| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | TimberScan.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | a3fecbf7c2be69616473ebdf45c2871e8be3470f |
| MD5: | ab3935d1addff697fdeb9d8bc50738fe |
| First Seen Date: | 2018-06-25 20:39:30.213655 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2018-06-25 20:39:30.213655 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [] |
| compilation time stamp | 0x5B3152F1 [Mon Jun 25 20:39:13 2018 UTC] |
| entry point | 0x4049b7 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 20492 |
| ssdeep | |
| sha256 | 885e4e9268705850b63ad35e61e9e4c7caf8dc0ea812b49869f47734f9045fe7 |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x4390 | 0x4400 | 6.36152300842 | 8f37c7e8818be6dbc98792e22cab9895 |
| .data | 0x6000 | 0x448 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 0x7000 | 0x3c4 | 0x400 | 5.35942833576 | 8dad52064d6c767e1d28c9fc992809d8 |
| .reloc | 0x8000 | 0xc9e000 | 0x400 | 4.37480928547 | 8ae90d1eee34d9468c12ee2761d26b96 |
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 28760, u'sha256': u'cb53d077b0db47abd3f6b97ed5f7b7149fe6ab1d6133d5c190c7c037d4df6d58', u'type': u'ASCII text, with very long lines, with CRLF line terminators', u'size': 876}