| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | 0a7f2ae4edd247e20d2c384ca6429c9c2e62e533967921db364e2959fbe3a12d.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 21f0dadfe8a2b8b1b601e343f9b29196fe33c440 |
| MD5: | 3df512a743f0e38d54a2a0fee67facfe |
| First Seen Date: | 2023-07-09 09:50:32.361923 ( ) |
| Number of Clients Seen: | 5 |
| Last Analysis Date: | 2023-07-15 19:05:38.968663 ( ) |
| Human Expert Analysis Date: | 2023-07-10 09:36:35.962116 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [[42.2, u'Win32 Executable MS Visual C++ (generic)'], [37.3, u'Win64 Executable (generic)'], [8.8, u'Win32 Dynamic Link Library (generic)'], [6.0, u'Win32 Executable (generic)'], [2.7, u'Generic Win/DOS Executable']] |
| compilation time stamp | 0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC] |
| CompiledScript | AutoIt v3 Script: 3, 3, 8, 1 |
| FileVersion | 3, 3, 8, 1 |
| FileDescription | |
| Translation | 0x0809 0x04b0 |
| entry point | 0x4165c1 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1136089 |
| ssdeep | 24576:0RmJkcoQricOIQxiZY1iaLuzZguT6xANBw9lkfgoLA:RJZoQrbTFZY1iaLuzuuT6xUBw/MgX |
| sha256 | 0a7f2ae4edd247e20d2c384ca6429c9c2e62e533967921db364e2959fbe3a12d |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/1/f/0/21f0dadfe8a2b8b1b601e343f9b29196fe33c440', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:15 19:05:20+00:00', u'EXE:InitializedDataSize': 121856, u'File:FileModifyDate': u'2023:07:09 09:49:57+00:00', u'EXE:FileVersionNumber': u'3.3.8.1', u'EXE:FileVersion': u'3, 3, 8, 1', u'File:FileSize': u'1109 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:CompiledScript': u'AutoIt v3 Script: 3, 3, 8, 1', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ObjectFileType': u'Unknown', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'21f0dadfe8a2b8b1b601e343f9b29196fe33c440', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2012:01:29 21:32:28+00:00', u'EXE:FileFlagsMask': u'0x0017', u'EXE:LinkerVersion': 10.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/1/f/0', u'EXE:FileDescription': u'', u'EXE:EntryPoint': u'0x165c1', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 526336, u'File:FileInodeChangeDate': u'2023:07:09 09:49:57+00:00', u'EXE:LanguageCode': u'English (British)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'3.3.8.1'}] |
| mime type | application/x-dosexec |
| imphash | d3bf8a7746a8d1ee8f6e5960c3f69378 |
| File Path on Client | Seen Count |
|---|---|
| 21f0dadfe8a2b8b1b601e343f9b29196fe33c440 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x8061c | 0x80800 | 6.68469014817 | 61ffce4768976fa0dd2a8f6a97b1417a |
| .rdata | 0x82000 | 0xdfc0 | 0xe000 | 4.79974113225 | 0354bc5f2376b5e9a4a3ba38b682dff1 |
| .data | 0x90000 | 0x1a758 | 0x6800 | 2.15007153917 | 8033f5a38941b4685bc2299e78f31221 |
| .rsrc | 0xab000 | 0xd1f8 | 0xd200 | 6.46712298143 | 2e7b0632901360446b06bca973f3e47c |
-
WSOCK32.dll
- __WSAFDIsSet
- setsockopt
- ntohs
- recvfrom
- sendto
- htons
- select
- listen
- WSAStartup
- bind
- closesocket
- connect
- socket
- send
- WSACleanup
- ioctlsocket
- accept
- WSAGetLastError
- inet_addr
- gethostbyname
- gethostname
- recv
-
VERSION.dll
- VerQueryValueW
- GetFileVersionInfoW
- GetFileVersionInfoSizeW
-
WINMM.dll
- timeGetTime
- waveOutSetVolume
- mciSendStringW
-
COMCTL32.dll
- ImageList_Remove
- ImageList_SetDragCursorImage
- ImageList_BeginDrag
- ImageList_DragEnter
- ImageList_DragLeave
- ImageList_EndDrag
- ImageList_DragMove
- ImageList_ReplaceIcon
- ImageList_Create
- InitCommonControlsEx
- ImageList_Destroy
-
MPR.dll
- WNetCancelConnection2W
- WNetGetConnectionW
- WNetAddConnection2W
- WNetUseConnectionW
-
WININET.dll
- InternetReadFile
- InternetCloseHandle
- InternetOpenW
- InternetSetOptionW
- InternetCrackUrlW
- HttpQueryInfoW
- InternetConnectW
- HttpOpenRequestW
- HttpSendRequestW
- FtpOpenFileW
- FtpGetFileSize
- InternetOpenUrlW
- InternetQueryOptionW
- InternetQueryDataAvailable
-
PSAPI.DLL
- EnumProcesses
- GetModuleBaseNameW
- GetProcessMemoryInfo
- EnumProcessModules
-
USERENV.dll
- CreateEnvironmentBlock
- DestroyEnvironmentBlock
- UnloadUserProfile
- LoadUserProfileW
-
KERNEL32.dll
- HeapAlloc
- Sleep
- GetCurrentThreadId
- RaiseException
- MulDiv
- GetVersionExW
- GetSystemInfo
- InterlockedIncrement
- InterlockedDecrement
- WideCharToMultiByte
- lstrcpyW
- MultiByteToWideChar
- lstrlenW
- lstrcmpiW
- GetModuleHandleW
- QueryPerformanceCounter
- VirtualFreeEx
- OpenProcess
- VirtualAllocEx
- WriteProcessMemory
- ReadProcessMemory
- CreateFileW
- SetFilePointerEx
- ReadFile
- WriteFile
- FlushFileBuffers
- TerminateProcess
- CreateToolhelp32Snapshot
- Process32FirstW
- Process32NextW
- SetFileTime
- GetFileAttributesW
- FindFirstFileW
- FindClose
- DeleteFileW
- FindNextFileW
- MoveFileW
- CopyFileW
- CreateDirectoryW
- RemoveDirectoryW
- GetProcessHeap
- QueryPerformanceFrequency
- FindResourceW
- LoadResource
- LockResource
- SizeofResource
- EnumResourceNamesW
- OutputDebugStringW
- GetLocalTime
- CompareStringW
- DeleteCriticalSection
- EnterCriticalSection
- LeaveCriticalSection
- InitializeCriticalSectionAndSpinCount
- GetStdHandle
- CreatePipe
- InterlockedExchange
- TerminateThread
- GetTempPathW
- GetTempFileNameW
- VirtualFree
- FormatMessageW
- GetExitCodeProcess
- SetErrorMode
- GetPrivateProfileStringW
- WritePrivateProfileStringW
- GetPrivateProfileSectionW
- WritePrivateProfileSectionW
- GetPrivateProfileSectionNamesW
- FileTimeToLocalFileTime
- FileTimeToSystemTime
- SystemTimeToFileTime
- LocalFileTimeToFileTime
- GetDriveTypeW
- GetDiskFreeSpaceExW
- GetDiskFreeSpaceW
- GetVolumeInformationW
- SetVolumeLabelW
- CreateHardLinkW
- DeviceIoControl
- SetFileAttributesW
- GetShortPathNameW
- CreateEventW
- SetEvent
- GetEnvironmentVariableW
- SetEnvironmentVariableW
- GlobalLock
- GlobalUnlock
- GlobalAlloc
- GetFileSize
- GlobalFree
- GlobalMemoryStatusEx
- Beep
- GetSystemDirectoryW
- GetComputerNameW
- GetWindowsDirectoryW
- GetCurrentProcessId
- GetCurrentThread
- GetProcessIoCounters
- CreateProcessW
- SetPriorityClass
- LoadLibraryW
- VirtualAlloc
- LoadLibraryExW
- HeapFree
- WaitForSingleObject
- CreateThread
- DuplicateHandle
- GetLastError
- CloseHandle
- GetCurrentProcess
- GetProcAddress
- LoadLibraryA
- FreeLibrary
- GetModuleFileNameW
- GetFullPathNameW
- SetCurrentDirectoryW
- IsDebuggerPresent
- GetCurrentDirectoryW
- ExitProcess
- ExitThread
- GetSystemTimeAsFileTime
- ResumeThread
- GetTimeFormatW
- GetDateFormatW
- GetCommandLineW
- GetStartupInfoW
- IsProcessorFeaturePresent
- HeapSize
- GetCPInfo
- GetACP
- GetOEMCP
- IsValidCodePage
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- SetLastError
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetStringTypeW
- HeapCreate
- SetHandleCount
- GetFileType
- SetStdHandle
- GetConsoleCP
- GetConsoleMode
- LCMapStringW
- RtlUnwind
- SetFilePointer
- GetTimeZoneInformation
- FreeEnvironmentStringsW
- GetEnvironmentStringsW
- GetTickCount
- HeapReAlloc
- WriteConsoleW
- SetEndOfFile
- SetSystemPowerState
- SetEnvironmentVariableA
-
USER32.dll
- GetCursorInfo
- RegisterHotKey
- ClientToScreen
- GetKeyboardLayoutNameW
- IsCharAlphaW
- IsCharAlphaNumericW
- IsCharLowerW
- IsCharUpperW
- GetMenuStringW
- GetSubMenu
- GetCaretPos
- IsZoomed
- MonitorFromPoint
- GetMonitorInfoW
- SetWindowLongW
- SetLayeredWindowAttributes
- FlashWindow
- GetClassLongW
- TranslateAcceleratorW
- IsDialogMessageW
- GetSysColor
- InflateRect
- DrawFocusRect
- DrawTextW
- FrameRect
- DrawFrameControl
- FillRect
- PtInRect
- DestroyAcceleratorTable
- CreateAcceleratorTableW
- SetCursor
- GetWindowDC
- GetSystemMetrics
- GetActiveWindow
- CharNextW
- wsprintfW
- RedrawWindow
- DrawMenuBar
- DestroyMenu
- SetMenu
- GetWindowTextLengthW
- CreateMenu
- IsDlgButtonChecked
- DefDlgProcW
- ReleaseCapture
- SetCapture
- WindowFromPoint
- LoadImageW
- CreateIconFromResourceEx
- mouse_event
- ExitWindowsEx
- SetActiveWindow
- FindWindowExW
- EnumThreadWindows
- SetMenuDefaultItem
- InsertMenuItemW
- IsMenu
- TrackPopupMenuEx
- GetCursorPos
- DeleteMenu
- CheckMenuRadioItem
- SetWindowPos
- GetMenuItemCount
- SetMenuItemInfoW
- GetMenuItemInfoW
- SetForegroundWindow
- IsIconic
- FindWindowW
- SystemParametersInfoW
- TranslateMessage
- SendInput
- GetAsyncKeyState
- SetKeyboardState
- GetKeyboardState
- GetKeyState
- VkKeyScanW
- LoadStringW
- DialogBoxParamW
- MessageBeep
- EndDialog
- SendDlgItemMessageW
- GetDlgItem
- SetWindowTextW
- CopyRect
- ReleaseDC
- GetDC
- EndPaint
- BeginPaint
- GetClientRect
- GetMenu
- DestroyWindow
- EnumWindows
- GetDesktopWindow
- IsWindow
- IsWindowEnabled
- IsWindowVisible
- EnableWindow
- InvalidateRect
- GetWindowLongW
- AttachThreadInput
- GetFocus
- GetWindowTextW
- ScreenToClient
- SendMessageTimeoutW
- EnumChildWindows
- CharUpperBuffW
- GetClassNameW
- GetParent
- GetDlgCtrlID
- SendMessageW
- MapVirtualKeyW
- PostMessageW
- GetWindowRect
- SetUserObjectSecurity
- GetUserObjectSecurity
- CloseDesktop
- CloseWindowStation
- OpenDesktopW
- SetProcessWindowStation
- GetProcessWindowStation
- OpenWindowStationW
- MessageBoxW
- DefWindowProcW
- CopyImage
- AdjustWindowRectEx
- SetRect
- SetClipboardData
- EmptyClipboard
- CountClipboardFormats
- CloseClipboard
- GetClipboardData
- IsClipboardFormatAvailable
- OpenClipboard
- BlockInput
- GetMessageW
- LockWindowUpdate
- GetMenuItemID
- DispatchMessageW
- MoveWindow
- SetFocus
- PostQuitMessage
- KillTimer
- CreatePopupMenu
- RegisterWindowMessageW
- SetTimer
- ShowWindow
- CreateWindowExW
- RegisterClassExW
- LoadIconW
- LoadCursorW
- GetSysColorBrush
- GetForegroundWindow
- MessageBoxA
- DestroyIcon
- PeekMessageW
- UnregisterHotKey
- CharLowerBuffW
- keybd_event
- MonitorFromRect
- GetWindowThreadProcessId
-
GDI32.dll
- DeleteObject
- AngleArc
- GetTextExtentPoint32W
- ExtCreatePen
- StrokeAndFillPath
- StrokePath
- EndPath
- SetPixel
- CloseFigure
- CreateCompatibleBitmap
- CreateCompatibleDC
- SelectObject
- StretchBlt
- GetDIBits
- GetDeviceCaps
- MoveToEx
- DeleteDC
- GetPixel
- CreateDCW
- Ellipse
- PolyDraw
- BeginPath
- Rectangle
- SetViewportOrgEx
- GetObjectW
- SetBkMode
- RoundRect
- SetBkColor
- CreatePen
- CreateSolidBrush
- SetTextColor
- CreateFontW
- GetTextFaceW
- GetStockObject
- LineTo
-
COMDLG32.dll
- GetSaveFileNameW
- GetOpenFileNameW
-
ADVAPI32.dll
- RegEnumValueW
- RegDeleteValueW
- RegDeleteKeyW
- RegEnumKeyExW
- RegSetValueExW
- RegCreateKeyExW
- GetUserNameW
- RegConnectRegistryW
- CloseServiceHandle
- UnlockServiceDatabase
- OpenThreadToken
- OpenProcessToken
- LookupPrivilegeValueW
- DuplicateTokenEx
- CreateProcessAsUserW
- CreateProcessWithLogonW
- InitializeSecurityDescriptor
- InitializeAcl
- GetLengthSid
- CopySid
- LogonUserW
- LockServiceDatabase
- GetTokenInformation
- GetSecurityDescriptorDacl
- GetAclInformation
- GetAce
- AddAce
- SetSecurityDescriptorDacl
- RegOpenKeyExW
- RegQueryValueExW
- AdjustTokenPrivileges
- InitiateSystemShutdownExW
- OpenSCManagerW
- RegCloseKey
-
SHELL32.dll
- DragQueryPoint
- ShellExecuteExW
- SHGetFolderPathW
- DragQueryFileW
- SHEmptyRecycleBinW
- SHBrowseForFolderW
- SHFileOperationW
- SHGetPathFromIDListW
- SHGetDesktopFolder
- SHGetMalloc
- ExtractIconExW
- Shell_NotifyIconW
- ShellExecuteW
- DragFinish
-
ole32.dll
- OleSetMenuDescriptor
- MkParseDisplayName
- OleSetContainedObject
- CLSIDFromString
- StringFromGUID2
- CoInitialize
- CoUninitialize
- CoCreateInstance
- CreateStreamOnHGlobal
- CoTaskMemAlloc
- CoTaskMemFree
- ProgIDFromCLSID
- OleInitialize
- CreateBindCtx
- CLSIDFromProgID
- CoInitializeSecurity
- CoCreateInstanceEx
- CoSetProxyBlanket
- OleUninitialize
- IIDFromString
-
OLEAUT32.dll
- VariantChangeType
- VariantCopyInd
- DispCallFunc
- CreateStdDispatch
- CreateDispTypeInfo
- SysFreeString
- SafeArrayDestroyDescriptor
- SafeArrayDestroyData
- SafeArrayUnaccessData
- SysStringLen
- SafeArrayAllocData
- GetActiveObject
- QueryPathOfRegTypeLib
- SafeArrayAllocDescriptorEx
- SafeArrayCreateVector
- SysAllocString
- VariantCopy
- VariantClear
- VariantTimeToSystemTime
- VarR8FromDec
- SafeArrayGetVartype
- OleLoadPicture
- SafeArrayAccessData
- VariantInit
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 701512, u'sha256': u'08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 701808, u'sha256': u'62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 702104, u'sha256': u'245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 702400, u'sha256': u'7a8b953d9b718191b5e4d579b1a163538f28558cc536979b4a7017a8773de6e4', u'type': u'data', u'size': 41640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 744040, u'sha256': u'54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab', u'type': u'data', u'size': 80}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 744120, u'sha256': u'7de7438fb4425f608109111fdce25be7d2381938f6c5984bcfb14b3b88e9c883', u'type': u'data', u'size': 252}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 744376, u'sha256': u'ff841c2dd3b09d5a11dd9b16d09268adc0ac3562eb0dc79cc5044dc531de6477', u'type': u'data', u'size': 1328}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 745704, u'sha256': u'3f37dba0277dc704f072aaf3e740c2bee9ac04f79982fd41662dfc94e7bfda2e', u'type': u'data', u'size': 1680}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 747384, u'sha256': u'a252f6d525f445f5705a2c1dc060cfb2ad5da5445c98f3fbb0afc612637fc249', u'type': u'data', u'size': 1232}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 748616, u'sha256': u'4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb', u'type': u'data', u'size': 1532}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 750152, u'sha256': u'd38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45', u'type': u'data', u'size': 1628}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 751784, u'sha256': u'ae9b084978e14d5bfa296e256820765b30a7b3e411cdccc67c91e146f053e815', u'type': u'data', u'size': 904}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 752688, u'sha256': u'b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee', u'type': u'data', u'size': 344}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 753032, u'sha256': u'3e5dc21484bd5e9aceafd9905034280af561a66496271de2931ea7253527b1c8', u'type': u'MS Windows icon resource - 1 icon, 100x100', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 753056, u'sha256': u'ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 753080, u'sha256': u'6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 753104, u'sha256': u'7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 753128, u'sha256': u'ed1311f93c7c8c51e91a6890a92cc1f5d12c758e1e57c020c076108df1363470', u'type': u'data', u'size': 412}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 753544, u'sha256': u'6fb2f428ceb740481a982bfa8d6718e01c1cac512f6848fcd78ddf56df9ec877', u'type': u'ASCII text, with CRLF line terminators', u'size': 620}