| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\Desktop\server.exe |
Type : PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows MD5 : 1ba88acd9206b22b8b55e903f86db7b6 SHA-1 : 96ee36b80ad6918ccd1e5568ab9522c27cdeced7 SHA-256 : fad707c342f6f41c9f76434d28df10df06a52c924fd915b09951bd2c62294f7a SHA-512 : 8d875c4598bd603e1515cdd77083704ba376a625a7e71029f305ac9ad2dd490a53ba464dc7723818c3c541d708bc567fc712bbfc388eed0064ee94cfd5db25c6 Size : 73.216 Kilobytes. |
| Match Rules |
|---|
| File Name: | Servidor.exe |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 96ee36b80ad6918ccd1e5568ab9522c27cdeced7 |
| MD5: | 1ba88acd9206b22b8b55e903f86db7b6 |
| First Seen Date: | 2024-11-24 15:41:49.121276 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-11-24 15:41:49.121276 ( ) |
| Human Expert Analysis Date: | 2024-11-25 07:17:00.158457 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[56.7, u'Generic CIL Executable (.NET, Mono, etc.)'], [21.3, u'Win64 Executable (generic)'], [10.1, u'Windows screen saver'], [5.0, u'Win32 Dynamic Link Library (generic)'], [3.4, u'Win32 Executable (generic)']] |
| compilation time stamp | 0x5AC310B9 [Tue Apr 3 05:27:21 2018 UTC] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | |
| Assembly Version | 1.0.0.0 |
| InternalName | Stub.exe |
| FileVersion | 1.0.0.0 |
| ProductVersion | 1.0.0.0 |
| FileDescription | |
| OriginalFilename | Stub.exe |
| entry point | 0x4101de (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 73216 |
| ssdeep | 768:4pSOG3GqPvLzsrMHcskVqTz43fB4O3o81rS0cG/6MGDlrT2JaazYcHeUZ:Mo3f3qskVqTzIZLndnZ6tTUanU |
| sha256 | fad707c342f6f41c9f76434d28df10df06a52c924fd915b09951bd2c62294f7a |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/6/e/e/96ee36b80ad6918ccd1e5568ab9522c27cdeced7', u'EXE:OriginalFileName': u'Stub.exe', u'EXE:InternalName': u'Stub.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:11:24 15:41:40+00:00', u'EXE:InitializedDataSize': 14848, u'File:FileModifyDate': u'2024:11:24 15:41:19+00:00', u'EXE:AssemblyVersion': u'1.0.0.0', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': u'1.0.0.0', u'File:FileSize': u'72 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'1.0.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'96ee36b80ad6918ccd1e5568ab9522c27cdeced7', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2018:04:03 05:27:21+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u' ', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/9/6/e/e', u'EXE:FileDescription': u' ', u'EXE:EntryPoint': u'0x101de', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 57856, u'File:FileInodeChangeDate': u'2024:11:24 15:41:37+00:00', u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| Servidor.exe | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x2000 | 0xe1e4 | 0xe200 | 5.5929722676 | b0674191a97465b1ff73c929bb502c15 |
| .rsrc | 0x12000 | 0x3800 | 0x3800 | 3.98287079969 | 2989abfbf69fba60870a657d6e2e24a3 |
| .reloc | 0x16000 | 0xc | 0x200 | 0.0815394123432 | d0fff904de6b3ded996250744c03c5dc |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 74848, u'sha256': u'478fe62e420007abb1a697a24cb1b80ced0a8e0a335d6ce68606efe71c4afaa2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 75144, u'sha256': u'abdc6eaa0ea69a1c506edf070a07fb12071453e08ecf3c6e35f1397d3422051f', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 76528, u'sha256': u'dc2a1f63c0882b33321345f27c07ef9f8bdb87aa687f075a474be430a1135982', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 77656, u'sha256': u'accfee1287c9f7dc25ecb19548ed246ceae1652fef5ad532914d5bb9dc9299ef', u'type': u'dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 4286019447', u'size': 744}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 78400, u'sha256': u'b76fc9f2130962dfc25029a639848894feee7e9eb1a0fe5c680e3a90671741b1', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0', u'size': 2216}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 80616, u'sha256': u'b0a40090c9bfdfdd8d2f77b68d7052d1eeceb41dc5ab2eaa9c85e15104984ef1', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 84880, u'sha256': u'05507c3c1ae2629aec59c1d7c14944b8aa1492eee696d1c825c5407c929ed1e1', u'type': u'MS Windows icon resource - 6 icons, 16x16, 16 colors', u'size': 90}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 74272, u'sha256': u'128e7905580769c7db1c80307a394096bba9e9e7bbf40246868ee94db5b096be', u'type': u'data', u'size': 572}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 84976, u'sha256': u'4390603f814d79b38624fbcaffbe74eefd7a3a04b690a330a1aae7104cace3de', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 2661}