| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\Rar$EX7.src777\achsv.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : 7f530b8cc0139cc83b39aaf6a7df15ac SHA-1 : 71ef339c7d075c172ea13c2dc0b1da6c0e73086e SHA-256 : 03f48b16b372bb029b759474349e2d0e587e6905cedcf672cd60e5c21eda6ba6 SHA-512 : 12736668c292fbdba16d89e98b30a1f072d66f826fe6b4e7b84ea4804420435fb7b9d47d799fe35be002c134b4a714b00fc5d522da807a6633b784d2ce255b67 Size : 97.341 Kilobytes. |
|
D:\Program Files\FoxitReader\FoxitReader.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : e7449b76459b7abcdd5e944a4962361d SHA-1 : 5e162f0df79789498e69aeae0f48220fc314dcf0 SHA-256 : 73e39a2b3ff5781092174590dc0256303354c6a285aecaae1ce0dc60c7d4ac58 SHA-512 : adf35c26ec6f1ac7528892f2b90365364cf8b62efb381adec2e26f6f5dd3a60dd334b2fff74d04930e0416a23a8571eb00b4d1186db95ab4f73604f255005dc6 Size : 97.88 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\Rar$EX7.src777\pipe.Exc777.tmp |
Type : ASCII text, with no line terminators MD5 : 17ee51f895f25f9b96d861b855478bf5 SHA-1 : f9fa24ad1803d9ae75cccc56b89af04adec56225 SHA-256 : 50f040cd185ddb0137bc028a5d969f1c1c67c6cfab20f9d748e0e1fb69547269 SHA-512 : 83b744ffbbf8101d8c964b8d74a443dab995018883f82751331900d881c1d3bb2871b66eff63852c0a67bb2486cc6791bc8e6eb352e13c0954d622a91ee2be17 Size : 0.01 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PDF FoxitReader.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : a7e03d4ac195381df91875cfcc054565 SHA-1 : c47b33ace0f73d20dd622c19f0e55a1a4ab781ae SHA-256 : 7606ed32c65364f5094cb36fe990065094e24813f7a63c272a24f6af1ea959ea SHA-512 : 44ba8e69e826ed2aba7b53a1ebf268525dfc715ac919ba32fb7b4869e3db9e57dbc62cd6714c4d4fd7c5e0d646857bc54ce47c94fcd228fd2ded0fb68ca80902 Size : 97.613 Kilobytes. |
| Match Rules |
|---|
| File Name: | virussign.com_9c564e6b5fa45c3f3460f12bb1d6baa2.exe |
| File Type: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| SHA1: | fb359e96741bb5ccee50e40f01e64f56ae4963df |
| MD5: | 9c564e6b5fa45c3f3460f12bb1d6baa2 |
| First Seen Date: | 2025-01-01 00:56:51.458166 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2025-01-01 00:56:51.458166 ( ) |
| Human Expert Analysis Date: | 2025-01-02 09:43:00.881306 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 8 |
| trid | [[42.6, u'Win32 Executable (generic)'], [19.1, u'OS/2 Executable (generic)'], [18.9, u'Generic Win/DOS Executable'], [18.9, u'DOS Executable Generic'], [0.2, u'VXD Driver']] |
| compilation time stamp | 0x501FE276 [Mon Aug 6 15:27:50 2012 UTC] |
| ProductVersion | 1.10 |
| InternalName | PDFReader |
| FileVersion | 1.10 |
| OriginalFilename | PDFReader.exe |
| ProductName | PDF_Reader_1.1 |
| Translation | 0x0409 0x04b0 |
| entry point | 0x401240 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 97130 |
| ssdeep | 1536:VUMTIGU8vM3dG7l5rphVgEQF5NM4Jt78eRL2h+nhMJ41mxZhYFR6:VbTIGbvM3dIhVYFU4JtVRqYnCJ41mrhD |
| sha256 | caa42554c17fd53b04b0f98a6e57f0f67ada0fae2364e4a58de5c9543b9eae4f |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/b/3/5/fb359e96741bb5ccee50e40f01e64f56ae4963df', u'EXE:OriginalFileName': u'PDFReader.exe', u'EXE:ProductName': u'PDF_Reader_1.1', u'EXE:InternalName': u'PDFReader', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2025:01:01 00:56:41+00:00', u'EXE:InitializedDataSize': 72704, u'File:FileModifyDate': u'2025:01:01 00:56:29+00:00', u'EXE:FileVersionNumber': u'1.1.0.0', u'EXE:FileVersion': 1.1, u'File:FileSize': u'95 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': 1.1, u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 1263616, u'File:FileName': u'fb359e96741bb5ccee50e40f01e64f56ae4963df', u'EXE:ImageVersion': 1.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2012:08:06 15:27:50+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LinkerVersion': 2.56, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/b/3/5', u'EXE:EntryPoint': u'0x1240', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 28160, u'File:FileInodeChangeDate': u'2025:01:01 00:56:40+00:00', u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.1.0.0'}] |
| mime type | application/x-dosexec |
| imphash | ea28f662ab831803e9a8c823439760d0 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x6df4 | 0x6e00 | 5.71637695075 | 4818edbbf49e728d29da60ab09a44c12 |
| .data | 0x8000 | 0x14e0 | 0x1600 | 3.58044041631 | 9aaaacb788efde655842192c957defc6 |
| .rdata | 0xa000 | 0x1440 | 0x1600 | 4.48186586391 | 4594b8be00878509965f238fa77d0baa |
| .bss | 0xc000 | 0x1346e0 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .edata | 0x141000 | 0x44 | 0x200 | 0.733238891114 | 630f0d1996612d2971af0f4441212f53 |
| .idata | 0x142000 | 0xbdc | 0xc00 | 4.87090107266 | c4fa261f310a3283820f0e89192ad762 |
| .reloc | 0x143000 | 0x5a4 | 0x600 | 6.4362570655 | 815dfc593a4ebc0a4b4dd0d9c6af708a |
| .rsrc | 0x144000 | 0x6c60 | 0x6e00 | 5.07077100032 | 57a728889cf64fb09607acb49d19b92a |
-
msvcrt.dll
- _getcwd
- _mkdir
- _sleep
- _stat
- _strlwr
-
msvcrt.dll
- __getmainargs
- __p__environ
- __p__fmode
- __set_app_type
- _cexit
- _errno
- _findclose
- _findfirst
- _findnext
- _fullpath
- _iob
- _onexit
- _setmode
- abort
- atexit
- difftime
- exit
- fclose
- fflush
- fopen
- fprintf
- fputc
- fread
- free
- fseek
- fwrite
- getenv
- localtime
- malloc
- printf
- rand
- signal
- srand
- time
-
ADVAPI32.DLL
- RegCloseKey
- RegCreateKeyExA
- RegOpenKeyExA
- RegQueryValueExA
-
KERNEL32.dll
- AddAtomA
- CloseHandle
- CreateProcessA
- CreateThread
- CreateToolhelp32Snapshot
- ExitProcess
- FindAtomA
- GetAtomNameA
- GetDriveTypeA
- GetFileAttributesA
- GetLastError
- GetLogicalDriveStringsA
- GetModuleHandleA
- GetProcAddress
- LoadLibraryA
- Module32First
- Process32First
- Process32Next
- SetFileAttributesA
- SetUnhandledExceptionFilter
-
ntdll.dll
- atoi
- atol
- memcpy
- memset
- sprintf
- strcat
- strcpy
- strlen
- tolower
-
SHELL32.DLL
- SHGetPathFromIDListA
- SHGetSpecialFolderLocation
- ShellExecuteA
-
USER32.dll
- CallNextHookEx
- DispatchMessageA
- GetKeyNameTextA
- GetMessageA
- MessageBoxA
- SetWindowsHookExA
- TranslateMessage
- UnhookWindowsHookEx
-
WS2_32.DLL
- WSACleanup
- WSAStartup
- __WSAFDIsSet
- accept
- bind
- closesocket
- connect
- getaddrinfo
- gethostbyname
- gethostname
- htons
- listen
- recv
- select
- send
- socket
CeyEvent@12
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1327672, u'sha256': u'e0c351507075358eff3e3f59cccc6ffc05d9457c28ec7290d95a6a8152f7987f', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1329056, u'sha256': u'601795e94fd4baef74f20a093a028025dfe7ef48a692e21eafd15b6df95f0119', u'type': u'data', u'size': 1736}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1330792, u'sha256': u'22b9b3c2563e5ca387b6fb3ecb36cc9bb986a8bf93b9096ae01224b024843006', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15724785, next used block 15726591', u'size': 2216}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1333008, u'sha256': u'bf57adf04fcf9288ee0127cc3e1f4c13ec5571df98b277c790b8b534ef28cf3d', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1336760, u'sha256': u'e948e2f712eca39f7e6bef7114b36d9421afd769377a46d318d5cbf37ad353f2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1337888, u'sha256': u'453b6c32996619ba78cd53b419fcf32f7c5fc6715bf57dfaa7df792196ec28c6', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1340328, u'sha256': u'f57854486eef3671d59e5cf4c6066ef4fd11cd4278467b662e1673b1b6a7b3f4', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1344592, u'sha256': u'f88a10f632cfce380b89b66dab5f16381010a9e64df6429e8a07a9a8cf016b5d', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 1354232, u'sha256': u'03a2f5f19b878f738c442e8e2e89dcc416e0ba0380590534cfa2cb39dd8bb51d', u'type': u'MS Windows icon resource - 8 icons, 16x16', u'size': 118}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 1354352, u'sha256': u'e4ee5b17d2733412c32f159522b52d4de91cd99ac687c793740da8a2ee4dbc6a', u'type': u'MS Windows COFF PowerPC object file', u'size': 496}