| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\is-F2R01.tmp\isxdl.dll |
Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 792620390aae5305220283f2ce33ca68 SHA-1 : d9fee4cb3e2fa5e7d88b45662fd58b30aa9979f0 SHA-256 : 21bc620515ebbdeb125d273c2d8db45577d05408ef624464af26afcfecfd201a SHA-512 : 470914116f40e4f7216c840ccbc706eb7953c10e62195c9b4d15e73f422625096df6c68edb33c25e2eec3305b4a1b159054f812c4a2307aeb3e49d35ae5f575c Size : 59.392 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\is-F2R01.tmp\dotnetchk.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 26c5023438740dd0d532f33d6407919c SHA-1 : 2b38c639efa93eeb67fc47826c2be8ed8cef5cbb SHA-256 : e6ce9a0143c4c5aff4fab8199471230266b4b6774af2b6634aa511b077c9fcae SHA-512 : 628f1b5ec369d842684ceab038ffabda33a1a2a457c742dae10e059ef1c74ed3534aa2f4c2ab738a87f337811300b0c9342cc38462c9b9a616e4f07bb2446550 Size : 61.632 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\is-GE8VP.tmp\c85530bfd84b61f2aaad539a348d3032b934f8a2.tmp |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : bb4bd737320b411d6c80203f0aaaa101 SHA-1 : cfa4893be9ddc75ff961e303b4852f4dd47b6145 SHA-256 : 2cdb61e71d0aee5d753c97813ce6f9ed5e4abacbb6e1b8ff895f15ac787c1ffc SHA-512 : a032d79e5f31cf2fbd08e5b1e49598b8435d5b9b6f588b5a7844bc84281278c0f4b6f192ba36d1a5b506daf15ee68757951e6a3de294c128d24a1d96c7234712 Size : 711.68 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\is-F2R01.tmp\_isetup\_setup64.tmp |
Type : PE32+ executable (console) x86-64, for MS Windows MD5 : e4211d6d009757c078a9fac7ff4f03d4 SHA-1 : 019cd56ba687d39d12d4b13991c9a42ea6ba03da SHA-256 : 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 SHA-512 : 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e Size : 6.144 Kilobytes. |
| Match Rules |
|---|
| File Name: | Trojan.MSIL.Crypt.dnbp-929b9dcfc8a43721ece5cb448cb486fbf5f5ded0f290eb1973a1ade67a1fab10 |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | c85530bfd84b61f2aaad539a348d3032b934f8a2 |
| MD5: | 630582ca84cc7d3b995c79cf19f67397 |
| First Seen Date: | 2023-07-26 19:36:44.507278 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-07-26 20:45:10.873525 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 8 |
| trid | [[77.7, u'Inno Setup installer'], [10.0, u'Win32 Executable Delphi generic'], [4.6, u'Win32 Dynamic Link Library (generic)'], [3.1, u'Win32 Executable (generic)'], [1.4, u'Win16/32 Executable Delphi generic']] |
| compilation time stamp | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] [SUSPICIOUS] |
| LegalCopyright | 2015 |
| FileVersion | 4.0 |
| CompanyName | Compusoft Hard- & Software GmbH |
| Comments | This installation was built with Inno Setup. |
| ProductName | ShopLuKaSOXID |
| ProductVersion | 4.0 |
| FileDescription | Artikel Abgleichsystem zu Oxid 4.x Shops |
| Translation | 0x0000 0x04b0 |
| entry point | 0x40aa98 (CODE) |
| machine type | Intel 386 or later - 32Bit |
| file size | 4703240 |
| ssdeep | 98304:n5S5cx58o/LlOSfNugUO58ziZkgwtIEcXSHWkUfBpdASQSUV+YHtRJqq4O:E5c/8S5ugXEYkTL41fBXQzv714O |
| sha256 | 929b9dcfc8a43721ece5cb448cb486fbf5f5ded0f290eb1973a1ade67a1fab10 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/c/8/5/5/c85530bfd84b61f2aaad539a348d3032b934f8a2', u'EXE:ProductName': u'ShopLuKaSOXID ', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:26 19:36:35+00:00', u'EXE:InitializedDataSize': 13312, u'File:FileModifyDate': u'2023:07:26 19:36:34+00:00', u'EXE:FileVersionNumber': u'4.0.0.0', u'EXE:FileVersion': u'4.0 ', u'File:FileSize': u'4.5 MB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'4.0 ', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Compusoft Hard- & Software GmbH ', u'File:FileName': u'c85530bfd84b61f2aaad539a348d3032b934f8a2', u'EXE:ImageVersion': 6.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 1.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'1992:06:19 22:22:17+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'2015 ', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/c/8/5/5', u'EXE:FileDescription': u'Artikel Abgleichsystem zu Oxid 4.x Shops ', u'EXE:EntryPoint': u'0xaa98', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 41472, u'EXE:Comments': u'This installation was built with Inno Setup.', u'File:FileInodeChangeDate': u'2023:07:26 19:36:35+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'4.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 2fb819a19fe4dee5c03e8c6a79342f79 |
| File Path on Client | Seen Count |
|---|---|
| c85530bfd84b61f2aaad539a348d3032b934f8a2 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| CODE | 0x1000 | 0xa1d0 | 0xa200 | 6.64374902859 | b7ea439d9c6d5ec722056c9243fb3054 |
| DATA | 0xc000 | 0x250 | 0x400 | 2.74012451302 | 9b2268ed5360951559d8041925d025fb |
| BSS | 0xd000 | 0xe94 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 0xe000 | 0x97c | 0xa00 | 4.48607624623 | df5f31e62e05c787fd29eed7071bf556 |
| .tls | 0xf000 | 0x8 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 0x10000 | 0x18 | 0x200 | 0.190488766435 | 14dfa4128117e7f94fe2f8d7dea374a0 |
| .reloc | 0x11000 | 0x91c | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 0x12000 | 0x2374 | 0x2400 | 5.24117495604 | 7d190f730e071f82229f85f543e6873b |
-
kernel32.dll
- DeleteCriticalSection
- LeaveCriticalSection
- EnterCriticalSection
- InitializeCriticalSection
- VirtualFree
- VirtualAlloc
- LocalFree
- LocalAlloc
- WideCharToMultiByte
- TlsSetValue
- TlsGetValue
- MultiByteToWideChar
- GetModuleHandleA
- GetLastError
- GetCommandLineA
- WriteFile
- SetFilePointer
- SetEndOfFile
- RtlUnwind
- ReadFile
- RaiseException
- GetStdHandle
- GetFileSize
- GetSystemTime
- GetFileType
- ExitProcess
- CreateFileA
- CloseHandle
-
user32.dll
- MessageBoxA
-
oleaut32.dll
- VariantChangeTypeEx
- VariantCopyInd
- VariantClear
- SysStringLen
- SysAllocStringLen
-
advapi32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
- OpenProcessToken
- LookupPrivilegeValueA
-
kernel32.dll
- WriteFile
- VirtualQuery
- VirtualProtect
- VirtualFree
- VirtualAlloc
- Sleep
- SizeofResource
- SetLastError
- SetFilePointer
- SetErrorMode
- SetEndOfFile
- RemoveDirectoryA
- ReadFile
- LockResource
- LoadResource
- LoadLibraryA
- IsDBCSLeadByte
- GetWindowsDirectoryA
- GetVersionExA
- GetVersion
- GetUserDefaultLangID
- GetSystemInfo
- GetSystemDirectoryA
- GetSystemDefaultLCID
- GetProcAddress
- GetModuleHandleA
- GetModuleFileNameA
- GetLocaleInfoA
- GetLastError
- GetFullPathNameA
- GetFileSize
- GetFileAttributesA
- GetExitCodeProcess
- GetEnvironmentVariableA
- GetCurrentProcess
- GetCommandLineA
- GetACP
- InterlockedExchange
- FormatMessageA
- FindResourceA
- DeleteFileA
- CreateProcessA
- CreateFileA
- CreateDirectoryA
- CloseHandle
-
user32.dll
- TranslateMessage
- SetWindowLongA
- PeekMessageA
- MsgWaitForMultipleObjects
- MessageBoxA
- LoadStringA
- ExitWindowsEx
- DispatchMessageA
- DestroyWindow
- CreateWindowExA
- CallWindowProcA
- CharPrevA
-
comctl32.dll
- InitCommonControls
-
advapi32.dll
- AdjustTokenPrivileges
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 74436, u'sha256': u'7f2b83efef7fa52c4d918fe7cd6216c7673bbe4cbbea4e931eaecee7d5044956', u'type': u'data', u'size': 2740}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 77176, u'sha256': u'2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f', u'type': u'data', u'size': 754}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 77932, u'sha256': u'840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3', u'type': u'data', u'size': 780}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 78712, u'sha256': u'26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78', u'type': u'data', u'size': 718}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 79432, u'sha256': u'd786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c', u'type': u'data', u'size': 104}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 79536, u'sha256': u'00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd', u'type': u'data', u'size': 180}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 79716, u'sha256': u'34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3', u'type': u'data', u'size': 174}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 79892, u'sha256': u'6a01524c185616fe3be68ab58ce982c391cfeff1af66e3accaafcd03e33b613f', u'type': u'data', u'size': 44}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 79936, u'sha256': u'5a15635f341ecd5ad8a500c7fce6f6b4fdfecfea67e54a00906d460fdae57ab4', u'type': u'MS Windows icon resource - 1 icon, 32x27', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 79956, u'sha256': u'90710f9106f08edaedf5c393c9566f018f1cb9e54c751b0c5800d9b0876d9095', u'type': u'data', u'size': 1268}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 81224, u'sha256': u'356ca8abf11d97bf9dcbff47c04bf1ddcb8685ef84d38e6850ec6c28a37655b9', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 1580}