| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\tmpF03C.tmp |
Type : XML document text MD5 : 9ab430601bc0c4c7479a951663434f91 SHA-1 : 4883eebb8041de79fd4f20ae91519ae70d212383 SHA-256 : f81a5a864135bf16f18cff837f15ab09a0e6b9f50c38c254fd665632feb9b3e1 SHA-512 : 55e76efed135f34699c0de5a34924cace3bfa3f6e655b3d240e39d9e68b08a03f426321702ef68dc2e14be5a01a854d8286e1e80b7826f18697bd282d1c3f7a4 Size : 1.556 Kilobytes. |
| Match Rules |
|---|
| File Name: | 29c8d201060f864bd41f4c57c767241e2f57ea9b |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 29c8d201060f864bd41f4c57c767241e2f57ea9b |
| MD5: | e00521e507bc8e874d98c2218423180a |
| First Seen Date: | 2023-07-03 07:08:28.543170 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-07-03 10:29:27.464221 ( ) |
| Human Expert Analysis Date: | 2023-07-04 09:46:08.658889 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [{u'Path': u'gPUB.pdb\x00', u'GUID': u'{4430e675-0bbd-4490-a7e1-0b22f7ed332d}', u'timestamp': u'2097-07-11 13:41:27'}] |
| number of sections | 3 |
| trid | [[56.7, u'Generic CIL Executable (.NET, Mono, etc.)'], [21.3, u'Win64 Executable (generic)'], [10.1, u'Windows screen saver'], [5.0, u'Win32 Dynamic Link Library (generic)'], [3.4, u'Win32 Executable (generic)']] |
| compilation time stamp | 0xC74A799C [Sat Dec 14 10:59:40 2075 UTC] [SUSPICIOUS] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright \xa9 2019 |
| Assembly Version | 1.0.0.0 |
| InternalName | gPUB.exe |
| FileVersion | 1.0.0.0 |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | CRM02 |
| ProductVersion | 1.0.0.0 |
| FileDescription | CRM02 |
| OriginalFilename | gPUB.exe |
| entry point | 0x4aeb9a (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 710144 |
| ssdeep | 12288:bcj6mVPWC/5weFFqWWiKsKVQojUBwK1fAKRsD94cgE0G:IfVOo5yWWi4QGEHRsDuEZ |
| sha256 | b5ed2d16101b333863529e10f2413b70ea33ffdafb65ec74ea849f9d425fdf91 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/9/c/8/29c8d201060f864bd41f4c57c767241e2f57ea9b', u'EXE:OriginalFileName': u'gPUB.exe', u'EXE:ProductName': u'CRM02', u'EXE:InternalName': u'gPUB.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:03 07:08:17+00:00', u'EXE:InitializedDataSize': 2048, u'File:FileModifyDate': u'2023:06:30 18:00:34+00:00', u'EXE:AssemblyVersion': u'1.0.0.0', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': u'1.0.0.0', u'File:FileSize': u'694 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:LegalTrademarks': u'', u'EXE:ProductVersion': u'1.0.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'', u'File:FileName': u'29c8d201060f864bd41f4c57c767241e2f57ea9b', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2075:12:14 10:59:40+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2019', u'EXE:LinkerVersion': 48.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/2/9/c/8', u'EXE:FileDescription': u'CRM02', u'EXE:EntryPoint': u'0xaeb9a', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 707584, u'EXE:Comments': u'', u'File:FileInodeChangeDate': u'2023:06:30 18:00:35+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| 29c8d201060f864bd41f4c57c767241e2f57ea9b | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x2000 | 0xacba0 | 0xacc00 | 7.39133126007 | 7282e129bbc5bded45e1d14e2b431f97 |
| .rsrc | 0xb0000 | 0x58c | 0x600 | 4.0505846264 | 67885392154967f5d450a48b8f04e255 |
| .reloc | 0xb2000 | 0xc | 0x200 | 0.101910425663 | f1c572b87fc1639365ecbb93f18efec4 |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 721040, u'sha256': u'b0df994266bc548658af30af0068edbf50d2250defce6a3ae2ee7777d69ec6f1', u'type': u'data', u'size': 764}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 721820, u'sha256': u'539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 490}