| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\Countee |
Type : data MD5 : 2d8cc9f55048e791ceb27994ab65e768 SHA-1 : 5697d2fb44339dde5b097138c994fce26f3a0e8d SHA-256 : 9985b902235d4c4692e8e3ae0946864f9d7b46456e5155c2fe43e2a91ecd0481 SHA-512 : 2d352ead6150360867a0acf69e58d9aa265bc5f07469c44aaf838f4d26863b30dc27142a4965edf9417bd53cee90ed4af1f7d3f7a03f416d966e67f38a5a0cb9 Size : 286.72 Kilobytes. |
| Match Rules |
|---|
| File Name: | Odeme_Onay_Kopyas.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | b2965a7783b66b66618be73bf8115e92dab29b57 |
| MD5: | 706aa6e6ec6c73d221f82bd4ab0d12c8 |
| First Seen Date: | 2024-10-17 07:57:47.342496 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2024-10-17 07:57:47.342496 ( ) |
| Human Expert Analysis Date: | 2024-10-18 15:44:21.312619 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [[92.2, u'AutoIt3 compiled script executable'], [4.9, u'Win64 Executable (generic)'], [1.1, u'Win32 Dynamic Link Library (generic)'], [0.8, u'Win32 Executable (generic)'], [0.3, u'Generic Win/DOS Executable']] |
| compilation time stamp | 0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC] |
| CompiledScript | AutoIt v3 Script: 3, 3, 6, 0 |
| FileVersion | 3, 3, 6, 0 |
| FileDescription | |
| Translation | 0x0809 0x04b0 |
| entry point | 0x416310 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1345613 |
| ssdeep | 24576:ffmMv6Ckr7Mny5QLocrS5yyr/yqQP47WkyWu3bGldnfWg2W3df4UEZ:f3v+7/5QLop5Rzs47flu6lZfT2WhXEZ |
| sha256 | a70f2a55eaca82a3a62eeb3a9d0273dd637b43c3697ed9dac1c0a5e0d708e093 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/b/2/9/6/b2965a7783b66b66618be73bf8115e92dab29b57', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:10:17 07:57:07+00:00', u'EXE:InitializedDataSize': 120320, u'File:FileModifyDate': u'2024:10:17 07:56:45+00:00', u'EXE:FileVersionNumber': u'3.3.6.0', u'EXE:FileVersion': u'3, 3, 6, 0', u'File:FileSize': u'1314 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:CompiledScript': u'AutoIt v3 Script: 3, 3, 6, 0', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ObjectFileType': u'Unknown', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'b2965a7783b66b66618be73bf8115e92dab29b57', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2010:03:07 16:08:39+00:00', u'EXE:FileFlagsMask': u'0x0017', u'EXE:LinkerVersion': 9.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/b/2/9/6', u'EXE:FileDescription': u'', u'EXE:EntryPoint': u'0x16310', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 524800, u'File:FileInodeChangeDate': u'2024:10:17 07:57:06+00:00', u'EXE:LanguageCode': u'English (British)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'3.3.6.0'}] |
| mime type | application/x-dosexec |
| imphash | aaaa8913c89c8aa4a5d93f06853894da |
| File Path on Client | Seen Count |
|---|---|
| C:\Users\fatma.yilmaz\AppData\Local\Temp\Rar$EXa0.991\Ödeme Onay Kopyası.exe | 3 |
| C:\Users\fatma.yilmaz\AppData\Local\Temp\Rar$EXa0.991\�deme Onay Kopyas�.exe | 3 |
| C:\Users\neslihan.demir\AppData\Local\Temp\Rar$EXa9196.31305\Ödeme Onay Kopyası.exe | 3 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x80017 | 0x80200 | 6.63468823026 | 6c20c6bf686768b6f134f5bd508171bc |
| .rdata | 0x82000 | 0xd95c | 0xda00 | 4.88004082412 | f979966509a93083729d23cdfd2a6f2d |
| .data | 0x90000 | 0x1a518 | 0x6800 | 2.20176498963 | e5d77411f751d28c6eee48a743606795 |
| .rsrc | 0xab000 | 0x9298 | 0x9400 | 5.53030308978 | f6be76de0ef2c68f397158bf01bdef3e |
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 701896, u'sha256': u'08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 702192, u'sha256': u'62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 702488, u'sha256': u'245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 702784, u'sha256': u'7ed6c1961c0af686116a20a9af1749b250855cde0dbb6d22709769d78856f47a', u'type': u'data', u'size': 1640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 704424, u'sha256': u'b1536ed3ce7dd68c4aff2a50b0b7b94a41461ee59a1bc1a5db852915311bd6bd', u'type': u'dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2005399800, next used block 8452216', u'size': 744}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 705168, u'sha256': u'9803deebb424e82f73c26dc00c0b8df765ebde020e673fab8a6ff6faa38588e2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 705464, u'sha256': u'3beadf2cf64cbd321f31a554775f7839eebc911a695a7815731f9933cd873a71', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 709216, u'sha256': u'79db4f9306690bfd5e7b8b11f38a5629e24910bd5d0fa535404368b371ff0e5b', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 13490662, next used block 13885161', u'size': 2216}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 711432, u'sha256': u'ebfd43bb200d33cf702cbaf6824cbb4a9e5f75d52470d805370b316bc2622710', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 712816, u'sha256': u'4c78e116fb08293b0883a8d1fa1a8b58c1c08fbd1c2aa89d1a41951632d18c0e', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 722456, u'sha256': u'cb11fa807d0d7258941541d7ed11e2866330f9c487de2dc3ffde68ff054672f3', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 726720, u'sha256': u'10d8d1d5d34a6d375fe241ef289d303f40e59680b8c33b0307325f03a3f2185e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 727848, u'sha256': u'54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab', u'type': u'data', u'size': 80}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 727928, u'sha256': u'7de7438fb4425f608109111fdce25be7d2381938f6c5984bcfb14b3b88e9c883', u'type': u'data', u'size': 252}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 728184, u'sha256': u'ff841c2dd3b09d5a11dd9b16d09268adc0ac3562eb0dc79cc5044dc531de6477', u'type': u'data', u'size': 1328}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 729512, u'sha256': u'3f37dba0277dc704f072aaf3e740c2bee9ac04f79982fd41662dfc94e7bfda2e', u'type': u'data', u'size': 1680}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 731192, u'sha256': u'322afa4fa7a6e6cb4eb0b276d8feeeee558ec0df828e3ed8859b0506d39a38b4', u'type': u'data', u'size': 1082}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 732280, u'sha256': u'4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb', u'type': u'data', u'size': 1532}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 733816, u'sha256': u'd38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45', u'type': u'data', u'size': 1628}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 735448, u'sha256': u'ae9b084978e14d5bfa296e256820765b30a7b3e411cdccc67c91e146f053e815', u'type': u'data', u'size': 904}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 736352, u'sha256': u'b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee', u'type': u'data', u'size': 344}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 736696, u'sha256': u'5d62d392a0f454a05c957c41003db41c4faabf09156725ca8ce9d6622b22ca71', u'type': u'MS Windows icon resource - 9 icons, 48x48, 16 colors', u'size': 132}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 736832, u'sha256': u'ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 736856, u'sha256': u'6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 736880, u'sha256': u'7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 736904, u'sha256': u'81f4d0ba1102bc1ecb247be3241bfaef9045aaff2aaf84db50f135c57ae23f58', u'type': u'data', u'size': 412}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 737320, u'sha256': u'6fb2f428ceb740481a982bfa8d6718e01c1cac512f6848fcd78ddf56df9ec877', u'type': u'ASCII text, with CRLF line terminators', u'size': 620}