Advanced File Analysis System

File Name: 176928788.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: aa45509ac9b2d11e55784eddc52f966444d77099

MD5: a47573d164d84977ae6adf3db7119c4e

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\AppData\Local\Temp\is-7GR0E.tmp\aa45509ac9b2d11e55784eddc52f966444d77099.tmp	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 832dab307e54aa08f4b6cdd9b9720361 SHA-1 : ebd007fb7482040ecf34339e4bf917209c1018df SHA-256 : cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3 SHA-512 : 358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49 Size : 713.728 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-2I3F7.tmp\_isetup\_setup64.tmp	Type : PE32+ executable (console) x86-64, for MS Windows MD5 : e4211d6d009757c078a9fac7ff4f03d4 SHA-1 : 019cd56ba687d39d12d4b13991c9a42ea6ba03da SHA-256 : 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 SHA-512 : 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e Size : 6.144 Kilobytes.
C:\Users\user\AppData\Local\Temp\is-2I3F7.tmp\license.key	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : d82a429efd885ca0f324dd92afb6b7b8 SHA-1 : 86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea SHA-256 : b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3 SHA-512 : 5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df Size : 205.312 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	176928788.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	aa45509ac9b2d11e55784eddc52f966444d77099
MD5:	a47573d164d84977ae6adf3db7119c4e
First Seen Date:	2017-12-23 18:52:36.410654 ( 2017-12-23 18:52:36.410654 )
Number of Clients Seen:	2
Last Analysis Date:	2017-12-23 18:52:36.410654 ( 2017-12-23 18:52:36.410654 )
Human Expert Analysis Result:	No human expert analysis verdict given to this sample yet.

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	8
trid	[[77.7, u'Inno Setup installer'], [10.0, u'Win32 Executable Delphi generic'], [4.6, u'Win32 Dynamic Link Library (generic)'], [3.1, u'Win32 Executable (generic)'], [1.4, u'Win16/32 Executable Delphi generic']]
compilation time stamp	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] [SUSPICIOUS]
LegalCopyright
FileVersion
CompanyName
Comments	This installation was built with Inno Setup.
ProductName	____
ProductVersion	1.2
FileDescription
Translation	0x0000 0x04b0
entry point	0x40aa98 (CODE)
machine type	Intel 386 or later - 32Bit
file size	388198
ssdeep	6144:XP7OolIvnL8+Ee0CYDxbGKls0fIazlqSXbAkuWxJEknSGZMxhSLupnmd/tnl05i:/7blIvnL8+iDR/67azlqqnHTEknjMxIT
sha256	1f5267c16780258388ef8ad44ee302fb0fe4fc557de93150787deb67bb101f8c
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/a/4/5/aa45509ac9b2d11e55784eddc52f966444d77099', u'EXE:ProductName': u'____ ', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2017:12:23 18:52:23+00:00', u'EXE:InitializedDataSize': 17920, u'File:FileModifyDate': u'2017:12:23 18:52:22+00:00', u'EXE:FileVersionNumber': u'0.0.0.0', u'EXE:FileVersion': u' ', u'File:FileSize': u'379 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'1.2 ', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u' ', u'File:FileName': u'aa45509ac9b2d11e55784eddc52f966444d77099', u'EXE:ImageVersion': 6.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 1.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'1992:06:19 22:22:17+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u' ', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/a/4/5', u'EXE:FileDescription': u'', u'EXE:EntryPoint': u'0xaa98', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 41472, u'EXE:Comments': u'This installation was built with Inno Setup.', u'File:FileInodeChangeDate': u'2017:12:23 18:52:23+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'0.0.0.0'}]
mime type	application/x-dosexec
imphash	b9a08f46a1a607d0dccfe0d020e621c1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
CODE	0x1000	0xa1d0	0xa200	6.63550844572	a49ce5969afc99027d2ca29c05b382dc
DATA	0xc000	0x250	0x400	2.74012451302	9b2268ed5360951559d8041925d025fb
BSS	0xd000	0xe94	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.idata	0xe000	0x97c	0xa00	4.47624034315	680e72267857783c13b81c8d773f04e9
.tls	0xf000	0x8	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x10000	0x18	0x200	0.245146276048	3562a9a4f904acbe99cae8308cf0e38a
.reloc	0x11000	0x91c	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x12000	0x2f9d	0x2c00	4.5678230775	f470b4f8bb4fb2768259d85c98e94683

PE Imports

kernel32.dll
- DeleteCriticalSection
- LeaveCriticalSection
- EnterCriticalSection
- InitializeCriticalSection
- VirtualFree
- VirtualAlloc
- LocalFree
- LocalAlloc
- WideCharToMultiByte
- TlsSetValue
- TlsGetValue
- MultiByteToWideChar
- GetModuleHandleA
- GetLastError
- GetCommandLineA
- WriteFile
- SetFilePointer
- SetEndOfFile
- RtlUnwind
- ReadFile
- TlsAlloc
- GetStdHandle
- GetFileSize
- GetSystemTime
- GetFileType
- ExitProcess
- CreateFileA
- CloseHandle
user32.dll
- MessageBoxA
oleaut32.dll
- VariantChangeTypeEx
- VariantCopyInd
- VariantClear
- SysStringLen
- SysAllocStringLen
advapi32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
- OpenProcessToken
- LookupPrivilegeValueA
kernel32.dll
- WriteFile
- VirtualQuery
- VirtualProtect
- VirtualFree
- VirtualAlloc
- Sleep
- SizeofResource
- SetLastError
- SetFilePointer
- SetErrorMode
- SetEndOfFile
- RemoveDirectoryA
- ReadFile
- LockResource
- LoadResource
- LoadLibraryA
- IsDBCSLeadByte
- GetWindowsDirectoryA
- GetVersionExA
- GetVersion
- GetUserDefaultLangID
- GetSystemInfo
- GetSystemDirectoryA
- GetSystemDefaultLCID
- GetProcAddress
- GetModuleHandleA
- GetModuleFileNameA
- GetLocaleInfoA
- GetLastError
- GetFullPathNameA
- GetFileSize
- GetFileAttributesA
- GetExitCodeProcess
- GetEnvironmentVariableA
- GetCurrentProcess
- GetCommandLineA
- GetACP
- InterlockedExchange
- FormatMessageA
- FindResourceA
- DeleteFileA
- CreateProcessA
- CreateFileA
- CreateDirectoryA
- CloseHandle
user32.dll
- TranslateMessage
- SetWindowLongA
- PeekMessageA
- MsgWaitForMultipleObjects
- MessageBoxA
- LoadStringA
- ExitWindowsEx
- DispatchMessageA
- DestroyWindow
- CreateWindowExA
- CallWindowProcA
- CharPrevA
comctl32.dll
- InitCommonControls
advapi32.dll
- AdjustTokenPrivileges

PE Resources

{u'lang': u'LANG_DUTCH', u'name': u'RT_ICON', u'offset': 74580, u'sha256': u'f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}

{u'lang': u'LANG_DUTCH', u'name': u'RT_ICON', u'offset': 74876, u'sha256': u'dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}

{u'lang': u'LANG_DUTCH', u'name': u'RT_ICON', u'offset': 76260, u'sha256': u'ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3', u'type': u'data', u'size': 744}

{u'lang': u'LANG_DUTCH', u'name': u'RT_ICON', u'offset': 77004, u'sha256': u'3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3', u'type': u'data', u'size': 2216}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 79220, u'sha256': u'2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f', u'type': u'data', u'size': 754}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 79976, u'sha256': u'840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3', u'type': u'data', u'size': 780}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 80756, u'sha256': u'26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78', u'type': u'data', u'size': 718}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 81476, u'sha256': u'd786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c', u'type': u'data', u'size': 104}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 81580, u'sha256': u'00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd', u'type': u'data', u'size': 180}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 81760, u'sha256': u'34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3', u'type': u'data', u'size': 174}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 81936, u'sha256': u'13d4b048fb409d392cf3457c5135899477ed8c44fdd17abbe6dbe3f3bf88dfd8', u'type': u'data', u'size': 44}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 81980, u'sha256': u'44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c', u'type': u'MS Windows icon resource - 4 icons, 16x16, 16 colors', u'size': 62}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 82044, u'sha256': u'd1d9016a2739c0625c90e2b78a2ae68f8203f22f0078f6d5d9f12e6c126f323f', u'type': u'data', u'size': 1268}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 83312, u'sha256': u'356ca8abf11d97bf9dcbff47c04bf1ddcb8685ef84d38e6850ec6c28a37655b9', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 1580}

CERTIFICATE VALIDATION

Loading...