| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8W72H2L\ErrorPageTemplate[1] |
Type : UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5 : f4fe1cb77e758e1ba56b8a8ec20417c5 SHA-1 : f4eda06901edb98633a686b11d02f4925f827bf0 SHA-256 : 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f SHA-512 : 62514ab345b6648c5442200a8e9530dfb88a0355e262069e0a694289c39a4a1c06c6143e5961074bfac219949102a416c09733f24e8468984b96843dc222b436 Size : 2.168 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6P3SCP6\tools[1] |
Type : PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5 : 6f20ba58551e13cfd87ec059327effd0 SHA-1 : b326a89ee587636bad7ad52aa944dc314fc6a6e2 SHA-256 : 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b SHA-512 : 7fd273080b9ab234576d61233ec62b0e02506e99deddb76c3dfb02e125de60a26d67553b5d23e2d2d0e82d551fab5ed51092f9f437eaef682950953ac24d0d9c Size : 3.56 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6P3SCP6\noConnect[1] |
Type : PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced MD5 : 3cb8faccd5de434d415ab75c17e8fd86 SHA-1 : 098b04b7237860874db38b22830387937aeb5073 SHA-256 : 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7 SHA-512 : e307d058de7d1168f0f0f5e51657091f956af310dc55e967fffac06ebd73bfed4c33d488b4af3297dd0dfeedd26c9d53728fd75722b333c9c2cde016d52ff58b Size : 8.23 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8W72H2L\background_gradient[1] |
Type : JPEG image data, JFIF standard 1.02 MD5 : 20f0110ed5e4e0d5384a496e4880139b SHA-1 : 51f5fc61d8bf19100df0f8aadaa57fcd9c086255 SHA-256 : 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b SHA-512 : 5f52c117e346111d99d3b642926139178a80b9ec03147c00e27f07aab47fe38e9319fe983444f3e0e36def1e86dd7c56c25e44b14efdc3f13b45ededa064db5a Size : 0.453 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\httpErrorPagesScripts[1] |
Type : UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators MD5 : e7ca76a3c9ee0564471671d500e3f0f3 SHA-1 : fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 SHA-256 : 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c SHA-512 : 40d33112debdd440f169d3a62b06607afa94c45903c3e650093036b3af2d616310ad6e0a4774f92927295cd3967963d127f63df33c4e763f0d40f306aa52449e Size : 8.601 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat |
Type : Internet Explorer cache file version Ver 5.2 MD5 : 3e5ddabe53f537bb917138b79e28e6e7 SHA-1 : 7dac8bae102d9252a0c912a4ff6a42295ec1e8fe SHA-256 : 921a68e66c33e22dba1677e4a0a7a1367c54108e9de914c0850810a6608c1c5f SHA-512 : eecbc6736703384c56642f4fa602e8a8673ed70f6cc7b1ff81506c79bedc7f6b524da12fd32f2a19999d6682ea605361bb02846089d2339dd49020b4469dd3f5 Size : 32.768 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat |
Type : Internet Explorer cache file version Ver 5.2 MD5 : 645ccdde38bb039eb271a4f120e6be5f SHA-1 : 475a264964d84a2c6c335202262fa6c76275a515 SHA-256 : a9b45e98f41bfcc23bc82cf17b3381b9820a2be6db8bab08799a9e6160382f45 SHA-512 : 0f5aa71c7c0b1a574c4a6c306a24006ad175e7c85eee3b20fcd81a5ce8e3188afbfaa75b5ea8f6fca8a6c7519e0e7cb29205b8b8140d2b690f4541a597454039 Size : 49.152 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\dnserror[1] |
Type : HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5 : 68e03ed57ec741a4afbbcd11fab1bdbe SHA-1 : 250c965d7f4eb882d2289706a6c66e2b8976c1a8 SHA-256 : 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630 SHA-512 : 60ea2052fa47781c1c9c09512f2bebeee4704efe44ea38e92fcb7684347740e0402c95ffd3c59a64e747f185939e0ad479ff942cdb99897d87531048bb4b9ff5 Size : 5.947 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\favcenter[1] |
Type : PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5 : 25d76ee5fb5b890f2cc022d94a42fe19 SHA-1 : 62c180ec01ff2c30396fb1601004123f56b10d2f SHA-256 : 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b SHA-512 : 28a82e06f8c59d637630d0426950b0b0a9c3e553d8712e918a304f7fffd961dd06642d17cf3957f2d11574801b61f89c07e049834e7c8d88c90537dcc10c70b0 Size : 3.366 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT |
Type : FoxPro FPT, blocks size 0, next free block index 401590474 MD5 : 33d8b8a5155876eedc9aa1aeba268edd SHA-1 : 7472852920e09fb2416e54fe5edd8e520c8a7ac2 SHA-256 : 66d1be519246ab62923efda795cec235256a58cbb7741080768901f90621a5e1 SHA-512 : 256be6d4006722dda3d2d64e83363641d093937449d3560888f94cd29dfd634efb02d183318d48c73b917f5ccbedd59d7cbe4fe6c2c1469adc9678417462deac Size : 16.384 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat |
Type : Internet Explorer cache file version Ver 5.2 MD5 : 2f71a205bc540e81324f71a5ba162e5c SHA-1 : 6826af4edc75bbf4c8776b90a8660bdc50589b06 SHA-256 : cf7c339d3a079d038e2fbb3cc827bc3747368271741519bd5e96d1389f6660b1 SHA-512 : df7e25f17672fb88f06a496d66896985c9fa6cfe21653ba3a055e9fbcec9dfa92563f8eb0489c922506295269fcaa818feb35c59d08cfc87dbcc337b9164b74e Size : 180.224 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{677D504D-5534-11E7-9C49-080027CB305F}.dat |
Type : Composite Document File V2 Document, No summary info MD5 : b332f37fe3a06826f50b66f20d31c0b4 SHA-1 : 61b06e4a492a210c96c5d04f2b2bf6e4024a3cae SHA-256 : 3ecf0a170bb9ff0762edb18b5dd49d5297ea6fc4bfa1f4b34359f2611999bc3a SHA-512 : 54272c57ac4ad7ac368ca018d4996b4edf89813758a6b7589c4fcee8c25c37e378cd5f5435d71b8fa63e865793482a10264e2266ca964976978c932e3cb16ff0 Size : 5.12 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\errorPageStrings[1] |
Type : UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5 : 1a0563f7fb85a678771450b131ed66fd SHA-1 : a6d24e8a1ffd7e6fc0d1ecd00e67eb72425019a7 SHA-256 : eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c SHA-512 : 4f68d0f0c897ce4c751d5b7b51e7fb9ea31e0c0641376919a2c77ee094ece6b7ef203a29f03a6af1665036a471585f853c906caa2afdb2b822cc4be320f0cae7 Size : 1.817 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{677D504C-5534-11E7-9C49-080027CB305F}.dat |
Type : Composite Document File V2 Document, No summary info MD5 : f389bd6302ad038a4e32538c9e02bcde SHA-1 : ba3a7b65cfb3d843eb45c4a617ffaf7d5a412748 SHA-256 : 27a1d2263c5bc05e3de26e29fac5cf369fba771bf1bba5f56cfa29baa1222e31 SHA-512 : 27b862ab03d92fea82295beddf5adcd05610831deabc6ca2ba59ca8b70254c761c8a89fd2e0b0e9258f6f5d26a94cac9557825c8e043528f8e4b6becde45d5f6 Size : 3.584 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat |
Type : Internet Explorer cache file version Ver 5.2 MD5 : 2ed7b584633888df7f0114fa4ac6dc69 SHA-1 : fa8067b3241b8d9258d9fc88f5bd80fca5433b10 SHA-256 : 69a0d29dc846c82d785231dbf94e4c4b731ad588afaa529e9d8d77aca176c23d SHA-512 : 678165bd37def22a10615aded1384e97413fce1fb7fcf8db180349b0fea0b16037e654bea539e30ec1d0107de043a728ad81bf2aa7dab18306e8b3ac3e04766a Size : 32.768 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat |
Type : Internet Explorer cache file version Ver 5.2 MD5 : 6aea4ff23a31bb4904ad6b942cd7f6a1 SHA-1 : 202fc0c09d2290aa448295fb0c8454facd626b1c SHA-256 : 1508f58c461fae8c8bb3c20df8d44466ff6201903901c57caf275b8c1b8cf572 SHA-512 : e6909b511168b05282a8ce9c10ef72e45e2efd7268f68a83dbefd8128200397821466a43c2e46e1f9e64e4c66c1f4802dfbb67b291c5d841ed78c15e2ca69c67 Size : 49.152 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\down[1] |
Type : PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced MD5 : 555e83ce7f5d280d7454af334571fb25 SHA-1 : 47f78f68d72e3d9041acc9107a6b0d665f408385 SHA-256 : 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 SHA-512 : 021f2f0da228a23826cfddf2898e2b63787b3be2d94a49e58fc6973628b3995dc690ff7a80a09974b7769b45c7e5df953edb5632562c907273d7071af5ad253c Size : 3.414 Kilobytes. |
| Match Rules |
|---|
| File Name: | winnyguard.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 4b552b5f4e29b076d087c53cc80c2f2bc0cdc6df |
| MD5: | 86c7c93516b0a074c8a59f2ebb2642c0 |
| First Seen Date: | 2017-06-19 18:28:39.323333 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2017-06-19 18:28:39.323333 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| file type enum | 6 |
| number of sections | 4 |
| compilation time stamp | 0x52BA5F25 [Wed Dec 25 04:29:25 2013 UTC] |
| entry point | 0x40648f (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 132800 |
| sha256 | c0e0673882dacc86057e31f463251325658bbd43b8ae5b722d10981fdda5fc2a |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x136b4 | 0x13800 | 6.59380197643 | d5e22c601af921d280c4bc2428446af1 |
| .rdata | 0x15000 | 0x64e2 | 0x6600 | 4.66138637607 | c3fafad72ac3e443edd9d3f8e874dc1d |
| .data | 0x1c000 | 0x3130 | 0x1200 | 3.42469351153 | 1847f2a732ae8381f16c85bb5fdc068d |
| .reloc | 0x20000 | 0x3d3c | 0x3e00 | 3.26935121849 | 6f2e554ed7c95b687fccf79c19a056b1 |
-
KERNEL32.dll
- GetProcessHeap
- WriteFile
- WideCharToMultiByte
- InitializeCriticalSectionAndSpinCount
- SizeofResource
- FreeConsole
- FileTimeToSystemTime
- MultiByteToWideChar
- lstrlenW
- GetStdHandle
- GetLastError
- SetLastError
- FindClose
- LockResource
- FindNextFileW
- GetWindowsDirectoryW
- FileTimeToLocalFileTime
- LocalFree
- RaiseException
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- HeapDestroy
- OutputDebugStringW
- HeapSize
- CreateFileW
- FlushFileBuffers
- GetComputerNameW
- HeapFree
- CompareFileTime
- SystemTimeToFileTime
- HeapAlloc
- LoadResource
- FindResourceW
- FindResourceExW
- AllocConsole
- FindFirstFileW
- GetEnvironmentVariableW
- LCMapStringW
- GetStringTypeW
- WriteConsoleW
- SetStdHandle
- LoadLibraryW
- RtlUnwind
- LoadLibraryExW
- CloseHandle
- GetCPInfo
- HeapReAlloc
- GetCommandLineW
- EncodePointer
- DecodePointer
- GetCommandLineA
- IsDebuggerPresent
- IsProcessorFeaturePresent
- InterlockedDecrement
- ExitProcess
- GetModuleHandleExW
- GetProcAddress
- Sleep
- InterlockedIncrement
- GetCurrentThreadId
- GetModuleFileNameW
- GetFileType
- GetStartupInfoW
- GetModuleFileNameA
- QueryPerformanceCounter
- GetCurrentProcessId
- GetSystemTimeAsFileTime
- GetEnvironmentStringsW
- FreeEnvironmentStringsW
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetCurrentProcess
- TerminateProcess
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- GetModuleHandleW
- GetConsoleCP
- GetConsoleMode
- SetFilePointerEx
- IsValidCodePage
- GetACP
- GetOEMCP
-
USER32.dll
- CharNextW
-
ADVAPI32.dll
- RegOpenKeyExW
- RegCloseKey
- ConvertSidToStringSidW
- RegEnumKeyExW
- CheckTokenMembership
- GetUserNameW
- FreeSid
- RegEnumValueW
- AllocateAndInitializeSid
- LookupAccountNameW
-
SHELL32.dll
- ShellExecuteW
- CommandLineToArgvW
-
SHLWAPI.dll
- StrToIntW
- StrStrW
- StrStrIW
- StrCmpIW
- PathMatchSpecW
-
WS2_32.dll
- WSACleanup
- getsockname
- socket
- WSAGetLastError
- WSAStartup
- connect
- gethostname
- htons
- closesocket
- inet_addr
-
IPHLPAPI.DLL
- GetAdaptersInfo