Xcitium Cloud Verdict

File Name: db1666bf21e0ce2110ad319e29edf930a8fec7e2d53b5daa6f4c1eafcea50a79.ex

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 2fe9b1b874c6bc2bf266e81d3ff9a483b50ec40c

MD5: 6b4a58489c8865a8033895d4f12ccd3a

Download Kill Chain Report

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\nioocem.exe	Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : ba77f63da2dc9c435c832fdd27a416f1 SHA-1 : 591dd1bcd069a88612673a083e3c3473bebb32da SHA-256 : 3b4007cb265448cb3b9611d80d4f5578c94d578d3a75115a7f76249bcf836fcc SHA-512 : 06a1bccbf7fe4aa2bbd9e9c655656a61eae9bc1a5724a50b53e5895b807f1ba5e60a762b78778ad3f6e58307b0bc48251f5edcb3e922ceed13a4473def14282d Size : 315.392 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	db1666bf21e0ce2110ad319e29edf930a8fec7e2d53b5daa6f4c1eafcea50a79.ex
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	2fe9b1b874c6bc2bf266e81d3ff9a483b50ec40c
MD5:	6b4a58489c8865a8033895d4f12ccd3a
First Seen Date:	2023-07-07 11:58:41.254154 ( 2023-07-07 11:58:41.254154 )
Number of Clients Seen:	5
Last Analysis Date:	2023-07-07 11:58:41.254154 ( 2023-07-07 11:58:41.254154 )
Human Expert Analysis Date:	2023-07-07 23:16:13.355546 ( 2023-07-07 23:16:13.355546 )
Human Expert Analysis Result:	Malware

ADDITIONAL FILE INFORMATION

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	3
trid	[]
compilation time stamp	0x4FAD3A0F [Fri May 11 16:10:55 2012 UTC]
entry point	0x401220 (.text)
machine type	Intel 386 or later - 32Bit
file size	315392
ssdeep
sha256	db1666bf21e0ce2110ad319e29edf930a8fec7e2d53b5daa6f4c1eafcea50a79
exifinfo	[]
mime type	application/x-dosexec
imphash

File Paths

File Path on Client	Seen Count
2fe9b1b874c6bc2bf266e81d3ff9a483b50ec40c	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x2a5f4	0x2b000	5.15261668063	b51eeabf470908a19dc8e9aa47405ed4
.data	0x2c000	0x1918	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x2e000	0x1e410	0x1f000	5.27536041721	c676d80a443297261ddb1cf633e335e5

CERTIFICATE VALIDATION

Loading...