| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | GXAgMbwroieYFak.exe |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 1d78518cc76abf62a24da3c94f1f349191ae702f |
| MD5: | 0708b3b62998d14ef16a3bcf301ad394 |
| First Seen Date: | 2024-09-11 00:06:07.288011 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-09-11 00:06:07.288011 ( ) |
| Human Expert Analysis Date: | 2024-09-11 09:51:08.151366 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[64.6, u'Win64 Executable (generic)'], [15.4, u'Win32 Dynamic Link Library (generic)'], [10.5, u'Win32 Executable (generic)'], [4.6, u'Generic Win/DOS Executable'], [4.6, u'DOS Executable Generic']] |
| compilation time stamp | 0x66DFA50D [Tue Sep 10 01:46:53 2024 UTC] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | \xa9 2018 Hyper V |
| Assembly Version | 5.5.0.0 |
| InternalName | wFpV.exe |
| FileVersion | 5.1.0.0 |
| CompanyName | Hyper V |
| LegalTrademarks | |
| Comments | |
| ProductName | Presentacion V |
| ProductVersion | 5.1.0.0 |
| FileDescription | Presentacion V |
| OriginalFilename | wFpV.exe |
| entry point | 0x4b0d92 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 740872 |
| ssdeep | 12288:hA1+h3pvL9pE1AhK31rlxlI8vyeLjr7tsoWpjOuDJiHJUd97kR:hG+LzDzKlhxaKyeXts1OuDYJUe |
| sha256 | 8829692c411a64a87b5f857db39c8c0747b145c1cf3acb8dedad03e3bb07b62d |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/d/7/8/1d78518cc76abf62a24da3c94f1f349191ae702f', u'EXE:OriginalFileName': u'wFpV.exe', u'EXE:ProductName': u'Presentacion V', u'EXE:InternalName': u'wFpV.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:09:11 00:05:38+00:00', u'EXE:InitializedDataSize': 10240, u'File:FileModifyDate': u'2024:09:11 00:05:21+00:00', u'EXE:AssemblyVersion': u'5.5.0.0', u'EXE:FileVersionNumber': u'5.1.0.0', u'EXE:FileVersion': u'5.1.0.0', u'File:FileSize': u'724 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:LegalTrademarks': u'', u'EXE:ProductVersion': u'5.1.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Hyper V', u'File:FileName': u'1d78518cc76abf62a24da3c94f1f349191ae702f', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2024:09:10 01:46:53+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'\xa9 2018 Hyper V', u'EXE:LinkerVersion': 48.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/d/7/8', u'EXE:FileDescription': u'Presentacion V', u'EXE:EntryPoint': u'0xb0d92', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 716288, u'EXE:Comments': u'', u'File:FileInodeChangeDate': u'2024:09:11 00:05:38+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'5.1.0.0'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| C:\Users\test\Downloads\GXAgMbwroieYFak.exe | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x2000 | 0xaed98 | 0xaee00 | 7.86606851913 | 7f46c79576acb59774a95772996ae5d4 |
| .rsrc | 0xb2000 | 0x2548 | 0x2600 | 7.58494589727 | 36ecea02ba906f9a0782aa6ad86a393d |
| .reloc | 0xb6000 | 0xc | 0x200 | 0.0815394123432 | 71852a407d1c0ac5e68f4534f8aee4a4 |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 729288, u'sha256': u'ddae8db4092e19b7b0148f255e10afeed7dcfa50e336ab3e2f77d930f4677747', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 8475}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 737780, u'sha256': u'd469742d532f7d313988545a16d67db4792d543f3b12af6a8ead461d0929406c', u'type': u'MS Windows icon resource - 1 icon, 256x256', u'size': 20}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 737816, u'sha256': u'096d4ceb875ffe56006bfb02af22c089cd9225221daaa83dec4673d39a5f5e63', u'type': u'data', u'size': 812}