Xcitium Cloud Verdict

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\AppData\Roaming\Fjerdeparternes\Inventors\face-sad-symbolic.symbolic.png	Type : PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5 : abecdf5b69e91b1797a2af4b20b1bb47 SHA-1 : 5719bd48f93696ba2edec4afa7907ee586e73c89 SHA-256 : 892806eb8f50b7d3573b8babc6429d0a6a6211e5cbeab9bb52d1e9aff35902ea SHA-512 : ae7b34e9d9d2c923a1711abc22d5440f66ea316a163b772e0cd8870df79f2d4e139331e79a209e9788d53f677b8150af585a58e83f42b9766256b31f227ae4ca Size : 0.306 Kilobytes.
C:\Users\user\AppData\Roaming\Fjerdeparternes\Unmoderating.Ani	Type : data MD5 : 7f743636a119b12d636134f5efb22734 SHA-1 : 58f7b7fe8630802bd13afb8ed8f4a476d0f10226 SHA-256 : 20d7ae7744ede169fb095f87137b23ddf4c22384cb4b4d09732dcaffbb5c1b2c SHA-512 : 08d24ea3f1caaa3f2ee5aa5538279d4af3aee09104c0d243a4a15a1684732e85feec2f78db01dd1af8c986d99ef098c7205f9471c341a3b02c736294c2e6e5b8 Size : 279.689 Kilobytes.
C:\Users\user\AppData\Roaming\Fjerdeparternes\Definit\view-conceal-symbolic.svg	Type : ASCII text, with very long lines, with no line terminators MD5 : 22649992955e29eb61928e2f766d4680 SHA-1 : b6f3c15004abdd7f478cd57c680d4a3701b089ee SHA-256 : 0c951826083e6ae4162fe0d9894dd4b257a6be9ba81305e2b37e75f2d87bb022 SHA-512 : 6bd98449baca4b8ea3cf253d1fbf4929b2cd00dd821415773216f083940597ccd7428b41ae3621a57382d77236cc95478a6900d57d8cd6e3f867a1bf68d3b8a1 Size : 0.495 Kilobytes.
C:\Users\user\AppData\Roaming\Fjerdeparternes\Inventors\mark-location-symbolic.symbolic.png	Type : PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5 : 3f60ea3e3c5374b284e634d06c375735 SHA-1 : 30864e0906d2a5be5dfa199a19181bf45b552103 SHA-256 : d87fe37f66bea5aab9d8a5b120de1b2e3048612457d2fead5c621b8d54c2dc2a SHA-512 : fab3c7da134962826bd14e0768b411109247e9c18e908bcef738618e5817bb3dcd581560d861673e6ad16031ec0f9560c039b5e0367e53fa98ce5cff68ecbac3 Size : 0.289 Kilobytes.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms	Type : data MD5 : 7f614ca72b4454ae0531443b8741a8a9 SHA-1 : 5ec40ac7eda0f3ca83d59a18466dc73048ecf0ca SHA-256 : 559f226b7d2860145520d789af25857d507fb4855373dc0ff6fa369010cc27b2 SHA-512 : f751fed3cf3eb5a5a3048cb22f91810409157709866d9306b254b23fc664ed6ade31bf56e8ca50a4666878348137251ae635c20d38f2ac1c288e5ec3ad979ad4 Size : 8.016 Kilobytes.
C:\Users\user\AppData\Roaming\Fjerdeparternes\Metallide.Vap	Type : ASCII text, with very long lines, with no line terminators MD5 : da53cd80b65cfc30fbb3e7b3b5b73d1e SHA-1 : 81b75c1524cbec5cdc8c1c1702a617f89365aee0 SHA-256 : 9884e77ce88fd88bd0ddf1126979a4eb6084a8bef2f3b51eaa3ebdd7fd60506c SHA-512 : 0cc0620b86428a36b94ed1d41ee199f824188d1810147605a4e1c09e19422304609478c8ec5135131f17ac2845133a141b910174c76612a9497e7128c04e82aa Size : 21.658 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	1cd2d3a2f9c7aee2440fe8386481287fa8f66f39f6940bfbb4b5779d6b4d3bda.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	45fbd8304300f10b955cbdb8f7c26b7c500cfda8
MD5:	6d126c9b203b8cab7cc44d77c75971e3
First Seen Date:	2023-07-19 10:09:24.813603 ( 2023-07-19 10:09:24.813603 )
Number of Clients Seen:	8
Last Analysis Date:	2023-07-21 20:05:06.256836 ( 2023-07-21 20:05:06.256836 )
Human Expert Analysis Date:	2023-07-19 16:47:11.974060 ( 2023-07-19 16:47:11.974060 )
Human Expert Analysis Result:	Malware

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	5
trid	[[67.4, u'Win32 Executable MS Visual C++ (generic)'], [14.2, u'Win32 Dynamic Link Library (generic)'], [9.7, u'Win32 Executable (generic)'], [4.3, u'Generic Win/DOS Executable'], [4.3, u'DOS Executable Generic']]
compilation time stamp	0x5A6FED3C [Tue Jan 30 03:57:48 2018 UTC]
LegalCopyright	arbejdssgningerne Kalkgrav Skinkernes
FileDescription	Dooket
Comments	Samlivsforholdets
CompanyName	Blvd Saxophones
Translation	0x0409 0x04e4
entry point	0x40338f (.text)
machine type	Intel 386 or later - 32Bit
file size	315992
ssdeep	6144:hVGdx6xKzuH+DfnFhEVj0UtAzwo4WNZJaGiUGCDHDKI61rhucyZURcmysbD:PjeDfYVoUttjWXJZiURDKIkrh3yZHmyG
sha256	1cd2d3a2f9c7aee2440fe8386481287fa8f66f39f6940bfbb4b5779d6b4d3bda
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/5/f/b/45fbd8304300f10b955cbdb8f7c26b7c500cfda8', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:21 20:04:59+00:00', u'EXE:InitializedDataSize': 186368, u'File:FileModifyDate': u'2023:07:19 10:08:44+00:00', u'EXE:FileVersionNumber': u'3.4.0.0', u'File:FileSize': u'309 kB', u'EXE:CharacterSet': u'Windows, Latin1', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Blvd Saxophones', u'File:FileName': u'45fbd8304300f10b955cbdb8f7c26b7c500cfda8', u'EXE:ImageVersion': 6.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2018:01:30 03:57:48+00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LegalCopyright': u'arbejdssgningerne Kalkgrav Skinkernes', u'EXE:LinkerVersion': 6.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/5/f/b', u'EXE:FileDescription': u'Dooket', u'EXE:EntryPoint': u'0x338f', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 26624, u'EXE:Comments': u'Samlivsforholdets', u'File:FileInodeChangeDate': u'2023:07:19 10:08:44+00:00', u'EXE:UninitializedDataSize': 2048, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'3.4.0.0'}]
mime type	application/x-dosexec
imphash	b34f154ec913d2d2c435cbd644e91687

File Paths

File Path on Client	Seen Count
45fbd8304300f10b955cbdb8f7c26b7c500cfda8	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x6627	0x6800	6.45223555372	8c030dfed318c62753a7b0d60218279b
.rdata	0x8000	0x149a	0x1600	5.00707518585	966a3835fd2d9407261ae78460c26dcc
.data	0xa000	0x2aff8	0x600	4.0353241849	939516377e7577b622eb1ffdc4b5db4a
.ndata	0x35000	0x2e000	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x63000	0x45d8	0x4600	5.54555373208	6bea51bb3968829676403e4c11f21db5

PE Imports

KERNEL32.dll
- SetEnvironmentVariableW
- SetFileAttributesW
- Sleep
- GetTickCount
- GetFileSize
- GetModuleFileNameW
- GetCurrentProcess
- CopyFileW
- SetCurrentDirectoryW
- GetFileAttributesW
- GetWindowsDirectoryW
- GetTempPathW
- GetCommandLineW
- GetVersion
- SetErrorMode
- lstrlenW
- lstrcpynW
- GetDiskFreeSpaceW
- ExitProcess
- GetShortPathNameW
- CreateThread
- GetLastError
- CreateDirectoryW
- CreateProcessW
- RemoveDirectoryW
- lstrcmpiA
- CreateFileW
- GetTempFileNameW
- WriteFile
- lstrcpyA
- MoveFileExW
- lstrcatW
- GetSystemDirectoryW
- GetProcAddress
- GetModuleHandleA
- GetExitCodeProcess
- WaitForSingleObject
- lstrcmpiW
- MoveFileW
- GetFullPathNameW
- SetFileTime
- SearchPathW
- CompareFileTime
- lstrcmpW
- CloseHandle
- ExpandEnvironmentStringsW
- GlobalFree
- GlobalLock
- GlobalUnlock
- GlobalAlloc
- FindFirstFileW
- FindNextFileW
- DeleteFileW
- SetFilePointer
- ReadFile
- FindClose
- lstrlenA
- MulDiv
- MultiByteToWideChar
- WideCharToMultiByte
- GetPrivateProfileStringW
- WritePrivateProfileStringW
- FreeLibrary
- LoadLibraryExW
- GetModuleHandleW
USER32.dll
- GetSystemMenu
- SetClassLongW
- EnableMenuItem
- IsWindowEnabled
- SetWindowPos
- GetSysColor
- GetWindowLongW
- SetCursor
- LoadCursorW
- CheckDlgButton
- GetMessagePos
- LoadBitmapW
- CallWindowProcW
- IsWindowVisible
- CloseClipboard
- SetClipboardData
- EmptyClipboard
- OpenClipboard
- ScreenToClient
- GetWindowRect
- GetDlgItem
- GetSystemMetrics
- SetDlgItemTextW
- GetDlgItemTextW
- MessageBoxIndirectW
- CharPrevW
- CharNextA
- wsprintfA
- DispatchMessageW
- PeekMessageW
- ReleaseDC
- EnableWindow
- InvalidateRect
- SendMessageW
- DefWindowProcW
- BeginPaint
- GetClientRect
- FillRect
- DrawTextW
- EndDialog
- RegisterClassW
- SystemParametersInfoW
- CreateWindowExW
- GetClassInfoW
- DialogBoxParamW
- CharNextW
- ExitWindowsEx
- DestroyWindow
- GetDC
- SetTimer
- SetWindowTextW
- LoadImageW
- SetForegroundWindow
- ShowWindow
- IsWindow
- SetWindowLongW
- FindWindowExW
- TrackPopupMenu
- AppendMenuW
- CreatePopupMenu
- EndPaint
- CreateDialogParamW
- SendMessageTimeoutW
- wsprintfW
- PostQuitMessage
GDI32.dll
- SelectObject
- SetBkMode
- CreateFontIndirectW
- SetTextColor
- DeleteObject
- GetDeviceCaps
- CreateBrushIndirect
- SetBkColor
SHELL32.dll
- SHGetSpecialFolderLocation
- ShellExecuteExW
- SHGetPathFromIDListW
- SHBrowseForFolderW
- SHGetFileInfoW
- SHFileOperationW
ADVAPI32.dll
- AdjustTokenPrivileges
- RegCreateKeyExW
- RegOpenKeyExW
- SetFileSecurityW
- OpenProcessToken
- LookupPrivilegeValueW
- RegEnumValueW
- RegDeleteKeyW
- RegDeleteValueW
- RegCloseKey
- RegSetValueExW
- RegQueryValueExW
- RegEnumKeyW
COMCTL32.dll
- ImageList_Create
- ImageList_AddMasked
- ImageList_Destroy
- None
ole32.dll
- OleUninitialize
- OleInitialize
- CoTaskMemFree
- CoCreateInstance

PE Resources

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 406120, u'sha256': u'522496eb5e64d84ebc5d819785d0fbfbddfdbc15fdb9f48683db9ddd36490ea4', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 415760, u'sha256': u'98b27376e85a23dd3583091607353cfb1af10204694aea8b1d63373b2bd3c141', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 420024, u'sha256': u'5016266f671b9f4af655da53c721fe0f8188cb2579b8c6625388c10c9ff7ecdd', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 421152, u'sha256': u'fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96', u'type': u'data', u'size': 256}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 421408, u'sha256': u'ddf693ef68bdda43cf7c0733d59b7deee1c23742ed6ec77ff66ebcb5dd2a4e23', u'type': u'data', u'size': 284}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 421696, u'sha256': u'2d986f26ff752607366192a903078cdd7d6da06ab97309c85cd5c8cf05f823b6', u'type': u'data', u'size': 196}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 421896, u'sha256': u'85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0', u'type': u'data', u'size': 96}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 421992, u'sha256': u'77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694', u'type': u'MS Windows icon resource - 3 icons, 48x48', u'size': 48}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 422040, u'sha256': u'e20f38bde97f90085c632c85bc5e035c11fafc4212e420298a2b3f5d63594436', u'type': u'data', u'size': 512}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 422552, u'sha256': u'5aa3c5d6d1f8d3fc60541b2c59b3d5c533ab13a9a45fcfb2f909f6f2fa57ca44', u'type': u'XML 1.0 document, ASCII text, with very long lines, with no line terminators', u'size': 830}

File Name: 1cd2d3a2f9c7aee2440fe8386481287fa8f66f39f6940bfbb4b5779d6b4d3bda.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 45fbd8304300f10b955cbdb8f7c26b7c500cfda8

MD5: 6d126c9b203b8cab7cc44d77c75971e3