1 : 42c4e965a5168969c825cb9dd0374de1ac97345f SHA-256 : 7303a73ff4326d5ecabb6fdf52c0170db89b35ec67f5c5c960c499435db1c363 SHA-512 : 8c124c3a30f13ef9f1b67daea7945850f533df7e0847a28ddbe713b063d7c1f14a376204459d45bef041b1b066a78e8f008c0866e346e8eb15e2dde754564df9 Size : 362.568 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type : Microsoft Cabinet archive data, 6509 bytes, 1 file MD5 : 33b39e2a516ef730a8fa922894f0fbd5 SHA-1 : 03d455583dda59215d945af76af6293b202f586f SHA-256 : 9446e8f2056fea3ac1365a809ada04602606242c396f72ffe42fd1b781c24cba SHA-512 : 75763aa13b43eb96294b0f84e13106611198872e06fb79f4af4f35d020ed0add9d8d1b42fe7ec2c6340ac8e08b182f83469d813087c321c878f96970c8112267 Size : 6.509 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\DebugHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 36768d6cce882b3a7c6f7fc7fe5a2740 SHA-1 : 33a81ab7362efac343268d90378476d791f3c1e5 SHA-256 : 4db28b8c96b2494a21091948b38c34d413dc62a65d10174a67446ed306759c13 SHA-512 : 91425962a48783ce3e74c7e9d1b414858464787ef24db995073fe545d31dfe48ca9fc07f2be51d07db372afa67cdebe7a8d573dcde4c7ef9a79a59a542672083 Size : 1099.848 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4EA555947766F67C3BB52DEDFD509C5	Type : data MD5 : 76124fa025a43660f17bb93252e9664a SHA-1 : ffbe4c8533e3db11a57a83a5b19cfada44c71021 SHA-256 : 4703d71a179a93b4c131313cd3a676f23974d40ebfb8718ba7fc346ca7ad4e88 SHA-512 : bc7c36032418838e3c215e5679e809618dd5e1f8a960fe1e2c57ae6329f3dea157002234c30a1d8b1cc1da2cb691bed4508a68515b7f35fcef320a960beb460d Size : 0.212 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\AntiMalware.exe C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 268c75b169cd4ed8a4c6987e9538e8b5 SHA-1 : 28659896cfdc843b4740bbf3aba7446b9723da88 SHA-256 : 8e1cee98fc697664669112a4fd87b85d296cf60560c9e8afc6cabbab6149b5e2 SHA-512 : 0f4796fc651bc06ac2d1f929cb19a6dfe55c39ec1c5d365cee52a3670d33b8bff51ec0ebc27a7af44c766eb5888dca82b3fc348ad1a694f19cfc2c3c8195ebff Size : 1904.712 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type : data MD5 : bd07cd3b8f58f5a6bc89a500da708005 SHA-1 : 1e184ff7661736ec311c7b5cb49aecfbc23e0d1d SHA-256 : f9bfce47fb989312a3a56ea565694968a011412512397ccf2f7f253eeac84211 SHA-512 : 7b6d16b501f508c9c591f490021386a4a643e7df99adae2e605a25a3c9ef680f9c9f75e275e8877c179f04b8f9b0a3901f8f7f8f83df777bbe04727683941123 Size : 0.342 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Uninstall_Icon.ico	Type : MS Windows icon resource - 8 icons, 16x16, 256-colors MD5 : fc1ac7453918b607f349dbbc776b940d SHA-1 : 4d090429b072f3545a4741d0a04521458f9eab0b SHA-256 : 94ae9d061102e1e8d3bc570115bf8836f42ddf1e04beed6cc65756ff390c033c SHA-512 : 206b68d57c0a318f8ce7e12e8f1ac4eec336c8cc8a579f6ca0ba4348b61af249f2c8927d1b2140c238900dfdf0dd0c47f508aa6c8304384beaaf7b2d58ecd9b0 Size : 33.87 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\reader.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 56efb0f436bc2a9cf61dc723b03558da SHA-1 : ee530e1d27b1fc7b3518c063270779a568e8f0f7 SHA-256 : e201cabb4803a83c2f5852a26ee07952258aaac6a9030d98dacb3114c52d2119 SHA-512 : 89e958c4c247be1c2cee2c74adc36755adc1e3964a1ef04f8032661ee7eb4e10ffa6101e02f6eff9aea7898e8f93d69b6edf652549cfd1fc3015cb9c7a01d3fc Size : 514.048 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\CommonForms.Routine.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : f7556737aaa85dbdd14b78c405f6e971 SHA-1 : 4ea79b3bd236cad68c93b733ee001b069d6c4264 SHA-256 : 271bb737d4f6a4d2410f591973c6845e8968917b22258f725725aac2e18ceabb SHA-512 : b297b4a21e9e5fb6f91703c925ebcea81bb4396b51ed0bd3e591d7163eb53e069db800c83c03b91f6e9af4bda9385ce7897b8a64dd4c69995c80186e67ed1a0a Size : 670.28 Kilobytes.
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA	Type : data MD5 : aa5d461ceba38d4dba3a063fb04d012c SHA-1 : e1e4d4a078e92559474273bbb0eeae21c12661cb SHA-256 : 8586fabcc3a6fa57dd5446aab488879974588f1d4ce333c318b3b049f92a3682 SHA-512 : 3be26d11b657ab420ac0db6ec0d2288bba308cd7a98803c3715a8a540695bf31dbe021a7c99284ad3a0f7c9dee70f93ab70b6b1e9a03d466bec4b59e1bc58992 Size : 15450.112 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\savapi.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : e04ef6cc6c067f0a269d36697d5802cb SHA-1 : 0c12dc3167ec1b20f277f7082dbcbedd4e24fbc6 SHA-256 : 0a80f1c72e13cb180dcf5b9602aa94175d0f32043ee7b737bbb352be87f7bc05 SHA-512 : 858fed668802e22e1060120acd6905d86dd672b7d08aa36244d0ebd70286a5aad947edb5b3114dded0d4ac290a943a332244ca6f49418ecac724dc4fd6820dea Size : 475.28 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\_isetup\_shfoldr.dll	Type : PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : 92dc6ef532fbb4a5c3201469a5b5eb63 SHA-1 : 3e89ff837147c16b4e41c30d6c796374e0b8e62c SHA-256 : 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 SHA-512 : 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 Size : 23.312 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Data\products.json	Type : Little-endian UTF-16 Unicode text, with CRLF, CR line terminators MD5 : 27ae91b01c98ab68d44c919af67e0893 SHA-1 : 8705308b1370f21a69248100b4e27f8cd1983052 SHA-256 : e8546420af3600c447b806fc45786bcfd50e3e0c3eda7f847ccc031cc520fb59 SHA-512 : c0b038f695192066572fcc515d3c05bcbdd0fb740f1c62242715d508d8d92a398be2132bc3d43d5b517760fb88b32ccd58bd55ce9de6caf1dd10f6e4abb9145c Size : 7.15 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\esp.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\esp.lng	Type : data MD5 : 768933e5818107e618c5043069f75743 SHA-1 : cbe857f81399e55d7d6ac25dcb8dffb791ad7a63 SHA-256 : 09aa2732107c46bab37268d4728e3cec164f1c673a09bcbebf3eb66684c528c3 SHA-512 : 3b0558db8013917be8509507a30bdddd7640bbc933ee0ddbef16629ca4e31068fdd74775133b4604236bee9a3aa120428ae14a331cc6e8f0efe47e3a79b63174 Size : 109.724 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\avupdate.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : b5b0dd04ddddb44972de19ef75a4ae9c SHA-1 : c6a6de68a431eea9f2ed1ede3abbdc3e22365e8b SHA-256 : dc1f006cab4270a6a3e60b42f33623d5f34a870ed4e9d6ea200542b2ae5fc856 SHA-512 : b371f0b0804f1594ff4d6a20fe7b7ec6bcc39b556b513ee36f0474acc78c00b07da55c272d6bea7af8573c00410fe2a912d25d79075db9740c3d5a686d1f183e Size : 1713.104 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\SetupCustom.dll C:\Program Files (x86)\Auslogics\Anti-Malware\Setup\SetupCustom.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 10de28c7f38f5422b41872fcf0285578 SHA-1 : f0681e47afdeb07041b905671285d95f1be21a16 SHA-256 : 0e7c7de5207f12b511d15bf77f45d89d878588261e1a391fea2367414ad5a4e5 SHA-512 : 86e0c7cbbd9061f147903d22917c6df07dd99f71ffaab0f7506457b4e9bde2340c9aeb268346bc0770c4d1ced7c156d4a32f3d987f12b60c8d22e07ca488aadd Size : 671.816 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\AxBrowsers.dll C:\Program Files (x86)\Auslogics\Anti-Malware\AxBrowsers.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 88584a00f1aca51770506d608d24a62f SHA-1 : f50e631ef2a34bac9ed4987d0359ae158a6acc03 SHA-256 : 6a01b3edd60b2ac06a0eded6bff4d295b70287ed36c38548a0ea3516adba271d SHA-512 : c1b94e76941fc9830bdf1661b4bf0013f7a42d00d15fb4a24c51c4644f63d2c55eb9e676839a945281af58923d3e9e623e1b4dcb58225300e09f89000ed45176 Size : 1642.568 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\savapi.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 8349856ac3008fd7b7b739d1d72bd5be SHA-1 : 41fc08e09643c1c31dac6b422623a045e3c13678 SHA-256 : 906fbbadab6fcd8adf71e35c66377f17078a5a23fac846c360655b66f69e24f4 SHA-512 : 4c948453e70586dff9f473d77637fd948d3d751e3b5e099cef959ac5215a9a2ea8f0f50101d4acd680666946d77c3e2e171ff4dcdc6a4a0fe8af8769e77d0c4d Size : 507.784 Kilobytes.
C:\Windows\sysnative\wbem\repository\INDEX.BTR	Type : data MD5 : 73fb0c58d683f0d4e3a6c688e57c0cc7 SHA-1 : 1e97f8a7f61c9c14dab1a7a41d1c6aed805da5fc SHA-256 : 91bbc39dbf7c37a8cfb5ea5bb7241282af3099cbd61b10efb1b304e70c47b7e9 SHA-512 : cbe21716154a7782ba5718645900c88d787c2da811c802e6b9be2cff9eb8fcfea4ac6a03eeb0aa31256a18b0a0a41a335263a9f23214f08d63bf55ed9a59bb24 Size : 4587.52 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\fra.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\fra.lng	Type : data MD5 : cc0bf8486fc8ed14b13237d2d5357652 SHA-1 : 3ca42d5d661a8b65e1e52686031a1580c8199e58 SHA-256 : fb9f3c11a2258364bba16a93089a5b9eed8786cde7ab68765481ce414b01506c SHA-512 : 3f371209dc71b1c458c8cc7de05baca343746c1045df39555ffc950a2a4a36f733b3c10331dcdd0994ccd3cfae6a71ec1bf8e68e4a48a5b4d80c97be33bccbb9 Size : 114.084 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-LIT24.tmp\12af0c0e047b70ff8406407a6c5b49050f413fa7.tmp C:\Program Files (x86)\Auslogics\Anti-Malware\unins000.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 30f31bce70f8c1db468206e091d0a133 SHA-1 : a530f5bea6916183327171600c7bb67456cd09d8 SHA-256 : 82df78393e37b9ae0243b1e3207c01d5ead52af99d9079024fa1881d74772a25 SHA-512 : ed4d0b949779de71e1dbb42315896241d0cc7d222d2eb76f4a8ba316c9b983cad3ec19d2b5dce9c147a4c9086ccbd725fe660755837a2a3fd5ccca61f8dd7cf6 Size : 1225.288 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\avupdatelib_msg.avr	Type : data MD5 : 38f689e76d38b04aef97e9fe195f3a08 SHA-1 : 04974454a1bc504f793170fda2327edaaf7f9262 SHA-256 : f886f2403502a2870523a609d2adb9dc6486129edccda9008d7abd707bd455c7 SHA-512 : 9fba917bb987efc1b04d3c2c3bcf67dab02838d8ec8da6c3c74ad3e2fdefc36e5f71ab9304c1a92e5b75437eb6a2752be1bb935a96529d3753e8de6744b94919 Size : 6.384 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\ActionCenterHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : ac7cb71eb4cb9a98a3b6bf5282b0859f SHA-1 : 36ef5c94e0f42d8a06904b539a9c30c8b27b56f4 SHA-256 : a471f4bab053a3ecd2df6027333cb61b2650331b63dcd2ec29f6b832e876a431 SHA-512 : cf69c960bb7197b823790f969fce39e4db386e8c0de7bdac46073b40c42d83e117003efd7cf821230048f0eb01fb6f5e63ee7368bcb05bb873a3c8dce7c5cd67 Size : 373.32 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\CommonForms.Site.dll C:\Program Files (x86)\Auslogics\Anti-Malware\CommonForms.Site.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 10c14c84b607e6dee1e661c9485e941d SHA-1 : 9f993d907e3353ba2128492ccdb9848f4d96a075 SHA-256 : b64d7602ec7770f9746316ce88e1aa8f8f78eadf6bf4b32a52904c8be158553f SHA-512 : 9860d483b78280438169b3f51133139b3290b43c5dd123b1c98c9a1a53762c88b8592fb68706c29e0ee01482649edd80f47ffe593b8326202bfe8725a343d541 Size : 606.792 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Data\database.dat	Type : Zip archive data, at least v2.0 to extract MD5 : 3a91bdeaa2766100aec96c88e539d24a SHA-1 : dc43bd8cbdb9f4288a3cccb57be571bc61bae120 SHA-256 : 9102e71c5a03f825bd28d3a6b21f9dd61515441d1ea063315483368322d96b1c SHA-512 : 7513241714d5692367144f715d7ab83ad9baff7cfe741349917e121f86a5785539b1770189c8f38ef4b4de088cc00af5a12a1200b4e07761b55f1b34a39fa1b0 Size : 1.917 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\_isetup\_setup64.tmp	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : e4211d6d009757c078a9fac7ff4f03d4 SHA-1 : 019cd56ba687d39d12d4b13991c9a42ea6ba03da SHA-256 : 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 SHA-512 : 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e Size : 6.144 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\GASender.exe C:\Program Files (x86)\Auslogics\Anti-Malware\GASender.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 0b7f861a428b850ae72335c233ef9038 SHA-1 : 9927d3e5c3adfec290ea37b47681038944b4c59c SHA-256 : b6acaec75ad50ec30d88919624e86128fbf397228062c225ccff3401413072a4 SHA-512 : 19eb0d9f0fabe5f8300938df301a5345565db94af64d1596b9a7fbb1c786b6e83767e9d40ee9a12e977a40f1a8720b4e508d5dee087ceabe065d74f0c84df432 Size : 40.52 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\enu.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\enu.lng	Type : data MD5 : aceb000de11f8ce4d4b52ba54585e627 SHA-1 : da38044bae6a1ce543ef41adf7697ffde64539af SHA-256 : 04fa5455348f8b9bd877b332fc55c7e585d41b09c154841b2e1c41cad2b2d3a7 SHA-512 : ae25115f3b317ec1648b92eb1213515d875d20995dfc36b40969e325385d781faab9c9a9a2da1a72140e10eb6cd7100613ca0866a2f83586f3285774315a342e Size : 100.922 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\jpn.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\jpn.lng	Type : data MD5 : 82b2fd229bdf53b8468be214f15319a1 SHA-1 : 9cbc4acbe0be04123126a86d8582f86933293e7a SHA-256 : 9923232c86175709c9597aa3af2ca0b221527dd32f04cf6b2563b11c5bb6244f SHA-512 : d9541661b01601ff94accb3356b32af164e6874c99c28c4c2a4228f8beda57afff02ab52265bf7412ad7e1870f7bf7f5b8dbb9e6432e08e8676e2cc7823f7d2a Size : 81.006 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\Localizer.dll C:\Program Files (x86)\Auslogics\Anti-Malware\Localizer.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 6af74bebdf3c1d19a0ea156a72c6f795 SHA-1 : 939b4e720bf5d4fc9c172ee5673a0910e96c6057 SHA-256 : 8ee3a0d5d8941fabc1a97fcbc491439ed4838d7b6370d78a85f31e7097e7b91e SHA-512 : 5fcacb733c5b2078cfdb95d723857435f74017810a6289331cabdd8fc4db5d4e0dab3a497be5a81df227f1cd5e4c93c3f062f87136f3340c7108306237eba32a Size : 187.464 Kilobytes.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Anti-Malware\Uninstall Auslogics Anti-Malware.lnk	Type : MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue May 15 12:11:06 2018, mtime=Tue May 15 12:11:06 2018, atime=Tue May 15 12:10:45 2018, length=1225288, window=hide MD5 : 3544cf78f4a4aa700cdefcf9454bd040 SHA-1 : 8559afb68f6d891d528c42d9090a290c34424544 SHA-256 : 64b27fa9e6952d37c132d6126d7bdc78dab65e2d1398c4a2a6942c4107c5bb1f SHA-512 : e366eb324ddd1f1f0bb108de5df7bd30ea177c23b7543acd61d0a523b0c72310d87638b291c504574692c76f9ad9521089b11b35999a75e8ff23677e2221ca0e Size : 1.321 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\vcl160.bpl C:\Program Files (x86)\Auslogics\Anti-Malware\vcl160.bpl	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : b1a711606d65dbf08f92d85f255b4723 SHA-1 : eda2b8a7e73b2e9afa21da58763ef56cfd780d4f SHA-256 : 35b546b3db4ef5e0644816f5c1e400cc4b81670a35d1dea71a386ac713144cc0 SHA-512 : 7475ebab04894869236a604af6c2e3ef2b8b7280c45704cf808ef76056386c09b3cdf44693094592e493f9c4134ac961327daa1161006b88c4411a3eef703366 Size : 3425.352 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\rtl160.bpl C:\Program Files (x86)\Auslogics\Anti-Malware\rtl160.bpl	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 21de1536d26fc7095a938a6b1fc163f9 SHA-1 : ea3a0cc04d95da28717059a8e787f0a836c335e4 SHA-256 : 2df34a963fc546a6ed433bea9b722d71911e0a2242e5f67db994ab6546cefffc SHA-512 : e6739d6071fb97104c60fbd385282aa41c2a7a04249042490c3a0ec41e247650ba1233d977bc2caa57b040ad1734410666a56bf6fea0e32ae1aaca6b48705413 Size : 2897.48 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\AxComponentsVCL.bpl C:\Program Files (x86)\Auslogics\Anti-Malware\AxComponentsVCL.bpl	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : b9d42f50450f4fc3e594af510376b168 SHA-1 : 90dc7f72fd0d7e9d29872d2f99150505dc91874d SHA-256 : e9b2cfd3cc03b3e6e1b96caf935c208033771d9f64ecf2d0db31085fcdfaaf63 SHA-512 : 068f9d8779ee8ab9341d3b0798c4c90076cdf0a73ca2649ad59547f4d21c9a34ba74316d15382b43f4b99e26b53b7508f9e0bf45a5d5a00a002755946fd1a133 Size : 4179.016 Kilobytes.
C:\Users\user\Desktop\Auslogics Anti-Malware.lnk	Type : MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue May 15 12:11:11 2018, mtime=Tue May 15 12:11:11 2018, atime=Mon Apr 16 08:27:50 2018, length=1904712, window=hide MD5 : 9e16deaf1436ee97c7e44357d7624413 SHA-1 : dbe17d04bf84435e45c5b1884fa348f3143a679e SHA-256 : 0fac07e01e3fef6f144b61c122281df14237367b7b3c4ddbcadda394465ef2f4 SHA-512 : 2a6765d613fb44a5298871065bed8abac8b5a1fb323bc783cfccd705304fb6e9f8182b200b8ac6dd27c81b155fb11fdb6e3b6911931709210145ac6429e5c2aa Size : 1.281 Kilobytes.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Anti-Malware\Auslogics Anti-Malware on the Web.url	Type : MS Windows 95 Internet shortcut text (URL=< >), MD5 : 3291ffc8ba4faa0bd89f3c790a172462 SHA-1 : 3b8eb67e402bf1233c06268da055e9104544d864 SHA-256 : 6bbeec6fa7d52623d326014b0104dad120d43dd1b020cdb9b476da7efd9a5217 SHA-512 : 823f98a037e992d7c6eaca465115082e5b7bf1ba12fd74440a9fddc79eac9532e5734138c0d8c8f5b61ac6c65ea04fc57726c5fc9a208a9c84e6684cda578547 Size : 0.127 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E506CEBBC8B162CFB2D72DB4891DCAE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4EA555947766F67C3BB52DEDFD509C5	Type : data MD5 : 628e84a3fb23cf90dcb17f68761d7955 SHA-1 : ff88dce72d56a8d566a2a2a6b7e3bf96ec4ad64d SHA-256 : 6c80e5ff73e51032954ba3e81a2d04649246bd8fc5894be7f38d028739e47a65 SHA-512 : 2932ae962aaa9b4128869f760f4561dbf106be43a7adbdb1b5a7ebc996076ca478bacd08f3d8d4eb800573096229516cd5fe8c9e4a4804781d2f4e78d1273478 Size : 17.019 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\GoogleAnalyticsHelper.dll C:\Program Files (x86)\Auslogics\Anti-Malware\GoogleAnalyticsHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : add0b39c6d77f72d25742cb75de481d9 SHA-1 : 1b3030fe828811ae69801efc5f21ede19fccb0ab SHA-256 : 7b5490298245b9b33c1500cd456c0476b61f511f0c39c64041a04dd82f920003 SHA-512 : 45084c41e541ba23ba970fd2c0ed4f2f8672214fdbbcf5215f4bc6b6cee684b9f368812c075d0bdf21e2e739812632fbad7d31a74bc32509f3e564bbb4cf6ade Size : 368.2 Kilobytes.
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP	Type : data MD5 : 74b57351c8e8a14e090917d231fbca90 SHA-1 : 170bb7085e232a1ab83fb53ca50694dbc5829e0e SHA-256 : 02ac6f89d9544165b6e3551f3cb612d85e2eaf950e9bf472a7be4ef9df5af9e5 SHA-512 : 8a695a95653300f6f3c7182e05f61f65f0d79e1321074d10cd8736c94c9e4cbb8380be1a96334543033f3388e944102b6e33638413f9fb9f9172f82d2e6aa5a7 Size : 50.536 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5	Type : data MD5 : 793399451376281d0360abe4fca8f735 SHA-1 : 9548ed797472af17d43e3e00ab543d197f6a6a7c SHA-256 : 244d27e718bfedcaac21ee9592dc59e1c56d45469a6fb22e6137ce1101374995 SHA-512 : 1591f907b274382e006af8aca8e0330059d0855bc09088d59dbe2f9c730958d1e4c27b3f691fab99b237b45dac4969d4c7265e92bfca29879015209fa1f62732 Size : 0.434 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\CFAHelper.dll C:\Program Files (x86)\Auslogics\Anti-Malware\CFAHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : ce6412354a97cdce986b775279c6c07e SHA-1 : 4013410bbacb4484bd2de298a028e4747741d3e6 SHA-256 : 723b5990bca5d25a7f12eb3bcb6d2bc73d51841bec8d95af485511c5fb16e4e8 SHA-512 : 25595d73df8e2439e4fc3afb75dd13f9b325d70e24bc046134cc1fdc7b18efd165acf9f1012185a29484cef8c242eec080bbb413535384477c8a014e919e7642 Size : 93.768 Kilobytes.
C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT	Type : data MD5 : 696bad2ef23da7f0ccaaa7f76ab9fdf0 SHA-1 : 0efe907b47e8331cf56a95c0c06d324257ece202 SHA-256 : bd27979561fac15e4043fc980ad62f24f00738cba1f22b8e45cf1d50d88d1828 SHA-512 : fb1a4afdbf5f9e3d7e55eb806f660057927d6c35740c69ed2790fd7149b86b8637a39cf0315fcb182622a87d06362876c5621441911bff3d11c24d7fa19bbe7c Size : 84.528 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\ActionCenterForms.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : a8538ef0c20fb33db0a15a8d1b994680 SHA-1 : 533f202e17683dde5e82873c61bfaad741982c6a SHA-256 : 6f51d1dd6a861afc86e67843a073cbde51fe4838774b39bdfb2e5db320a22797 SHA-512 : 777a52f012ac91817fca17c2b5ab11f136589d5e04a07a2fd56c98bbdb6278f36e3ea9f52054e69897e4e2a430c5a22b1e2b6136e4f19226f779bd7b2c2b0298 Size : 1169.992 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5	Type : data MD5 : d0ca602196cc5fbf561d2fe9c1d9ef69 SHA-1 : 60ca266818a8c53f7dd81c369451d0c4301a506b SHA-256 : c6c025aa73d6ed18081e0ec65fb3df98ca2db5c2dea5c7af3fb1e50dadfaae4a SHA-512 : 7e406d558b834e07076ee78e80a145853b5edd2c621fc82ba2960325c7aa7b7668e07b6bc3ce20465a05cffbb2497470b65c6c7e3e5fe35fb9c24335e5f421f6 Size : 0.471 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\sqlite3.dll C:\Program Files (x86)\Auslogics\Anti-Malware\sqlite3.dll	Type : PE32 executable (DLL) (console) Intel 80386, for MS Windows MD5 : 09f8221b5b0b08dd30c42fb11f9fb082 SHA-1 : ce853139e6a028cde457837400230c4203644f5a SHA-256 : 6ef6f1ec27fc1b74a9e3e84708aacb015b324246980db090b13c3534d8de5618 SHA-512 : 1732e35bc068560025e23f295173b8a2f5f6a8eba6f7e29ec43788a46a07f04c41854e2b879c3ffeaa6d8491f97431d53c6bafc8f24a8f864fe5e7eea78f6b8a Size : 674.232 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\deu.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\deu.lng	Type : data MD5 : 4e0ffab92339277ceff25b564e5753f6 SHA-1 : a52f8a791b081cb077d8fe24b83eb1ba110e2079 SHA-256 : 49c8be4f36adc2a1d282a04bf16becdd4324fd49ab08e2391a414565e5257b71 SHA-512 : 2c53fe25730e4c0fbae68dc35e207c3fb066b703acb44014304aaea34986335d4f821da01d0987ef660be7d637090049fea86cf5c3e3e98af88172429c046264 Size : 112.486 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\savapi_stub.exe	Type : PE32 executable (console) Intel 80386, for MS Windows MD5 : 615a882bb1c71805036fea4fc9dbedeb SHA-1 : 3b2c7704b9ca20b09236883e9c6ca5d051952ca6 SHA-256 : 12756161383f1064ad9d3a2feffff0ddbc5a77838f04e5760bf41d603f8bd873 SHA-512 : 154b5210ac31875114f6f517412200567fc76f8cb0468955ba1d2122e4e4343afda2ef7d2282635f758c3cf9947edf4db8bca666906dd1f6aaf605d63b1baa2f Size : 84.424 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\TaskSchedulerHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 0c3e0c8d97c6993b4164d8b4b968caf0 SHA-1 : 6832d78d772951c6403f9ef84de639974f94f3f0 SHA-256 : abf9b8f581a24866e853500244f6696771131630e282f548c297985fbb7f32fc SHA-512 : 6c9683baf4fee46a5f5fef3c4057b438c165779b7586b1e91a4385b5a36cdd2857b9d9d8483b12e8ecde418f4055f3de22b7e4f2228cd618588651ead7f2b421 Size : 289.352 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\productname.dat	Type : ASCII text, with no line terminators MD5 : 0871de36436c555db30372ce9978fbd4 SHA-1 : 839409bd05faffe4c275081a7e6a2ca2376490c7 SHA-256 : e697202592e0a5477dc8ffe32d9ba72a0618efefbe8e03f203124268b2000a31 SHA-512 : 4af09f5884d6a5af3281e4f06438f2cfd75452191cad82c64dffb87146f966bcbfa79e891c71e51ec49674592646a2bddfa9e8300de94d59c57b0df6baf8a30b Size : 0.015 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\unins000.msg	Type : data MD5 : 5f38274fc51ec35b61e925153e26ef1c SHA-1 : 6ebc957cc000873b9b88e32c271fc1c63a5c22e5 SHA-256 : 946195c199c2f798ed0ab3dc8ae4511be30ad70e5fb994d677beee0ae249dec8 SHA-512 : 1f99244af85ef4d175426a38c5181bf0205f9dfc0deb4fc1136f43cc115a50076b32e449132891d8c20daa7ae8b146e33eb3418e2c146a106939977fb77be149 Size : 22.701 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_25904FBC7E43A1F0AEF65C8ED7D7B472	Type : data MD5 : 13890387f7984356a32b045e76a65da3 SHA-1 : e478e7609e9fcc9e36d2005787b4eb1d8e7b3824 SHA-256 : d05b29411f0caf7739ed30db2461febf693d9f025fa97dc8e5227c8d6d4dc775 SHA-512 : b62af7e755e41abc73aed632937620ea8e124ea8af4f4037c95ec1b6b274f2161cbdadec12cff13a85ec297d199d55575f2c5add7d072ae575be4fd96728088b Size : 0.471 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E506CEBBC8B162CFB2D72DB4891DCAE	Type : data MD5 : caa1507f155e216d8a6edffa4ba84dee SHA-1 : 79fda8d21c2865ed39d148562b516e9b52d6e512 SHA-256 : a8b295ebf8a798f5f57b929e1d66c1e8d6288b1dff6ae52f8495045472688a21 SHA-512 : e63623f6403692b1ad20d27b366356d154727cc437fe02d7313ba5bd83b7611a2b96212982e52ac455a864545f88591c5f25d8826525ccb7a62ab413c7261565 Size : 0.236 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_25904FBC7E43A1F0AEF65C8ED7D7B472	Type : data MD5 : 26ed6794b433404a9e89a423c9c34223 SHA-1 : 0ca9accbe913342332b9efc25c73cf9fb9bc4d3a SHA-256 : 311c2356750932ab607ed5694cb46e70e66b2395103796462f3b80bb7e5e0136 SHA-512 : 5d0517c43192cd2a328135e0db699cd9aba686f85023b8ea6c50fec014dfdbe563520771b57ba8928ea7e6cffc161dd0c02eaa779ead6f7a88dada7ba296ecac Size : 0.43 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\EULA.rtf C:\Program Files (x86)\Auslogics\Anti-Malware\EULA.rtf	Type : Rich Text Format data, version 1, ANSI MD5 : 2b62c4eb0b0fb6c38a88dc54d909c84d SHA-1 : 6800cd0ac9e99c3dbaf6077a1d12a7d419908ed2 SHA-256 : ec31153959c8fe031ea552beaed98cd32f8ccded36955ad7f70773e38d54936e SHA-512 : 305bca65661836dc24875a6231d81be0f73b9df763d93917fe6b2d6a39cbea5a4b1efbdb325944551851fcb81bc4dac070e8711dc1ddf30f716c2fb0ac7c8b42 Size : 24.714 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\SendDebugLog.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 882bc47a6131785fe13325a5047a4b3e SHA-1 : b43796a71afa01d67e466163e9859d795b3a0f6c SHA-256 : 91b9003683e21a157073c69127aaeec95b7da591efc55fec2917e78e9a34a94d SHA-512 : adcedec921a2f61bd8067d0ed491eda4b38a10d50b81acdcf32df02cd0d6346e84a4d43e3c3512fbfa8cb85da00fb6604650d2d21e5f07ce3a5ccc2f9252cadf Size : 523.848 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\main.ini C:\Program Files (x86)\Auslogics\Anti-Malware\Data\main.ini	Type : ASCII text, with CRLF line terminators MD5 : 3c3b6065a814abd792ec2ce2f61b9cab SHA-1 : ce62f0ae60fc75c965e6a87ab59ea6ba9647b66e SHA-256 : bc17562ae2723c29b74e6a2e90471d76b60af7b3839db3b4adb3d31c9472a8db SHA-512 : 5bc316bd2ddbe3e6309ee66d51796a31c3d904a970b52f78b194f1106df7016f8585ef4f3553bb15508dc7328eeee6bd3447bd60b44432ce34f16ffbf8e7820e Size : 0.745 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\unins000.dat	Type : data MD5 : 4396a6dbf926995ea4511312f579b436 SHA-1 : a3b874a86fe616bb2ac01666a9e0bfa0bedb2763 SHA-256 : b25972264298dbe3f49c6a7a4c417b17b3a6394cca25be6d8aaa56712d2b0038 SHA-512 : dc04aeb40d8c621c4bc1d40cf2abe5b2dbeb883c28d5c691742ff2ff35923968f6b26894328d4e0c32bbd6609b3b4a3f9354860c2d03ffe55d66e6529d3c15de Size : 47.739 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\Engine\HBEDV.key	Type : data MD5 : a68d4746af14eef57ff17bbdb3902c23 SHA-1 : 9ee0d7471c4a31420827f58ed90f39106e6bf872 SHA-256 : 4427157b5fa1ba2954020ac4b7f30054aa3bebab1e8f98eb6dcf37d3458746db SHA-512 : 1228db598c0e39c1a5d42eaec892d22b919ec81131acd5b258e9800676862ee36da90ebd3650749620c2515c87e6edb08bddc10f593d9e68b38d670a2f3d8e81 Size : 0.512 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-TF58U.tmp\ita.lng C:\Program Files (x86)\Auslogics\Anti-Malware\Lang\ita.lng	Type : data MD5 : 7f8fc8ba70d84ad4420d80a4ee69e459 SHA-1 : 08b46f4b750b202362feabf8b183ea33a1362442 SHA-256 : 343601b704e41dd197441f662f84bc56458f770a90f30838f0009c1f8f70b2ea SHA-512 : 897d8bebafc38e24aab4d414ce701762edd6bfb096b4662c1b439b191ca55b0a6b1e67af2376e0bc9e35d64fb7db008041d7253c2a73dc6e80ec292465540d00 Size : 110.934 Kilobytes.
C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalwareHelper.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 6269f779ae7f693a5af822a57da6ea59 SHA-1 : 656146d978f77cc3f6d009c3734013392b0a5ed0 SHA-256 : e736784e1c064b4ff52a9bde9871e761cef91339341c8122f1f17aab78b04d5e SHA-512 : e6d76caf14dd75d6011582f25752d96d8ac282ff8c0fecdc0008bb1087001a5fdb29ea971ed917e619e7de0c4f790272ad54b83b9bdf63d242412d4f8bf202ec Size : 747.08 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	None
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	12af0c0e047b70ff8406407a6c5b49050f413fa7
MD5:	3b1086235aead2a5cf61ec6e8728edb9
First Seen Date:	2018-05-15 12:55:16.233717 ( 2018-05-15 12:55:16.233717 )
Number of Clients Seen:	2
Last Analysis Date:	2018-05-15 12:55:16.233717 ( 2018-05-15 12:55:16.233717 )
Human Expert Analysis Result:	No human expert analysis verdict given to this sample yet.

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	8
trid	[[57.2, u'Win32 Executable Delphi generic'], [18.2, u'Win32 Executable (generic)'], [8.3, u'Win16/32 Executable Delphi generic'], [8.0, u'Generic Win/DOS Executable'], [8.0, u'DOS Executable Generic']]
compilation time stamp	0x55A7B084 [Thu Jul 16 13:24:20 2015 UTC]
LegalCopyright	Copyright \xa9 2008-2018 Aus\x98logics Labs Pty Ltd
FileVersion	1.x
CompanyName	Auslog\x98ics
Comments	This installation was built with Inno Setup.
ProductName	Auslog\x98ics Anti-Mal\x98ware
ProductVersion	1.13.0.0
FileDescription	Auslog\x98ics Anti-Mal\x98ware Installation File
Translation	0x0000 0x04b0
entry point	0x4113bc (.itext)
machine type	Intel 386 or later - 32Bit
file size	8269720
ssdeep	196608:Ihkpcy+byBtjkrcrEYINuzdvo7dSeH5zXYaZ5yzaTO:h8OBxtIIASeH5blyR
sha256	550628db5a084ae116740d7167aa437bce5302b0f8fdd69a33c58317c4b93733
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/2/a/f/12af0c0e047b70ff8406407a6c5b49050f413fa7', u'EXE:ProductName': u'Auslog\x98ics Anti-Mal\x98ware ', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2018:05:15 11:38:33+00:00', u'EXE:InitializedDataSize': 88064, u'File:FileModifyDate': u'2018:05:15 11:38:33+00:00', u'EXE:FileVersionNumber': u'1.13.0.0', u'EXE:FileVersion': u'1.x ', u'File:FileSize': u'7.9 MB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'1.13.0.0 ', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Auslog\x98ics ', u'File:FileName': u'12af0c0e047b70ff8406407a6c5b49050f413fa7', u'EXE:ImageVersion': 6.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2015:07:16 13:24:20+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2008-2018 Aus\x98logics Labs Pty Ltd ', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/2/a/f', u'EXE:FileDescription': u'Auslog\x98ics Anti-Mal\x98ware Installation File ', u'EXE:EntryPoint': u'0x113bc', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 65024, u'EXE:Comments': u'This installation was built with Inno Setup.', u'File:FileInodeChangeDate': u'2018:05:15 11:38:33+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.13.0.0'}]
mime type	application/x-dosexec
imphash	48aa5c8931746a9655524f67b25a47ef

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0xf134	0xf200	6.39164664964	1b89617b988c8bd575544f47f0d04258
.itext	0x11000	0xb44	0xc00	5.74123824537	25478d452b599b551fe11bfb5904d2d0
.data	0x12000	0xc88	0xe00	2.24753305436	0c3e63b09234b01ce16cff38df28bb6f
.bss	0x13000	0x56b8	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.idata	0x19000	0xdd0	0xe00	4.97188203377	93d91a2b90e60bd758fc0c4908856ae1
.tls	0x1a000	0x8	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x1b000	0x18	0x200	0.20448815744	3dffc444ccc131c9dcee18db49ee6403
.rsrc	0x1c000	0x138e0	0x13a00	5.28443886421	4b82b8a35a5c473de7d9dfbc7df01547

PE Imports

oleaut32.dll
- SysFreeString
- SysReAllocStringLen
- SysAllocStringLen
advapi32.dll
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
user32.dll
- GetKeyboardType
- LoadStringW
- MessageBoxA
- CharNextW
kernel32.dll
- GetACP
- Sleep
- VirtualFree
- VirtualAlloc
- GetSystemInfo
- GetTickCount
- QueryPerformanceCounter
- GetVersion
- GetCurrentThreadId
- VirtualQuery
- WideCharToMultiByte
- MultiByteToWideChar
- lstrlenW
- lstrcpynW
- LoadLibraryExW
- GetThreadLocale
- GetStartupInfoA
- GetProcAddress
- GetModuleHandleW
- GetModuleFileNameW
- GetLocaleInfoW
- GetCommandLineW
- FreeLibrary
- FindFirstFileW
- FindClose
- ExitProcess
- WriteFile
- UnhandledExceptionFilter
- RtlUnwind
- RaiseException
- GetStdHandle
- CloseHandle
kernel32.dll
- TlsSetValue
- TlsGetValue
- LocalAlloc
- GetModuleHandleW
user32.dll
- CreateWindowExW
- TranslateMessage
- SetWindowLongW
- PeekMessageW
- MsgWaitForMultipleObjects
- MessageBoxW
- LoadStringW
- GetSystemMetrics
- ExitWindowsEx
- DispatchMessageW
- DestroyWindow
- CharUpperBuffW
- CallWindowProcW
kernel32.dll
- WriteFile
- WideCharToMultiByte
- WaitForSingleObject
- VirtualQuery
- VirtualProtect
- VirtualFree
- VirtualAlloc
- SizeofResource
- SignalObjectAndWait
- SetLastError
- SetFilePointer
- SetEvent
- SetErrorMode
- SetEndOfFile
- ResetEvent
- RemoveDirectoryW
- ReadFile
- MultiByteToWideChar
- LockResource
- LoadResource
- LoadLibraryW
- GetWindowsDirectoryW
- GetVersionExW
- GetUserDefaultLangID
- GetThreadLocale
- GetSystemInfo
- GetStdHandle
- GetProcAddress
- GetModuleHandleW
- GetModuleFileNameW
- GetLocaleInfoW
- GetLastError
- GetFullPathNameW
- GetFileSize
- GetFileAttributesW
- GetExitCodeProcess
- GetEnvironmentVariableW
- GetDiskFreeSpaceW
- GetCurrentProcess
- GetCommandLineW
- GetCPInfo
- InterlockedExchange
- InterlockedCompareExchange
- FreeLibrary
- FormatMessageW
- FindResourceW
- EnumCalendarInfoW
- DeleteFileW
- CreateProcessW
- CreateFileW
- CreateEventW
- CreateDirectoryW
- CloseHandle
advapi32.dll
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
- OpenProcessToken
- LookupPrivilegeValueW
comctl32.dll
- InitCommonControls
kernel32.dll
- Sleep
advapi32.dll
- AdjustTokenPrivileges

PE Resources

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 115980, u'sha256': u'33a31ef9260ae895b7a79c341a0f8f246cc9f9f153519ff02d6e7656831a52c5', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 117108, u'sha256': u'c0ff506db9e74711cce2085055b2d88d28e3208a93c14e783c69122c7613eb32', u'type': u'data', u'size': 1720}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 118828, u'sha256': u'19a1958500ad997bb739fc0f5453f56e5d932cf4cc1a2a46dac8d5c03abe883b', u'type': u'data', u'size': 2440}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 121268, u'sha256': u'268afc977ceb9a3278dc61d103283f6a56feb302847f6600e175b84717b45faa', u'type': u'data', u'size': 2848}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 124116, u'sha256': u'd623118038f7295789dd4be0cf0ae0b102fbddaa5863dfb7aa6ec752e9509147', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 128380, u'sha256': u'fd3b6166d835cf4107f05d13787325c73784617b1f0f9b7fc76644aa2d8ac26c', u'type': u'data', u'size': 4936}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 133316, u'sha256': u'02cea9b0bb85cc5376eafbb282304ee712f2388f0eecbd627f74e950ba936a69', u'type': u'data', u'size': 5512}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 138828, u'sha256': u'527eeb0fcd9420d1faa2130c406e284563e2c1faa9c401d547ac019f4235cb63', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 6760}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 145588, u'sha256': u'fc718cc3bc4ad183363b4eccfb984fe7376697d52743404bdb5155dd1b027c6b', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 155228, u'sha256': u'34ea1c2173226ecc593f8a2b0224c51ebbee1928715bda9339eec7717a822b89', u'type': u'data', u'size': 104}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 155332, u'sha256': u'e1d818d622875ce2cf81883816ef982aa05a724c46f82b3e67875e0bc24228b1', u'type': u'data', u'size': 212}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 155544, u'sha256': u'80bc91470ef70d527d0c4e0824945bc3b17ff84f464bca425661c3e7e1972ce7', u'type': u'data', u'size': 164}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 155708, u'sha256': u'33ef72f38fc1fe2842c44e11bb351f94385bb186fee0fadbefc9364ed52aeb93', u'type': u'data', u'size': 684}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 156392, u'sha256': u'7f63f3f944a0b62f8f3b35a60141081599f7f175605ced7e1b4dcb80fda58c8a', u'type': u'data', u'size': 844}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 157236, u'sha256': u'cb21f2b28bfc6b8046348c7a96bf97149dc5f91e1cc1a4f2904a1044a008425a', u'type': u'data', u'size': 660}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 157896, u'sha256': u'677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0', u'type': u'data', u'size': 33512}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 191408, u'sha256': u'88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610', u'type': u'Sendmail frozen configuration ', u'size': 16}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 191424, u'sha256': u'abd66b63471de2699c97d06e41cfe0702144237079f76a9e0bd965b1a1862231', u'type': u'data', u'size': 336}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 191760, u'sha256': u'3ef928fab6e499178cb29b0708a88d2243b9e3ad49254869b7f241ae60f682b8', u'type': u'data', u'size': 44}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 191804, u'sha256': u'92c60f55cdcac8b941351dad3052fbfadb4726d9a95a27efd3d0d8c5066d44df', u'type': u'MS Windows icon resource - 9 icons, 16x16', u'size': 132}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 191936, u'sha256': u'77f5e91df14c99f6640e729b32d97fa9d4856ac03068515af08260fd858344ee', u'type': u'data', u'size': 1268}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 193204, u'sha256': u'356ca8abf11d97bf9dcbff47c04bf1ddcb8685ef84d38e6850ec6c28a37655b9', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 1580}

File Name: None

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 12af0c0e047b70ff8406407a6c5b49050f413fa7

MD5: 3b1086235aead2a5cf61ec6e8728edb9