| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Roaming\!#_RESTORE_FILES_#!.inf |
Type : ASCII text, with CRLF line terminators MD5 : 176304d7a51daf17cabb9d45e8d5e4ed SHA-1 : 6eac45ccf13524c313c715d413985c5b74a910f8 SHA-256 : 7f14afa7fe7dce13f3dcaee74a67475f888bbd72a39bdeb335616cac46a58836 SHA-512 : 4ea9234f65a1b8c5a1618a8ecc8db31f42c64e1f270c6b3578e347e7b4f3305ffb1447e8f5ca6d0bbe5680545f87ad0f90a850926d69dbaa5dc80d110af1e2fb Size : 1.312 Kilobytes. |
| Match Rules |
|---|
| File Name: | helponyon.info.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | a9f315251fdbeaa49965d86977518adbbd1d7a2c |
| MD5: | fe296bb6c87077cd238899eb5e3d6cde |
| First Seen Date: | 2017-06-17 22:36:24.192204 ( ) |
| Number of Clients Seen: | 5 |
| Last Analysis Date: | 2017-06-17 22:36:24.192204 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| file type enum | 6 |
| number of sections | 5 |
| compilation time stamp | 0x593FAF7A [Tue Jun 13 09:25:14 2017 UTC] |
| entry point | 0x40b003 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 241664 |
| sha256 | 49470e0e56c491a0bb8483859cfdb18067047e7740bc1709835f653ffd6730ad |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x26b01 | 0x26c00 | 6.638149853 | f7e7aeac5cb7af019aa970a9c43ddad9 |
| .rdata | 0x28000 | 0x1055c | 0x10600 | 5.56894429188 | cd2bd59e85bfd012a5532ed75f5ca6d2 |
| .data | 0x39000 | 0x1406da8 | 0x1000 | 3.50891721475 | 3b3bd3e6245638882be4959d37664126 |
| .tls | 0x1440000 | 0x9 | 0x200 | 0.0203931352361 | 1f354d76203061bfdd5a53dae48d5435 |
| .reloc | 0x1441000 | 0x2720 | 0x2800 | 6.57492740972 | b3dea16b531d9c0e8671fb73af0c08ba |
-
KERNEL32.dll
- GetCurrentProcessorNumber
- ExitProcess
- lstrcpynA
- WinExec
- GetTickCount
- GetDriveTypeW
- GetLastError
- HeapSize
- GetLocalTime
- ReadConsoleW
- WriteConsoleW
- SetStdHandle
- GetLogicalDrives
- FreeEnvironmentStringsW
- OpenMutexA
- Sleep
- GetCurrentThreadId
- CreateMutexA
- FindFirstFileA
- FindClose
- FindNextFileA
- ExpandEnvironmentStringsW
- CreateFileW
- GetModuleFileNameA
- GetFileTime
- lstrcmpiA
- SystemTimeToFileTime
- GetFileSize
- CloseHandle
- FileTimeToSystemTime
- CreateFileA
- MoveFileExA
- lstrlenA
- GetEnvironmentStringsW
- GetCommandLineW
- GetCommandLineA
- GetOEMCP
- IsValidCodePage
- FindFirstFileExA
- GetProcessHeap
- SetFilePointerEx
- GetConsoleMode
- SetFileTime
- WriteFile
- ReadFile
- WideCharToMultiByte
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- EncodePointer
- DecodePointer
- MultiByteToWideChar
- SetLastError
- InitializeCriticalSectionAndSpinCount
- CreateEventW
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- GetSystemTimeAsFileTime
- GetModuleHandleW
- GetProcAddress
- LCMapStringW
- GetLocaleInfoW
- GetStringTypeW
- GetCPInfo
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetCurrentProcess
- TerminateProcess
- IsProcessorFeaturePresent
- SetEvent
- ResetEvent
- WaitForSingleObjectEx
- IsDebuggerPresent
- GetStartupInfoW
- QueryPerformanceCounter
- GetCurrentProcessId
- InitializeSListHead
- RtlUnwind
- RaiseException
- FreeLibrary
- LoadLibraryExW
- HeapAlloc
- HeapReAlloc
- HeapFree
- GetModuleHandleExW
- GetStdHandle
- GetACP
- IsValidLocale
- GetUserDefaultLCID
- EnumSystemLocalesW
- GetFileType
- FlushFileBuffers
- GetConsoleCP
- SetEndOfFile
-
USER32.dll
- GetDC
- FillRect
- GetSystemMetrics
- GetActiveWindow
- wsprintfW
- DrawTextW
- SystemParametersInfoW
- wsprintfA
- GetClipboardOwner
-
GDI32.dll
- GetDIBits
- CreateCompatibleBitmap
- SelectObject
- CreateCompatibleDC
- SetTextColor
- SetBkMode
- CreateSolidBrush
- CreateFontIndirectW
-
ADVAPI32.dll
- RegOpenKeyExW
- CryptHashData
- CryptDeriveKey
- RegCloseKey
- RegSetValueExW
- CryptSetKeyParam
- CryptAcquireContextA
- CryptEncrypt
- CryptCreateHash
-
SHELL32.dll
- ShellExecuteA
- SHGetPathFromIDListA
- SHGetSpecialFolderLocation
- ShellExecuteW
-
SHLWAPI.dll
- PathFindFileNameA
- PathFindExtensionA
-
MPR.dll
- WNetEnumResourceA
- WNetGetLastErrorA
- WNetOpenEnumA
- WNetCloseEnum
-
CRYPT32.dll
- CryptStringToBinaryA
- CryptDecodeObjectEx
- CryptImportPublicKeyInfo