| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\4E07515B.dll |
Type : PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows MD5 : 0e7d38086b978ce94f32e916b216ff29 SHA-1 : 462108a73d1ec0d9a5b76f08a9af3c4241c5dae8 SHA-256 : 012d051f54d282075c3d147761a5b303ab74cefbb35db366a40315ef11a40c0a SHA-512 : 6ef0b27b16fa9c66817df09bdb99cf37dd4517201ff589f5604a3943c40b475e33936f5a1ad6b0d89c08e56065bd3c5ba612f3c9667b8d83a7c21becf3755a43 Size : 564.736 Kilobytes. |
| Match Rules |
|---|
| File Name: | Luxuria.exe |
| File Type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| SHA1: | 997a45a3707dd6ac76765664503576d3f6a37cb3 |
| MD5: | 0ffb5f463f6c63d11a48d2b4ef3be8dd |
| First Seen Date: | 2024-05-05 13:52:00.764095 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2024-05-05 13:54:43.206724 ( ) |
| Human Expert Analysis Date: | 2024-05-06 16:19:27.849548 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 5 |
| trid | [[61.9, u'Win32 Executable MS Visual C++ (generic)'], [13.0, u'Win32 Dynamic Link Library (generic)'], [8.9, u'Win32 Executable (generic)'], [4.1, u'Win16/32 Executable Delphi generic'], [4.0, u'OS/2 Executable (generic)']] |
| compilation time stamp | 0xAE8C39C6 [Wed Oct 18 19:30:14 2062 UTC] [SUSPICIOUS] |
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright \xa9 2024 |
| Assembly Version | 1.0.0.0 |
| InternalName | AutoLauncher.exe |
| FileVersion | 1.0.0.0 |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | Luxuria |
| ProductVersion | 1.0.0.0 |
| FileDescription | Luxuria |
| OriginalFilename | AutoLauncher.exe |
| entry point | 0x5fc00a () |
| machine type | Intel 386 or later - 32Bit |
| file size | 2059280 |
| ssdeep | 49152:ZWFxPJFPcZYQKes8mugsPngHr79/Hx8vkXhWF+DDxaUKY:ZoxPyw8mRPmvRF4DQ4 |
| sha256 | ae3da52225038e4f4ad470079fa2c2c08a3481456e1734e3953e539bdedc1ea3 |
| exifinfo | [{u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs-aws/fvs/valkyrie_shared/core/valkyrie_files/9/9/7/a/997a45a3707dd6ac76765664503576d3f6a37cb3', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:05:05 09:51:23-04:00', u'EXE:InitializedDataSize': 22016, u'File:FileModifyDate': u'2024:05:05 09:51:21-04:00', u'File:FileSize': u'2011 kB', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'997a45a3707dd6ac76765664503576d3f6a37cb3', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2062:10:18 15:30:14-04:00', u'EXE:LinkerVersion': 48.0, u'ExifTool:ExifToolVersion': 10.1, u'File:Directory': u'/nfs-aws/fvs/valkyrie_shared/core/valkyrie_files/9/9/7/a', u'EXE:EntryPoint': u'0x1fc00a', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 2036224, u'File:FileInodeChangeDate': u'2024:05:05 09:51:22-04:00', u'EXE:Subsystem': u'Windows GUI'}] |
| mime type | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Path on Client | Seen Count |
|---|---|
| 997a45a3707dd6ac76765664503576d3f6a37cb3 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| "`j+"t\ | 0x2000 | 0x74 | 0x200 | 7.66655983521 | 1195df2a2080004d970ea835d65f7626 |
| .text | 0x4000 | 0x1f0fbc | 0x1f1000 | 7.98582700111 | a9fc25c6e0288f6f4f04449b296d78ac |
| .UN]M6 | 0x1f6000 | 0x5172 | 0x5200 | 7.82232696925 | faf8fc9418aae050a8b6f79e8e2a4d96 |
| 0x1fc000 | 0x10 | 0x200 | 0.118369631259 | d1fe83af3b534a501051bc91a03c10cd | |
| .reloc | 0x1fe000 | 0xc | 0x200 | 0.0980041756627 | a4fe72978ba527f1ceb38d4fe8ad726f |
-
mscoree.dll
- _CorExeMain
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 2056496, u'sha256': u'cbeee9fb5b0477f3a4f74db325509a8fe0e85e5c5145cd5d670ecda657bc0fa8', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 19229}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 2075728, u'sha256': u'c309187de1a82ec9bae4dd4568472f49af4b1c9c5a52f21f424b2b45ed22bc4f', u'type': u'MS Windows icon resource - 1 icon, 256x256', u'size': 20}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 2075748, u'sha256': u'cca30bd640c48925d4c761d47562972c39abc7d7501cb42e4c2e1cdb596ca4e8', u'type': u'data', u'size': 804}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 2076552, u'sha256': u'539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 490}