| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | d7443e8971985f4cbd75219edfdedde221be125432c421d6b0d1537f7d8b36d5.exe |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 6e8b3b6064269f4d8c98375380232e736842eb7b |
| MD5: | 5fae1fc204f85528336f435f2af78c5b |
| First Seen Date: | 2023-08-04 18:47:23.586037 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-08-04 18:47:23.586037 ( ) |
| Human Expert Analysis Date: | 2023-08-07 08:25:59.136575 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[45.1, u'Generic CIL Executable (.NET, Mono, etc.)'], [19.2, u'Win32 Executable MS Visual C++ (generic)'], [17.0, u'Win64 Executable (generic)'], [8.0, u'Windows screen saver'], [4.0, u'Win32 Dynamic Link Library (generic)']] |
| compilation time stamp | 0x64CBCA24 [Thu Aug 3 15:39:16 2023 UTC] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | |
| Assembly Version | 0.0.0.0 |
| InternalName | Client2025.exe |
| FileVersion | 0.0.0.0 |
| ProductVersion | 0.0.0.0 |
| FileDescription | |
| OriginalFilename | Client2025.exe |
| entry point | 0x40678e (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 32768 |
| ssdeep | 384:00bUe5XB4e0X+OSSCixBr/QZWTGtTUFQqzF5Obb+:RT9BudS9ifrYPPb+ |
| sha256 | d7443e8971985f4cbd75219edfdedde221be125432c421d6b0d1537f7d8b36d5 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/6/e/8/b/6e8b3b6064269f4d8c98375380232e736842eb7b', u'EXE:OriginalFileName': u'Client2025.exe', u'EXE:InternalName': u'Client2025.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:08:04 18:47:14+00:00', u'EXE:InitializedDataSize': 8192, u'File:FileModifyDate': u'2023:08:04 18:47:13+00:00', u'EXE:AssemblyVersion': u'0.0.0.0', u'EXE:FileVersionNumber': u'0.0.0.0', u'EXE:FileVersion': u'0.0.0.0', u'File:FileSize': u'32 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'0.0.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'6e8b3b6064269f4d8c98375380232e736842eb7b', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2023:08:03 15:39:16+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u' ', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/6/e/8/b', u'EXE:FileDescription': u' ', u'EXE:EntryPoint': u'0x678e', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 20480, u'File:FileInodeChangeDate': u'2023:08:04 18:47:13+00:00', u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'0.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| 6e8b3b6064269f4d8c98375380232e736842eb7b | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x2000 | 0x4794 | 0x5000 | 5.30212213969 | 6430cd97125b27370d3f446e2233a08c |
| .rsrc | 0x8000 | 0x2b0 | 0x1000 | 0.687460037219 | 377992e39ec0ed08e9c81db361297ca9 |
| .reloc | 0xa000 | 0xc | 0x1000 | 0.0131269437212 | 7275e7aee2c7060ad2e48cd27e87079a |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 32856, u'sha256': u'0955fff0bd6243cbef62951d94b38a8974690cebbd083e6fdf0fcdc1fc2c5167', u'type': u'data', u'size': 596}