| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT |
Type : data MD5 : 696bad2ef23da7f0ccaaa7f76ab9fdf0 SHA-1 : 0efe907b47e8331cf56a95c0c06d324257ece202 SHA-256 : bd27979561fac15e4043fc980ad62f24f00738cba1f22b8e45cf1d50d88d1828 SHA-512 : fb1a4afdbf5f9e3d7e55eb806f660057927d6c35740c69ed2790fd7149b86b8637a39cf0315fcb182622a87d06362876c5621441911bff3d11c24d7fa19bbe7c Size : 84.528 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\TarDA63.tmp |
Type : data MD5 : d99661d0893a52a0700b8ae68457351a SHA-1 : 01491fd23c4813a602d48988531ea4abbcdf7ed9 SHA-256 : bdd5111162a6fa25682e18fa74e37e676d49cafcb5b7207e98e5256d1ef0d003 SHA-512 : 6f2291ca958cbf5423cbbe570fd871c4d379a435be692908caaacf4c2a68bd81008254802d4f4b212165e93b126ed871a62eaf3067909eb855b29573fc325b8e Size : 161.595 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\CabDA52.tmp C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : Microsoft Cabinet archive data, 61414 bytes, 1 file MD5 : acaeda60c79c6bcac925eeb3653f45e0 SHA-1 : 2aaae490bcdaccc6172240ff1697753b37ac5578 SHA-256 : 6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658 SHA-512 : feaa6e7ed7dda1583739b3e531ab5c562a222ee6ecd042690ae7dcff966717c6e968469a7797265a11f6e899479ae0f3031e8cf5bebe1492d5205e9c59690900 Size : 61.414 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : data MD5 : c5f74d76e3b036ccd7fafc4d3aaa5b5a SHA-1 : c1f084ffeea20d92e955ca6f2358bbd46f766c8c SHA-256 : 6b63b215aedfb5146d864c3b5efb075afb79123854053708b9c495766f03a49c SHA-512 : 0c2f802d3fa6238319bdc2f0b58b06ce59483f09117c853f8c0a75106bad18e07d12c936bbfc84d724b532477f42c6e22f9832f238a62e59ae3046ac0b355262 Size : 0.328 Kilobytes. |
| Match Rules |
|---|
| File Name: | AutoItObfuscator_1.bin |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 97cf21650dfc7e50972bf09a2760fe8b78d367b8 |
| MD5: | baf02b6b2480028d73775a43cbcec09b |
| First Seen Date: | 2022-01-10 18:33:30.697168 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2022-01-10 18:33:30.697168 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 5 |
| trid | [[64.5, u'Win32 Executable MS Visual C++ (generic)'], [13.6, u'Win32 Dynamic Link Library (generic)'], [9.3, u'Win32 Executable (generic)'], [4.2, u'Win16/32 Executable Delphi generic'], [4.1, u'Generic Win/DOS Executable']] |
| compilation time stamp | 0x5CCAE30D [Thu May 2 12:31:09 2019 UTC] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright \xa9 PELock LLC 2019 |
| Assembly Version | 1.4.0.0 |
| InternalName | AutoItObfuscator.exe |
| FileVersion | 1.4.0.0 |
| CompanyName | PELock LLC |
| LegalTrademarks | |
| Comments | AutoIt Script Source Code Obfuscator |
| ProductName | AutoItObfuscator |
| ProductVersion | 1.4.0.0 |
| FileDescription | AutoIt Obfuscator |
| OriginalFilename | AutoItObfuscator.exe |
| entry point | 0x61200a () |
| machine type | Intel 386 or later - 32Bit |
| file size | 2152976 |
| ssdeep | 49152:LVYdOvDfhl3eyBe2bnIVlFfvcaaJAsC9o7DI5P:JzdMytnIVl+i9lZ |
| sha256 | f9a46133ecb6a5bd6ec98679b107e08fddf892283791d2b25820e17569cdb44f |
| exifinfo | [{u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/7/c/f/97cf21650dfc7e50972bf09a2760fe8b78d367b8', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2022:01:10 18:33:14+00:00', u'EXE:InitializedDataSize': 125952, u'File:FileModifyDate': u'2022:01:10 18:32:10+00:00', u'File:FileSize': u'2.1 MB', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'97cf21650dfc7e50972bf09a2760fe8b78d367b8', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2019:05:02 12:31:09+00:00', u'EXE:LinkerVersion': 48.0, u'ExifTool:ExifToolVersion': 10.1, u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/7/c/f', u'EXE:EntryPoint': u'0x21200a', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 2025984, u'File:FileInodeChangeDate': u'2022:01:10 18:32:49+00:00', u'EXE:Subsystem': u'Windows GUI'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| &9nFiL$ | 0x2000 | 0x5b8c | 0x5c00 | 7.9934056437 | 89ee70d5b588ccc253e310e47c343181 |
| .text | 0x8000 | 0x1ee7c8 | 0x1ee800 | 7.80550774048 | 87ff8974e7b7f139373f4a68baf935cc |
| ]Cp. | 0x1f8000 | 0x18d28 | 0x18e00 | 3.65696540736 | fde5df402326a97ef1c3c7cc3bc836cc |
| 0x212000 | 0x10 | 0x200 | 0.122275881259 | 349d3e73c04a41606f3a4d8bce9ad839 | |
| .reloc | 0x214000 | 0xc | 0x200 | 0.0980041756627 | 115bf8b5632f3b7040c06eeeac3de1c3 |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2065312, u'sha256': u'1f079a97a4da276b97d2b90c7e7665d6f7ec6ec421b905db1b40c541090adddc', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 8509}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2073824, u'sha256': u'53992acc1311dd0c22a94d49f1eb47e983e3a439e86ccdad4c6dc23d77479b4d', u'type': u'data', u'size': 38056}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2111880, u'sha256': u'243d39814fe7dd9bb7536f16bb537e14e362bdee5b90798ffd606f3090133a02', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0', u'size': 16936}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2128816, u'sha256': u'41e8d6f7ab97b671e9842b7efc23718d8a64d2952e80996fe621e3c6c1cdfaa7', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2138456, u'sha256': u'168699229603f03b6ce18f56075d226ceb4177e145e109d6d11e2bbd5dd2c794', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2142208, u'sha256': u'55794c29731f84e8d51e515a8bc3919707ae30c78de68f4c1b087e27bd1dc495', u'type': u'data', u'size': 6760}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2148968, u'sha256': u'8c83a2bb1fe26cfe07a453672d7f249f2cc9d5dd1f8bff4c59bd05f942d63279', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2153232, u'sha256': u'29863261ad073f9ba83d4038d90c640643f072ad7b11360824097dc5a84af1e9', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2155448, u'sha256': u'208840a89425ed1b19adc581f25aa7349de25d7fbc18b45e0ceb36e6fba4e19a', u'type': u'data', u'size': 744}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2156192, u'sha256': u'3668d777b1042fe38177192ceda146388fa989fee95ef1d8140580c8826b82ff', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2158632, u'sha256': u'3a3ba11dbc1e615eb67fa1dcbc870aa360495948129b05fb5b585edca775e664', u'type': u'data', u'size': 1720}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2160352, u'sha256': u'ce379efc01fd9a3f397b3340bf7c1cc800ae88594a7c75ce52d414c6f96372b4', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2161480, u'sha256': u'efd0f88a155987af5ee32c27aa7a8f9f3435af2e94f3b8eca096dcd7e526222c', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2162864, u'sha256': u'6796306cdde0644d2292f846729fbaec402a2f41b4331544c2d2c394287ff99c', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 2163160, u'sha256': u'd243e9c27e56ccef0b5122ff9b3217b11196a4c77d86463bfa2f06c9cfbd014c', u'type': u'MS Windows icon resource - 14 icons, 256x256', u'size': 202}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 2163364, u'sha256': u'2ba2550148dc0edc5814e62efd4f6a000654a8aa7a81f0c42d3e9d1b15990387', u'type': u'data', u'size': 972}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 2164336, u'sha256': u'4e268cdc47c3d0f3911b8806de5252171afc95845394aba382bfd780d1705185', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 1714}