| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\Tar50A2.tmp |
Type : data MD5 : ef3913c6ab2445516e54d3fb4584e66d SHA-1 : 4d4562bbcca6889b0ab854e144f82ba514323546 SHA-256 : cc36d25f632741e4fb40cb3b5216ad3b1f4770788e1368030594270d5941c6d2 SHA-512 : 7de7eb527ccf6fdffd652d6187adc95afa2868d44e5d2be2a612d1715bc5743d477f846c706ebcb2decfce17059e40af495bc69d1819054a80f79d2a6a639a62 Size : 129.579 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\Cab50A1.tmp C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : Microsoft Cabinet archive data, 53748 bytes, 1 file MD5 : e6be5d4fe0366f48e21b7293824b5b94 SHA-1 : 36ec9da5ab19880fe614bdc35a67430708cc57cd SHA-256 : 4150ae6b41c104f149f95245d84bc6f8678fe8f989848f647431e169721a87c3 SHA-512 : 359443d9200b6009aa1aeb9cb88fbaa6c802b40fa0669e15b92a11a0f9c81cee0890161bec83f1da1ec2c3c3015ccd549eadfc8c8956a922d85f964162bee71a Size : 53.748 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : data MD5 : 3fa8fd98e8f6cbf39cde0439bf4f7b2c SHA-1 : ab6cbe734f9df2fba6447f03423424ffad0f3b16 SHA-256 : 0ede3d2e3d11b39a37ae562d4eee1aecfc5c403ff82222a68c00b72ca5f35b07 SHA-512 : 899e1049a9d4ecf98e8bea6f58c8e8faae9145a72827688451134461b44aaa6ba9d08a04813106e981c7bad779e1515319686e5c676bad10e152eec13a55eb91 Size : 0.33 Kilobytes. |
| Match Rules |
|---|
| File Name: | igrmwns.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 2ee131baf9fd1e163bde6124d6137c050fcc98b4 |
| MD5: | 5cdf1c6855a682405062959b4f4af891 |
| First Seen Date: | 2018-05-18 15:51:04.078773 ( ) |
| Number of Clients Seen: | 7 |
| Last Analysis Date: | 2018-05-18 15:51:04.078773 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [{u'Path': u'Lqcp5p34o52v32v534823mb2345234.pdb', u'GUID': u'{6a9e3c1a-e8ba-4391-a958-38c3ad81d18f}', u'timestamp': u'2018-05-18 16:28:30'}] |
| number of sections | 6 |
| trid | [[43.5, u'Win32 Dynamic Link Library (generic)'], [29.8, u'Win32 Executable (generic)'], [13.2, u'Generic Win/DOS Executable'], [13.2, u'DOS Executable Generic']] |
| compilation time stamp | 0x5582C5E4 [Thu Jun 18 13:21:40 2015 UTC] |
| Translation | 0x0409 0x04b0 |
| entry point | 0x401930 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 153952 |
| ssdeep | 3072:w3bgfEhr1tBY1Fhx+Osbk1+XWd/2wnFfrpo7iLmZwIUmy:wbf5sPh00SWRnFDeyQrs |
| sha256 | 9c710b420d66e79faa56e54b268baaa443ca17fba645dd4e57a81ad137ba227f |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/e/e/1/2ee131baf9fd1e163bde6124d6137c050fcc98b4', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2018:05:18 15:50:19+00:00', u'EXE:InitializedDataSize': 135168, u'File:FileModifyDate': u'2018:05:18 15:50:19+00:00', u'EXE:FileVersionNumber': u'6.1.7600.16385', u'File:FileSize': u'150 kB', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ObjectFileType': u'Dynamic link library', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'2ee131baf9fd1e163bde6124d6137c050fcc98b4', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2015:06:18 13:21:40+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LinkerVersion': 24.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/e/e/1', u'EXE:EntryPoint': u'0x1930', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 16384, u'File:FileInodeChangeDate': u'2018:05:18 15:50:19+00:00', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'6.1.7600.16385'}] |
| mime type | application/x-dosexec |
| imphash | 086ab08e2c86bb86fe2a7558519aa3cb |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x305c | 0x4000 | 5.26702667311 | bf8bb80592ead51f993c345eb2111603 |
| .rdata | 0x5000 | 0xbd18 | 0xc000 | 7.68360921167 | 6e7c6c88de8cece45ad74eaef20b916f |
| .data | 0x11000 | 0x3594 | 0x2000 | 3.83240677943 | 1eabb671188283a21c184d5ebe0bbf57 |
| .code | 0x15000 | 0xaa3e | 0xb000 | 7.65237799164 | 8d2ca4ebf08a6a5c8ab2036f59b278c3 |
| .crt | 0x20000 | 0x3572 | 0x4000 | 6.95833617392 | acda9f9dccdedc44f9b650f6f82036d9 |
| .rsrc | 0x24000 | 0x1930 | 0x2000 | 4.26324944076 | c87397c4e46b66b0133cea036898ffc9 |
-
NETAPI32.dll
- NetGetAnyDCName
-
CRYPT32.dll
- CryptMsgDuplicate
-
SETUPAPI.dll
- SetupGetStringFieldA
-
GDI32.dll
- GetRgnBox
- IntersectClipRect
- GetEnhMetaFileDescriptionA
-
USER32.dll
- UnionRect
- DdeGetLastError
- GetAncestor
- GetInputState
-
KERNEL32.dll
- MoveFileW
- GetSystemInfo
- CancelIoEx
- GetProcessVersion
- WritePrivateProfileStructA
- SetCommTimeouts
-
msvcrt.dll
- fputs
-
WININET.dll
- HttpEndRequestW
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 150560, u'sha256': u'd77cc718990aaff88d58f8a0d7c517f7b4cf90ae4a6b292351224c71eb65ae75', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 147808, u'sha256': u'cb58180d2d4b0b405daaa4e957d56946a041601ae9084a5c00b69cb9b2d53f76', u'type': u'data', u'size': 2094}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 149904, u'sha256': u'b7d508d99d999ad4edb64404ec9a86fd206911cb462c66285264b7edcaebca4f', u'type': u'data', u'size': 586}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 150496, u'sha256': u'bb1523613848d859f9af07f321acb4513471bec8fc1b1161710679368398f630', u'type': u'MS Windows icon resource - 4 icons, 48x48', u'size': 62}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 153000, u'sha256': u'e9dcd0ea179b0aa0eff363de51adf0d8d065ebf9e8c43b336a17b3b52526b11f', u'type': u'data', u'size': 904}