| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | malware_16.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 90bd16fa5ceffcf3e26ebb8891494b5245005df1 |
| MD5: | cd1cdc56b8db2b18da1d5c3f5ed2a014 |
| First Seen Date: | 2018-06-03 18:29:12.423550 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2018-06-03 18:29:12.423550 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[90.6, u'Win32 Executable Microsoft Visual Basic 6'], [4.9, u'Win32 Executable (generic)'], [2.2, u'Generic Win/DOS Executable'], [2.2, u'DOS Executable Generic']] |
| compilation time stamp | 0x5B10B3EF [Fri Jun 1 02:48:15 2018 UTC] |
| Translation | 0x0409 0x04b0 |
| LegalCopyright | BLUESTAca sySTEME faQ. |
| InternalName | Jehudijah8 |
| FileVersion | 8.07 |
| CompanyName | DVDVIDaosofa gAQ. |
| LegalTrademarks | drapBOI, vnU. |
| Comments | vortac teoX |
| ProductName | SPeeo GIADe wnB. |
| ProductVersion | 8.07 |
| FileDescription | Capoej SAIb |
| OriginalFilename | Jehudijah8.exe |
| entry point | 0x4018e4 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1011712 |
| ssdeep | 12288:LbU++TA7IONRnowuUfoudO5dFriBF+R22D/jx/h9WX1LunyywmMbmRL1LPzh:/UW1phObAmXh |
| sha256 | e8f0136abc46b668d44586a6b5a394b470af6af8e9d91bddca4b70e3e66768d1 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/0/b/d/90bd16fa5ceffcf3e26ebb8891494b5245005df1', u'EXE:OriginalFileName': u'Jehudijah8.exe', u'EXE:ProductName': u'SPeeo GIADe wnB.', u'EXE:InternalName': u'Jehudijah8', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2018:06:03 18:28:39+00:00', u'EXE:InitializedDataSize': 380928, u'File:FileModifyDate': u'2018:06:03 18:28:36+00:00', u'EXE:FileVersionNumber': u'8.7.0.0', u'EXE:FileVersion': 8.07, u'File:FileSize': u'988 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:LegalTrademarks': u'drapBOI, vnU.', u'EXE:ProductVersion': 8.07, u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'DVDVIDaosofa gAQ.', u'File:FileName': u'90bd16fa5ceffcf3e26ebb8891494b5245005df1', u'EXE:ImageVersion': 8.7, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2018:06:01 02:48:15+00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LegalCopyright': u'BLUESTAca sySTEME faQ.', u'EXE:LinkerVersion': 6.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/0/b/d', u'EXE:FileDescription': u'Capoej SAIb', u'EXE:EntryPoint': u'0x18e4', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 630784, u'EXE:Comments': u'vortac teoX', u'File:FileInodeChangeDate': u'2018:06:03 18:28:36+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'8.7.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 3627e0ea77bc7708bcc41aaab29abf01 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x994c8 | 0x9a000 | 6.44586129094 | 1b219f7cbf9b9dd3ef64023f51013b5a |
| .data | 0x9b000 | 0x1288 | 0x1000 | 0.0 | 620f0b67a91f7f74151bc5be745b7110 |
| .rsrc | 0x9d000 | 0x5aaac | 0x5b000 | 0.586794491826 | 815855f4a59c93894ebb138131b8b199 |
-
MSVBVM60.DLL
- _CIcos
- _adj_fptan
- __vbaVarMove
- __vbaStrI4
- __vbaCyMul
- __vbaFreeVar
- __vbaStrVarMove
- __vbaFreeVarList
- _adj_fdiv_m64
- __vbaFreeObjList
- __vbaR8Sgn
- _adj_fprem1
- __vbaSetSystemError
- __vbaHresultCheckObj
- _adj_fdiv_m32
- __vbaAryDestruct
- __vbaOnError
- __vbaObjSet
- _adj_fdiv_m16i
- __vbaObjSetAddref
- _adj_fdivr_m16i
- None
- _CIsin
- None
- __vbaChkstk
- EVENT_SINK_AddRef
- __vbaStrCmp
- __vbaAryConstruct2
- __vbaVarTstEq
- __vbaObjVar
- DllFunctionCall
- None
- _adj_fpatan
- None
- EVENT_SINK_Release
- __vbaUI1I2
- _CIsqrt
- EVENT_SINK_QueryInterface
- __vbaExceptHandler
- _adj_fprem
- _adj_fdivr_m64
- None
- None
- __vbaFPException
- _CIlog
- __vbaErrorOverflow
- __vbaNew2
- _adj_fdiv_m32i
- _adj_fdivr_m32i
- _adj_fdivr_m32
- __vbaR8Var
- _adj_fdiv_r
- None
- None
- __vbaVarAdd
- __vbaVarCopy
- __vbaFpI4
- __vbaVarSetObjAddref
- _CIatan
- __vbaStrMove
- None
- _allmul
- _CItan
- _CIexp
- __vbaFreeStr
- __vbaFreeObj
- None
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 643544, u'sha256': u'54a8c475fdc1b2ce9f4069f2bd54e06da76b8b418cda8952438610bf45bb3a22', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 270376}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 913920, u'sha256': u'09966b0cc72fc01c1365967775a9258838a95bdb9827183daf25f5aea9da1d65', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 915048, u'sha256': u'8dad2db7138957f1b138083d4dddc6fa7adedc976e83e04db129b973bb2a1ac7', u'type': u'dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0', u'size': 9640}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 924688, u'sha256': u'b24f53bbb78cc1adf6d7ed1675114d4ac3d2a9586625c095fac15e3f856dd2c5', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0', u'size': 4264}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 928952, u'sha256': u'4ca4c359f6ddc0b664078cb54a0bb447eed154c863a4a05d248199052596e956', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 67624}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 996576, u'sha256': u'fa0a9593b24308e0db96f872a5ef0f6ab4ce8d447be13a65e4a1b0e6acf02c9f', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0', u'size': 16936}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 1013512, u'sha256': u'b3d066b10578e4a63a9e16dd19918531242399758b182986710b62975fe24574', u'type': u'MS Windows icon resource - 6 icons, 256x256', u'size': 90}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 1013604, u'sha256': u'356f8e7d99b16e024040865091e9d48c9c77d4bc5ffa6ae70230ba505b2e18f9', u'type': u'data', u'size': 840}