| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT |
Type : data MD5 : 696bad2ef23da7f0ccaaa7f76ab9fdf0 SHA-1 : 0efe907b47e8331cf56a95c0c06d324257ece202 SHA-256 : bd27979561fac15e4043fc980ad62f24f00738cba1f22b8e45cf1d50d88d1828 SHA-512 : fb1a4afdbf5f9e3d7e55eb806f660057927d6c35740c69ed2790fd7149b86b8637a39cf0315fcb182622a87d06362876c5621441911bff3d11c24d7fa19bbe7c Size : 84.528 Kilobytes. |
| Match Rules |
|---|
| File Name: | setup.exe |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 496594c30db2456816e1acf7de35082c654be99a |
| MD5: | bbfd8bb080208158050247626a5abcb2 |
| First Seen Date: | 2024-07-23 12:20:35.656974 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-07-23 12:20:35.656974 ( ) |
| Human Expert Analysis Date: | 2024-07-23 20:01:50.782724 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 5 |
| trid | [[38.3, u'Win32 Dynamic Link Library (generic)'], [26.2, u'Win32 Executable (generic)'], [12.0, u'Win16/32 Executable Delphi generic'], [11.6, u'Generic Win/DOS Executable'], [11.6, u'DOS Executable Generic']] |
| compilation time stamp | 0x95297733 [Tue Apr 20 09:11:15 2049 UTC] [SUSPICIOUS] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright \xa9 2022 |
| Assembly Version | 1.0.0.0 |
| InternalName | setup.exe |
| FileVersion | 1.0.0.0 |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | setup |
| ProductVersion | 1.0.0.0 |
| FileDescription | setup |
| OriginalFilename | setup.exe |
| entry point | 0x41a00a () |
| machine type | Intel 386 or later - 32Bit |
| file size | 79872 |
| ssdeep | 1536:7qUB3dAvrxeZ/H+tiuUO/hI74sGkAlZKWLZ:7jdAjKetjUOO74sGkAlZKW1 |
| sha256 | 6b2f1fac20a3dc679fbfc685f47868e56566724c529e5337f37488ced42ff08e |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/9/6/5/496594c30db2456816e1acf7de35082c654be99a', u'EXE:OriginalFileName': u'setup.exe', u'EXE:ProductName': u'setup', u'EXE:InternalName': u'setup.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:07:23 12:19:54+00:00', u'EXE:InitializedDataSize': 34816, u'File:FileModifyDate': u'2024:07:23 12:19:42+00:00', u'EXE:AssemblyVersion': u'1.0.0.0', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': u'1.0.0.0', u'File:FileSize': u'78 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:LegalTrademarks': u'', u'EXE:ProductVersion': u'1.0.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'', u'File:FileName': u'496594c30db2456816e1acf7de35082c654be99a', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2049:04:20 09:11:15+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2022', u'EXE:LinkerVersion': 48.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/9/6/5', u'EXE:FileDescription': u'setup', u'EXE:EntryPoint': u'0x1a00a', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 44032, u'EXE:Comments': u'', u'File:FileInodeChangeDate': u'2024:07:23 12:19:54+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| C:\Users\test\Downloads\setup.exe | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| f#/%X | 0x2000 | 0x7fd4 | 0x8000 | 7.99418591376 | e4dc4cea202c23d95a84aa8dc35bac51 |
| .text | 0xa000 | 0xa9a0 | 0xaa00 | 4.89843510887 | 55254b28cab8ee48b2b22f9cfff4ac9a |
| .rsrc | 0x16000 | 0x588 | 0x600 | 4.00635246697 | a4acc649ac760af4c115c8b12e3cc47f |
| .reloc | 0x18000 | 0xc | 0x200 | 0.0980041756627 | aff5b30ceb43f61f913db3abeba94533 |
| 0x1a000 | 0x10 | 0x200 | 0.122275881259 | 0841e4d624d6162642cf08e9c82cc24c |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 90272, u'sha256': u'3b13fb51732ae8a23e60ab950c6be2db4044f017bf6dee3a401ce404cc417d9b', u'type': u'data', u'size': 764}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 91036, u'sha256': u'539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 490}