| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\c33440efd5bd9376b62e2ce8fd4c67c3d5e404e8.exe:typelib |
Type : data MD5 : 4bf31038ddcf6341c8c9eef29c63bfee SHA-1 : 84c8d63c438f8d4766bb27360784f4f9b45fa752 SHA-256 : 5a28509692a5fc59ff1513ad90b864cbdb5f3aa08c4c6fd2b326fefc3c8a8e60 SHA-512 : 0d50eae451f9baca428198f4b28f8e24a12f61ba3148c3e3df086dc2666fd6861d0bcb0bb8b8f489dce47dedf5f4e2b8cb39c3f2fab8d51286361657973d2969 Size : 8.684 Kilobytes. |
| Match Rules |
|---|
| File Name: | Ne.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | c33440efd5bd9376b62e2ce8fd4c67c3d5e404e8 |
| MD5: | f27dbfe7d06948b02e294f981ec3c1af |
| First Seen Date: | 2015-09-28 16:44:57.234000 ( ) |
| Number of Clients Seen: | 6 |
| Last Analysis Date: | 2016-04-09 15:48:07.708764 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 5 |
| compilation time stamp | 0x5609649F [Mon Sep 28 16:02:39 2015 UTC] |
| entry point | 0x414e4a (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 756416 |
| sha256 | b8ff7d8a64244ac93fa026f23e66a8bd6938f31b59bb4c367ce8cbada52f256f |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x2d3f4 | 0x2d400 | 6.549186 | - |
| .rdata | 0x2f000 | 0xbbe8 | 0xbc00 | 4.680791 | - |
| .data | 0x3b000 | 0x3434 | 0x1400 | 3.355228 | - |
| .rsrc | 0x3f000 | 0x77bd1 | 0x77c00 | 7.906845[SUSPICIOUS] | - |
| .reloc | 0xb7000 | 0x4ca6 | 0x4e00 | 4.473143 | - |
-
KERNEL32.dll
- GetCurrentProcess
- GetModuleHandleW
- InitializeCriticalSectionAndSpinCount
- lstrlenW
- GetLastError
- LoadLibraryA
- CloseHandle
- VirtualAlloc
- VirtualFree
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- WaitForSingleObject
- CreateEventA
- SetEvent
- ResetEvent
- CreateSemaphoreA
- ReleaseSemaphore
- InitializeCriticalSection
- HeapAlloc
- EncodePointer
- DecodePointer
- GetSystemTimeAsFileTime
- GetCommandLineW
- HeapFree
- CreateThread
- GetCurrentThreadId
- ExitThread
- GetProcAddress
- LoadLibraryExW
- RaiseException
- RtlUnwind
- IsDebuggerPresent
- IsProcessorFeaturePresent
- InterlockedDecrement
- ExitProcess
- GetModuleHandleExW
- AreFileApisANSI
- MultiByteToWideChar
- GetStdHandle
- WriteFile
- GetModuleFileNameW
- GetProcessHeap
- HeapSize
- Sleep
- SetLastError
- InterlockedIncrement
- GetCurrentThread
- GetFileType
- GetStartupInfoW
- QueryPerformanceCounter
- GetCurrentProcessId
- GetEnvironmentStringsW
- FreeEnvironmentStringsW
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- TerminateProcess
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- CreateSemaphoreW
- FatalAppExitA
- GetStringTypeW
- IsValidCodePage
- GetACP
- GetOEMCP
- GetCPInfo
- InterlockedExchange
- FreeLibrary
- SetConsoleCtrlHandler
- OutputDebugStringW
- LoadLibraryW
- HeapReAlloc
- WideCharToMultiByte
- GetDateFormatW
- GetTimeFormatW
- CompareStringW
- LCMapStringW
- GetLocaleInfoW
- IsValidLocale
- GetUserDefaultLCID
- EnumSystemLocalesW
- FlushFileBuffers
- GetConsoleCP
- GetConsoleMode
- SetStdHandle
- SetFilePointerEx
- WriteConsoleW
- CreateFileW
RT_ICON
RT_GROUP_ICON
RT_MANIFEST