| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | LixoDestructive.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 2add11e25d07dc9e154ae1be916c869804047146 |
| MD5: | 7d538a430eb4e0bfd7671b921a8b76a1 |
| First Seen Date: | 2023-05-02 13:15:25.025559 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-05-03 18:55:31.338920 ( ) |
| Human Expert Analysis Date: | 2023-05-02 21:21:43.172170 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 6 |
| trid | [] |
| compilation time stamp | 0x64223EF1 [Tue Mar 28 01:12:17 2023 UTC] |
| entry point | 0x407f6d (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 484352 |
| ssdeep | |
| sha256 | 3a4ea5e72e50bcba550efa034818f35785076adb37af4c1cee9374fe9e013ec1 |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash |
| File Path on Client | Seen Count |
|---|---|
| LixoDestructive.exe | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x489d0 | 0x48a00 | 6.63352370442 | dd7150650ce709ab2dc703342af33dc7 |
| .rdata | 0x4a000 | 0xf69c | 0xf800 | 5.75183497883 | 7c186d4c6b5714ed3bf4f4f081dd4755 |
| .data | 0x5a000 | 0x1cf0 | 0xa00 | 2.46526476329 | 0fe90a099face26e50573e8f8f491640 |
| .msvcjmc | 0x5c000 | 0x16 | 0x200 | 0.255742020076 | 85bb7567c9540c02a36ab2534359c3af |
| .rsrc | 0x5d000 | 0x1a4b8 | 0x1a600 | 5.95991151638 | a4944c494e0465bf8a3bac0c21fd686c |
| .reloc | 0x78000 | 0x2b60 | 0x2c00 | 6.69701565351 | e0240d393546e7014d03aa140aacd7ef |
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 381408, u'sha256': u'df895c32df681f3c40a0fbf75b1a40c39aac578d5f2480be5e9c8982890d3609', u'type': u'dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0', u'size': 67624}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 449032, u'sha256': u'7e5f3613909ed5ea12f5df405a9c06e86ee54c58a5d4efe7e2d91bf26279e15a', u'type': u'data', u'size': 21640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 470672, u'sha256': u'ea46ba71e5d30cbf907e14a83f1468d27ce32a9416d9e7809deb68b3a91d6cc9', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 480312, u'sha256': u'8b80a88109482ae2999aa3c262e714f82af67df486c1448b2290a11b66a559c1', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 484576, u'sha256': u'1e83fd803d10345f0e8c059f73b3fc58d4ef719ed3fc227b15b4e2713296070b', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 487016, u'sha256': u'59fb53a712b6feee73b4105635de9cb554ac11e10ec6b58c6f6d61c8fd45f15e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 488144, u'sha256': u'66b4d37d44fbf4d63b7a9a748f7ee25168874e222c889ace2eacbff42c028374', u'type': u'MS Windows icon resource - 6 icons, 128x128', u'size': 90}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 488240, u'sha256': u'165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8', u'type': u'XML 1.0 document text', u'size': 392}