| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | pln.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 97f2515c2e8005262285518caef170448b60f702 |
| MD5: | 6b86a0b4b6525b9648b313b445c8a2fb |
| First Seen Date: | 2017-05-17 12:18:30.523768 ( ) |
| Number of Clients Seen: | 10 |
| Last Analysis Date: | 2017-05-17 12:18:30.523768 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 4 |
| compilation time stamp | 0x591AFBAF [Tue May 16 13:16:31 2017 UTC] |
| LegalCopyright | Copyright \xa9Oscar Health Insurance Co.. 1999 - 2014 |
| FileVersion | 2.7.3.736 |
| CompanyName | Oscar Health Insurance Co. |
| ProductName | Concealment |
| ProductVersion | 2.7.3.736 |
| FileDescription | Xcfn Amp Policy Famouspainter 149 |
| OriginalFilename | Concealment.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x403337 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 540672 |
| sha256 | c4fa4209779150be1eb54f30f45a37d1109cce4cb418eea3905042159986361f |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x93ce | 0xa000 | 6.322868 | - |
| .rdata | 0xb000 | 0x470d | 0x5000 | 5.957022 | - |
| .data | 0x10000 | 0x1a18 | 0x1000 | 2.528224 | - |
| .rsrc | 0x12000 | 0x12997c | 0x73000 | 7.899503[SUSPICIOUS] | - |
-
KERNEL32.dll
- GetCPInfo
- HeapSize
- LoadLibraryA
- Sleep
- InitializeCriticalSection
- GetSystemTimeAsFileTime
- GetCurrentProcessId
- GetTickCount
- GetACP
- InterlockedDecrement
- GetCurrentThreadId
- SetLastError
- InterlockedIncrement
- GetModuleHandleA
- TlsSetValue
- TlsAlloc
- TlsGetValue
- GetFileType
- SetHandleCount
- GetOEMCP
- MultiByteToWideChar
- GetLocaleInfoA
- LCMapStringA
- LCMapStringW
- GetStringTypeA
- GetStringTypeW
- QueryPerformanceCounter
- CloseHandle
- GetEnvironmentStringsW
- WideCharToMultiByte
- FreeEnvironmentStringsW
- GetProcAddress
- GetLastError
- LoadLibraryW
- GetEnvironmentStrings
- WriteFile
- FreeEnvironmentStringsA
- GetModuleFileNameA
- GetStdHandle
- ExitProcess
- HeapCreate
- HeapDestroy
- HeapReAlloc
- VirtualAlloc
- VirtualFree
- HeapAlloc
- TlsFree
- CreateFileA
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- IsDebuggerPresent
- SetUnhandledExceptionFilter
- GetCommandLineA
- HeapFree
- GetVersionExA
- GetProcessHeap
- GetStartupInfoA
- RaiseException
- RtlUnwind
- TerminateProcess
- GetCurrentProcess
- UnhandledExceptionFilter
-
USER32.dll
- RegisterClassA
- LoadCursorA
- DestroyMenu
- EnableWindow
- UpdateWindow
- InsertMenuA
- MessageBoxW
- OpenClipboard
- EndPaint
- ClientToScreen
- DestroyWindow
- GetMessageA
- CloseClipboard
- GetWindowRect
- RegisterClassExA
- SendDlgItemMessageA
- GetSubMenu
- LoadMenuA
- LoadIconA
- DispatchMessageA
- GetClientRect
- CreateMenu
- GetWindowTextLengthA
- IsWindowEnabled
- BeginPaint
- EnumWindows
- GetWindowTextA
- MessageBoxA
- InvalidateRect
- GetClipboardData
- CreateWindowExA
- GetDlgItem
- DefWindowProcA
- SetWindowPos
- CheckDlgButton
- ShowWindow
- SetMenu
- AppendMenuA
-
GDI32.dll
- ExtEscape
- SetWindowExtEx
- StartPage
- DeleteDC
- AbortPath
- SetBkColor
- SelectObject
- SetMapMode
- Rectangle
- StartDocA
- StretchDIBits
- AddFontMemResourceEx
- EndDoc
- GetStockObject
- AbortDoc
- TextOutA
- EndPage
-
comdlg32.dll
- PrintDlgA
- GetOpenFileNameA
-
ADVAPI32.dll
- RegCreateKeyExA
- RegCloseKey
- RegQueryInfoKeyA
- RegQueryValueExA
-
ole32.dll
- CoInitialize
- CoRegisterClassObject
-
OLEAUT32.dll
- LoadTypeLibEx
-
COMCTL32.dll
- None
- ImageList_Create
-
gdiplus.dll
- GdiplusStartup
-
Secur32.dll
- QuerySecurityPackageInfoA
-
TAPI32.dll
- phoneGetLamp
Pi
RT_BITMAP
RT_ICON
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST