| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Roaming\onhoahoos-udex.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : eb9474598b42c55cc62d098b8c5d8b7e SHA-1 : 1d73f3da3c1ba4dea3ee051e41cf8b991685b8ef SHA-256 : 7cd473a4b131e8beb8f9baae5876d47a74d7dfe0ad76b5f189dde8fbe0285e91 SHA-512 : e6d84dc5c513aa41ed053ba2bc113346d7caec5d782871a5d72803c64b3d54b93236f1563b1fa545590fe72ea80da5dfd78ed5cd7c59fa2c921cef34aa2fc54e Size : 25.6 Kilobytes. |
|
C:\Windows\System32\ehruteam.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : f37b21c00fd81bd93c89ce741a88f183 SHA-1 : b2796500597c68e2f5638e1101b46eaf32676c1c SHA-256 : 76cf016fd77cb5a06c6ed4674ddc2345e8390c010cf344491a6e742baf2c0fb0 SHA-512 : 252fe66dea9a4b9aebc5fd2f24434719cb25159ba51549d9de407f44b6a2f7bce6e071be02c4f2ad6aef588c77f12c00ed415eb54f96dec1b077326e101ce0f4 Size : 5.12 Kilobytes. |
|
C:\Windows\System32\eatcedoon.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : 1832abe69b66f80851f90c1441650700 SHA-1 : 07f660477da1d351be11e5153570e5634e4be969 SHA-256 : b8e993de067fa6174c4c6a40234c929c5bb3bafe3d2762abb865aa8422df3e78 SHA-512 : 37d7aebc7cd89741f4ad13fe8714797d884e206fa844734fe14a68ad9a121693fdcd9752775cb9d12e2fc92854a94794f0a3127998deb9be051f50731cc0e9aa Size : 73.888 Kilobytes. |
|
C:\Users\user\AppData\Roaming\tmpFA7D.tmp |
Type : data MD5 : 89136458baaf23035e18937dd35fa48c SHA-1 : 26f29107cb3178c623c5b8c9ed192a5e69801d8f SHA-256 : 2bccc5522298d5fa52a36f86468bd10662dd0a1c9ca25489f9d2f77704aec81e SHA-512 : 5c28e7e196ecc9b963984fa3c4a991d3c5916af08d05bdf16502155c48892e079d4ca52322851d697ce1066404bee6012234e21b66f9ddbda670e05d07c64679 Size : 71.717 Kilobytes. |
|
C:\Windows\SysWOW64\hgoohad.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : d2f5fca791eecd3a242b04fe76ecb03f SHA-1 : d08595714fbce076f09221a11de5b35ccfab97e0 SHA-256 : 770bed237b2078fe328a711c112a82f73770f148781b5f79492a7c07a4327b13 SHA-512 : 67c7630b9a5b7d91d60068ad34d3bcd22d08f7b9f8a8b1954677cea27abb93ec0b82d26622b22f65448947b36f6f97e42d06fa853951c67c9f5c0f336005bdac Size : 71.717 Kilobytes. |
|
C:\Windows\System32\ouxgoasef-fom.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows MD5 : 8c3c10efbd700d9670479864cca2f554 SHA-1 : 93230e977d601f06c071daf9897a2e6c590bec82 SHA-256 : 364a798fba759d168f7d2387bcf0a61e3b9a302eb752eef1eea7eef3db874a59 SHA-512 : 6291b9b3570bb736d80376a14729ced8d2937fcf7a93370ce2fd6672367abca737659f07d50c1ac33654607214d8052ead8dbba6c96e11d9cde266144a2a6816 Size : 74.944 Kilobytes. |
| Match Rules |
|---|
| File Name: | virussign.com_4942910b7370152d737ffccbe5fef1c0.vir |
| File Type: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| SHA1: | 2d575f552317f20c19fc5c624bd40fef2e1ea818 |
| MD5: | 4942910b7370152d737ffccbe5fef1c0 |
| First Seen Date: | 2024-12-01 20:15:11.284995 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-12-01 20:16:43.998512 ( ) |
| Human Expert Analysis Date: | 2024-12-02 17:40:07.175205 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 2 |
| trid | [] |
| compilation time stamp | 0x48976F60 [Mon Aug 4 21:06:40 2008 UTC] |
| entry point | 0x401000 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 73888 |
| ssdeep | |
| sha256 | f0588c32dad82c2a19f423cb12c44e4ef37c7a8fe04dbbaad4769dfbc798149c |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash |
| File Path on Client | Seen Count |
|---|---|
| virussign.com_4942910b7370152d737ffccbe5fef1c0.vir | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x318 | 0x400 | 4.50058643334 | fe131c915a72dbc34dafc57c03eeca31 |
| .idata | 0x2000 | 0x1b4 | 0x200 | 3.60472977541 | 83a7f0520ee48f434e49900d752f8da3 |