| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB |
Type : data MD5 : de9f86893f9a96f98324f92d07aaa253 SHA-1 : 5cc536d840f92e88f0f4164128ce904dedd9b574 SHA-256 : 411398046cc03a0297be3b85b34191c606fd505051d1001f2b9e3984c112b336 SHA-512 : 5893d4e6c5256c3e26c1bf476dc060f6302fd0e801d5c4d4ef8152edd3deb339272919ebcd6022cdb51648e47a0970f0294e191f47d47e970939badbc52d7c11 Size : 0.471 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2 |
Type : data MD5 : 6827e69853dc4717fa68ca86a1d32bfc SHA-1 : efb4c8e2009a3cf6b1b5b60b4d72efd9956001cd SHA-256 : eb868f303b5a41f72a8e41d1f3633588eeb3c5665ffe57ea29b08eff933f5983 SHA-512 : 0472ccd42d87aae2bd81ae4aadbc9b881cd991a57c02db77058a050cd6edd0b8f98af072d25e2a12f55293b6126beab28a675c531eb796b8ee085fc656bd0d81 Size : 0.402 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 |
Type : data MD5 : 31d8bc208f2b4aff8cb93732e4b5527e SHA-1 : ad4baad85a70d74ad52ac88675c29efb894b2544 SHA-256 : 3e7761dd031f74b2c8df3e0216f0e3d34c29180d650571f0a4baf0f79bd95c1a SHA-512 : fff54972d3eb2b8c1c33048bccf6eeeb026d2ad3620273fc1228d4d990d61c5d4f23a44e43fb7ca9d3218778022202be3e759c7ce3a29708c6ad22aa09665b11 Size : 1.398 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : data MD5 : 1a61902da6cf7be171e93dfa717f12e5 SHA-1 : 10cf7644d6be0743352ed6c0c68509d46ae29736 SHA-256 : ff726edba28ee2ad8c079810d8b81bd3177f7517c5a52ab4c60ec3150542e647 SHA-512 : f538019c19be2555872558545e53fe9f722778e5df01210417eca6d15f11452af45729ebcff5122553698a254db24c8199d0bac1f7040354b0be53c4e5c3cc80 Size : 0.34 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB |
Type : data MD5 : 8184c214c7c4a68b4555b71fa7dc016f SHA-1 : 56002dbdfc15632de7c1a28a6753c3ee1020ee4a SHA-256 : 37a5b4df1564617ba6f30a2346c07cbb4ae5aca9a2085d8f6246b297468a3dd6 SHA-512 : 672c365fce3ac37d296486c687269237a8b513dc065080616f607c849429c873e2a4d960b5759cb9334440aef712c8ba2279e489dfb98f1fc2ad702c44b8f113 Size : 0.426 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1 |
Type : data MD5 : 6aa4b49218443aa9fab5d41675dcd4fb SHA-1 : 8da28392aab3168ceda1bc222d45bac20f9b1778 SHA-256 : 6c1e79427437845c3d8373c54f2f27c00ae64303ccb8b092fbfe59f1b3b6c0cf SHA-512 : 6996df24b6c937a2b9804eaeedfb494834fe7106e1e55ae787af646a0419f49511608b6ae18a7150d58a1e69fd1ceb151c7459051b0d21391d564d0e709809c5 Size : 0.438 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1 |
Type : data MD5 : 2b79f1d707ea66577355c3b9dc2ad166 SHA-1 : 78f54f3660c1a7b3448cecedd732f9fcfab27ae5 SHA-256 : 1eafaa7e3500f7293807921acd04cbfcf3221365dbad06d00653a757452f9c05 SHA-512 : 0f70ab92a40a4b072acfac8dedf9a462147b33bef977673b6ae5377747671d39376eccd318bf7454c0fb5211f166b082ecd14114ccbba35fb70e5c7970b00220 Size : 1.507 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA0FB4C19C05ADBCFF4DD29A3593F63 |
Type : data MD5 : 6b66ad87805a1cbab3758a6b3d1c8ad8 SHA-1 : 4b575927dbb56731296c50fb96f58f31c419e341 SHA-256 : 6ff894443c1a657e31092d0baf750d6418b8143f55559ea9609c7848109114e5 SHA-512 : 5d1fd88239f10af8bd7f972fbcee232d6f4e141019284020b402faba985d038ecafa4923a199b6de02f10be08781d095c497386c482d27636273b38d856c2d86 Size : 0.574 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : e2767defe0ee449eb8d54fa5ea60843e SHA-1 : e63d1fb5f035e5b2343a7871b19076ab1e49ec83 SHA-256 : 5b4c351b84adbf75da66d695cff01e36c2ffe43f35272088af5ac525c70f5c2a SHA-512 : 998b5ebcea1cb51e23d14feee23baa2b4910ee72afd7ebdf7efb4c114d237b2cd46296d09319ad5a66760447de9c149d622d9c2f5509e276b4ab3e0f23216b3e Size : 0.398 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 |
Type : data MD5 : 12711b62c5ee9d25a28f9ec7904d0165 SHA-1 : 6774701bae2f983eff199f8298a4a0986efcf35b SHA-256 : 7722bf346941a98adbefdb85c056f9b24cf9497e5af8a6cc0d91f17e07bdbc12 SHA-512 : a9e8e543d7c593f8d1f5e8916969d6a1095e226f817c66484678973c3856c4e164e3e4e20dbeffae9d794658dfd31bdea2ee6dd810ecb5d30846843bf5f8571f Size : 0.514 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : d867c5f96a2afdf759ade8eaeba0a8bf SHA-1 : 825ab25d5f9eb79060ad9ef332c40e6123245527 SHA-256 : 4ee6ea3c9c5a2b0a95b89fff33c78ffb676bbcd8366cfb166abc16d4b58fb9d1 SHA-512 : 0899b4369c4714d1c0c6b6c35f8f9655f304ec34c249ab9d545fc0ad8e80bbe5289331631bbcffec4c601330f220a47a74ce8b8e99da7dff1078a387f492ebda Size : 0.471 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA0FB4C19C05ADBCFF4DD29A3593F63 |
Type : data MD5 : 84ec2b9e6e502c282dd0a2592181b840 SHA-1 : 97022e201ec9a608472b039140aebeb763263354 SHA-256 : 38f44f2f5b35b800cc6150ce7c51ee3e6855f2c7bea396539f81e89357b82e3d SHA-512 : 09a441159e885a2cfa55e08382cd3b6062c76b18835777f24855178233a82ab9e9cbd6d24dc2ae927c636e6edb1fb8612fcdd41548f88ff0f0027c72ffdf1180 Size : 0.527 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2 |
Type : data MD5 : e2b507835c597a6748f656d09c2ae63d SHA-1 : 786a66e243a6b4cb295fad878eaa175d24ac247b SHA-256 : ee38d3a7109636453f81051a8a93bf33c53a120f46088ffb93b4c01c102fb7d9 SHA-512 : b70c4ed51220415a12dfab4aa0ead8ab65e223b6f75033f630249ebe300535e7ab06776a85232c19e6e14a35b562ea95ba5a07d6916a3e736a2584d1a142e92d Size : 0.727 Kilobytes. |
|
C:\Users\user\AppData\Roaming\9a5b7f1e\252729a89a.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 5384f752e3a2b59fad9d0f143ce0215a SHA-1 : 949f1903642e72575e107ee492faba670c8e0006 SHA-256 : bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2 SHA-512 : d4e5920255c2707cac12b83bac4ea7ad62a53dfd0efe578d1c196548e7bf2e1cad97607e70ce897d94069b1542f9308c8dbd03c8810fc66be7dc190426044d7c Size : 319.488 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : Microsoft Cabinet archive data, 6894 bytes, 1 file MD5 : 753f00918698d97baf33f688a4a53475 SHA-1 : c42fb681d064e17cc0c833b5502441f0c04db403 SHA-256 : 3434b667bbc763a679140ffa7309986ad5d694e2f667a0693a6a0660cd8a662b SHA-512 : 7c1ef5a78c5ed3f9302f61e7736b7a7730d5b2fd4d3a07dda8de8731042713f6a8b8fa67d2d3f2891382728f589d2237857ab87cd736e367870c162f381d79c5 Size : 6.894 Kilobytes. |
| Match Rules |
|---|
| File Name: | bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.bin |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 949f1903642e72575e107ee492faba670c8e0006 |
| MD5: | 5384f752e3a2b59fad9d0f143ce0215a |
| First Seen Date: | 2015-11-06 21:18:52.938000 ( ) |
| Number of Clients Seen: | 14 |
| Last Analysis Date: | 2016-04-08 19:15:06.412427 ( ) |
| Human Expert Analysis Date: | 2019-08-25 10:05:03.087731 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| number of sections | 4 |
| file size | 319488 |
| LegalCopyright | (C) Panasonic and TRENDY Co. |
| InternalName | SDFormatter |
| FileVersion | 4, 0, 0, 0 |
| CompanyName | TRENDY Corporation |
| PrivateBuild | TRENDY Corporation |
| Comments | SD Formatter Version 3.1.0.0 |
| ProductName | SD Formatter V4.0.0.0 |
| SpecialBuild | TRENDY Corporation |
| ProductVersion | 4, 0, 0, 0 |
| FileDescription | Format Tool for SD Card [Normal Area Only] |
| OriginalFilename | SDFormatter.exe |
| Translation | 0x0000 0x04b0 |
| entry point | 0x42e44b (.text) |
| mime type | application/x-dosexec |
| machine type | Intel 386 or later - 32Bit |
| compilation time stamp | 0x55A94114 [Fri Jul 17 17:53:24 2015 UTC] |
| sha256 | bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x3bf14 | 0x3c000 | 6.435844 | - |
| .rdata | 0x3d000 | 0x2458 | 0x3000 | 4.185112 | - |
| .data | 0x40000 | 0x6490 | 0x4000 | 1.722991 | - |
| .rsrc | 0x47000 | 0xa000 | 0xa000 | 5.135115 | - |
-
KERNEL32.dll
- WriteConsoleA
- CopyFileA
- PeekNamedPipe
- TlsSetValue
- SetFilePointerEx
- QueryPerformanceFrequency
- EnumCalendarInfoA
- CreateFileW
- InterlockedPushEntrySList
- UnhandledExceptionFilter
- FreeConsole
- FreeLibrary
- IsDebuggerPresent
- CreateDirectoryA
- EnumResourceLanguagesW
- HeapValidate
- DuplicateHandle
- OutputDebugStringW
- AreFileApisANSI
- GetEnvironmentVariableW
- GetProcessVersion
- EnterCriticalSection
- ConvertDefaultLocale
- GetModuleHandleExW
- ReadProcessMemory
- MoveFileExA
- GetBinaryTypeA
- OpenMutexA
- IsValidLocale
- GetDriveTypeA
- SetConsoleCursorPosition
- SetEnvironmentVariableW
- TlsGetValue
- TransactNamedPipe
- GetFullPathNameW
- FindClose
- GetSystemDirectoryW
- GetSystemDefaultUILanguage
- CreateActCtxW
- TlsAlloc
- GetLargestConsoleWindowSize
- AllocConsole
- SetLastError
- GetShortPathNameA
- HeapSize
- GetFileSize
- GetCurrentProcess
- DeleteFileW
- GetCPInfo
- SetDllDirectoryW
- MoveFileW
- GetTimeFormatW
- InterlockedExchangeAdd
- SetConsoleCtrlHandler
- GetPrivateProfileIntA
- EnumResourceTypesW
- GetThreadLocale
- CloseHandle
- SearchPathA
- lstrlenW
- IsProcessorFeaturePresent
- GlobalFlags
- GetUserDefaultUILanguage
- CreateSemaphoreW
- GlobalAddAtomW
- GetTempFileNameA
- GetSystemTime
- FlushInstructionCache
- SetHandleCount
- WideCharToMultiByte
- GetOverlappedResult
- LeaveCriticalSection
- HeapQueryInformation
- SetFileAttributesA
- IsDBCSLeadByteEx
- IsBadWritePtr
- ReadFile
- SetSystemPowerState
- VirtualQueryEx
- lstrlenA
- GetTempPathW
- DeleteVolumeMountPointA
- GetPrivateProfileStringA
- OpenEventA
- SetFileTime
- GetFileType
- SuspendThread
- InterlockedPopEntrySList
- OpenMutexW
- HeapCreate
- VirtualProtect
- GlobalMemoryStatus
- GetThreadContext
- ReleaseActCtx
- GetSystemInfo
- WaitForMultipleObjects
- UnmapViewOfFile
- GetVolumeInformationW
- SetStdHandle
- GetTempPathA
- GetVersion
- GetVersionExW
- GetLocaleInfoA
- GetSystemDirectoryA
- WaitForSingleObject
- SetFileAttributesW
- GetStdHandle
- CompareFileTime
- IsBadStringPtrA
- FindResourceExW
- InterlockedCompareExchange
- GetConsoleOutputCP
- GetTimeFormatA
-
USER32.dll
- GetPropA
- LoadCursorA
- LoadMenuW
- GetAncestor
- PtInRect
- SendDlgItemMessageA
- WaitForInputIdle
- SetSystemMenu
- GetDC
- GetMenuStringA
- DefDlgProcA
- DisplayExitWindowsWarnings
- CreateDialogParamW
- TranslateAccelerator
- SetInternalWindowPos
- GetSysColor
- SetUserObjectSecurity
- GetAltTabInfo
RT_CURSOR
RT_ICON
RT_DIALOG
RT_STRING
RT_GROUP_CURSOR
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST