| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | TNODUP.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 955c4db52626f8ccd4d0b012057e30746da16696 |
| MD5: | 9b78fd1ad0fce5a9d5621488c9eaf2af |
| First Seen Date: | 2015-11-06 21:04:47.062000 ( ) |
| Number of Clients Seen: | 10 |
| Last Analysis Date: | 2016-04-08 22:05:32.267975 ( ) |
| Human Expert Analysis Date: | 2016-04-09 07:18:36.185953 ( ) |
| Human Expert Analysis Result: | PUA |
| Property | Value |
|---|---|
| number of sections | 7 |
| compilation time stamp | 0x56310AF6 [Wed Oct 28 17:50:46 2015 UTC] |
| LegalCopyright | Copyleft 2007-2015 |
| FileVersion | 1, 6, 0, 0 |
| CompanyName | Tukero[X]Team |
| SpecialBuild | Beta Version. Use with caution. |
| ProductName | TNod User & Password Finder |
| ProductVersion | 1, 6, 0, 0 |
| FileDescription | TNod User & Password Finder |
| Translation | 0x300a 0x04e4 |
| entry point | 0x401000 () |
| machine type | Intel 386 or later - 32Bit |
| file size | 2023424 |
| sha256 | 010895d7c469655ca08123e21e4d099de5eaf155551ea01c438b2c542c3e5245 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| 0x1000 | 0x3f0000 | 0x12b800 | 7.999841[SUSPICIOUS] | - | |
| 0x3f1000 | 0x12b000 | 0x5b000 | 7.999444[SUSPICIOUS] | - | |
| 0x51c000 | 0x45000 | 0x5400 | 7.990246[SUSPICIOUS] | - | |
| 0x561000 | 0x1000 | 0x200 | 0.020393[SUSPICIOUS] | - | |
| .rsrc | 0x562000 | 0x26000 | 0x8a00 | 6.877608 | - |
| .data | 0x588000 | 0x5a000 | 0x59400 | 7.812417[SUSPICIOUS] | - |
| .adata | 0x5e2000 | 0x1000 | 0x0 | 0.000000[SUSPICIOUS] | - |
-
kernel32.dll
- GetProcAddress
- GetModuleHandleA
- LoadLibraryA
-
wininet.dll
- InternetGetConnectedState
-
comctl32.dll
- None
-
rpcrt4.dll
- RpcStringFreeW
-
wsock32.dll
- None
-
ws2_32.dll
- None
-
wldap32.dll
- None
-
user32.dll
- GetClassInfoW
-
gdi32.dll
- Arc
-
winspool.drv
- OpenPrinterW
-
comdlg32.dll
- PrintDlgW
-
advapi32.dll
- SystemFunction036
-
shell32.dll
- SHGetPathFromIDListW
-
ole32.dll
- OleFlushClipboard
-
oleaut32.dll
- None
-
oleaut32.dll
- VariantChangeTypeEx
-
kernel32.dll
- RaiseException
RT_CURSOR
RT_BITMAP
RT_ICON
RT_MENU
RT_STRING
RT_GROUP_CURSOR
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST