| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | 198808e07a5ff1f81792f5d8ad348117d57331ee |
| File Type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| SHA1: | 198808e07a5ff1f81792f5d8ad348117d57331ee |
| MD5: | 8e8b92bdefe259ace73cf93e3313330b |
| First Seen Date: | 2025-08-20 07:24:02.865486 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2025-08-20 07:24:02.865486 ( ) |
| Human Expert Analysis Date: | 2025-08-20 10:23:07.559651 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 4 |
| file type enum | 7 |
| debug artifacts | [] |
| number of sections | 5 |
| trid | [[87.2, u'Win64 Executable (generic)'], [6.3, u'Generic Win/DOS Executable'], [6.3, u'DOS Executable Generic'], [0.0, u'VXD Driver']] |
| compilation time stamp | 0x0 [Thu Jan 1 00:00:00 1970 UTC] [SUSPICIOUS] |
| LegalCopyright | Copyright (c) 2025 UltiMaker |
| ProductName | UltiMaker Cura 5.10.2 |
| FileDescription | Application |
| FileVersion | 5.10.2.0 |
| CompanyName | UltiMaker |
| Translation | 0x0409 0x04b0 |
| entry point | 0x450e10 (.text) |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| file size | 1832536 |
| ssdeep | 24576:rm0urnSzpnH2ppdVtnsf85PPszpqmkU6ggjZDkXjxOVy:60UnStnMpIImkU6ggFDwv |
| sha256 | f910c521a834e26b995ccb52d49bc73dd5b0a6450dbc8c416e41af5204d04e1b |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/9/8/8/198808e07a5ff1f81792f5d8ad348117d57331ee', u'EXE:ProductName': u'UltiMaker Cura 5.10.2', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2025:08:20 07:22:55+00:00', u'EXE:InitializedDataSize': 1819648, u'File:FileModifyDate': u'2025:08:20 07:22:23+00:00', u'EXE:FileVersionNumber': u'5.10.2.0', u'EXE:FileVersion': u'5.10.2.0', u'File:FileSize': u'1790 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Win32', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'UltiMaker', u'File:FileName': u'198808e07a5ff1f81792f5d8ad348117d57331ee', u'EXE:ImageVersion': 1.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.1, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'0000:00:00 00:00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LegalCopyright': u'Copyright (c) 2025 UltiMaker', u'EXE:LinkerVersion': 2.36, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/9/8/8', u'EXE:FileDescription': u'Application', u'EXE:EntryPoint': u'0x50e10', u'EXE:SubsystemVersion': 6.1, u'EXE:CodeSize': 533504, u'File:FileInodeChangeDate': u'2025:08:20 07:22:55+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'5.10.2.0'}] |
| mime type | application/x-dosexec |
| imphash | 25c4fb4a248389347ae9cf0ce6995420 |
| File Path on Client | Seen Count |
|---|---|
| file/to/path | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x83000 | 0x82400 | 5.91995706434 | 3468fb0a04bee1ae0a5d814dc4c9fa0e |
| .rdata | 0x84000 | 0x12e000 | 0x12d200 | 6.38869511425 | 2fd5ad3e18975edc509214570b2547be |
| .data | 0x1b2000 | 0x24000 | 0x3000 | 2.51933349184 | b7033ce715f4cd1240016f5b4bd0b192 |
| .idata | 0x1d6000 | 0x392 | 0x400 | 3.96046714582 | 101763fc99007de06ded6c4f36aecf2f |
| .rsrc | 0x1d7000 | 0x99b8 | 0x9a00 | 5.41648348863 | f30e5b3dcb4481b63a520875f6b1ea95 |
-
kernel32.dll
- WriteFile
- WriteConsoleW
- WaitForMultipleObjects
- WaitForSingleObject
- VirtualQuery
- VirtualFree
- VirtualAlloc
- SwitchToThread
- SetWaitableTimer
- SetUnhandledExceptionFilter
- SetProcessPriorityBoost
- SetEvent
- SetErrorMode
- SetConsoleCtrlHandler
- LoadLibraryA
- LoadLibraryW
- GetSystemInfo
- GetSystemDirectoryA
- GetStdHandle
- GetQueuedCompletionStatus
- GetProcessAffinityMask
- GetProcAddress
- GetEnvironmentStringsW
- GetConsoleMode
- FreeEnvironmentStringsW
- ExitProcess
- DuplicateHandle
- CreateThread
- CreateEventA
- CloseHandle
- AddVectoredExceptionHandler
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1930024, u'sha256': u'bcee1b477b7d0bf7978dd51b33bc6ee9ab4113d177fdf2359701ff3e3398a024', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1930320, u'sha256': u'8e868f6b8bea2ac1ef09abc7d811abb3509d65cdcf6593c968ebf23d00a2c410', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0', u'size': 2216}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1932536, u'sha256': u'418ad9c831d76c773dd5ace964cbd0b936f8deb7fa714d1b882eda679d35efe8', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1936288, u'sha256': u'b59f14f86d9840fa6d84390a6f6adb23c7a66e6807735c46a4f6af17f9a2d2db', u'type': u'dBase IV DBT, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0', u'size': 19496}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1955784, u'sha256': u'0fadae1a98aab55b17176408794a224fb85470addf900dabf6b443af543f7834', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 9580}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1965364, u'sha256': u'7854e8d67a11148566ad37c5d23e1534e0990fe31a160e0e7da3ca751830bb50', u'type': u'data', u'size': 180}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1965544, u'sha256': u'c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016', u'type': u'data', u'size': 288}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1965832, u'sha256': u'425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014', u'type': u'data', u'size': 514}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1966348, u'sha256': u'4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4', u'type': u'data', u'size': 248}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1966596, u'sha256': u'a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023', u'type': u'data', u'size': 160}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 1966756, u'sha256': u'587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763', u'type': u'data', u'size': 238}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 1966996, u'sha256': u'2de709cec9752b6de6b0f3df0c594f280490681962be9000cf813f0d054a090a', u'type': u'MS Windows icon resource - 5 icons, 16x16, 16 colors', u'size': 76}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 1967072, u'sha256': u'2f793ae17f1e9c42ee4b7a9c53e5d2ca2c8862d8bc75eeaa80e5a2f6f768e15a', u'type': u'data', u'size': 560}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 1967632, u'sha256': u'5173bf28b577935c8ec392d8a243a6aae0d4a514d126d6b761fd504f36b38763', u'type': u'XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators', u'size': 936}