Xcitium Cloud Verdict

File Name: 046fc9f92ac2bb066805121cc137d718f1b830eb17d1c892bd99318427a0d7db.exe

File Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

SHA1: d315accf779dfb2f7657746f1f93f27291672e80

MD5: 5fef9324d989c502a58bb092fb5a17e8

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	046fc9f92ac2bb066805121cc137d718f1b830eb17d1c892bd99318427a0d7db.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
SHA1:	d315accf779dfb2f7657746f1f93f27291672e80
MD5:	5fef9324d989c502a58bb092fb5a17e8
First Seen Date:	2023-07-03 21:06:09.985120 ( 2023-07-03 21:06:09.985120 )
Number of Clients Seen:	2
Last Analysis Date:	2023-07-03 21:06:09.985120 ( 2023-07-03 21:06:09.985120 )
Human Expert Analysis Date:	2023-07-04 11:52:09.617904 ( 2023-07-04 11:52:09.617904 )
Human Expert Analysis Result:	Clean

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	9
trid	[[67.4, u'Win32 Executable MS Visual C++ (generic)'], [14.2, u'Win32 Dynamic Link Library (generic)'], [9.7, u'Win32 Executable (generic)'], [4.3, u'Generic Win/DOS Executable'], [4.3, u'DOS Executable Generic']]
compilation time stamp	0x6491333E [Tue Jun 20 05:03:58 2023 UTC]
LegalCopyright	\xa9 Minehmute Team
InternalName	Launcher
FileVersion	5.4.2, build 1
CompanyName
LegalTrademarks	Minehmute
ProductName	Minehmute
ProductVersion	5.4.2, build 1
FileDescription	Minehmute 0.0.1
OriginalFilename	Launcher-launch4j-0.exe
Translation	0x0419 0x04e4
entry point	0x401590 (.text)
machine type	Intel 386 or later - 32Bit
file size	9246999
ssdeep	196608:NvXqPGazRpON38opvp0bkVbuDV6RfhhvizcjcryowfR5Fv6:Nva+a1YNrRFVbuDwRZOUcryoH
sha256	46fe24b341c159e9bd45925b8a4e66742d913901c60230ea61ebbe0ac8c215e7
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/d/3/1/5/d315accf779dfb2f7657746f1f93f27291672e80', u'EXE:OriginalFileName': u'Launcher-launch4j-0.exe', u'EXE:ProductName': u'Minehmute', u'EXE:InternalName': u'Launcher', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:03 21:05:27+00:00', u'EXE:InitializedDataSize': 24064, u'File:FileModifyDate': u'2023:07:03 18:16:24+00:00', u'EXE:FileVersionNumber': u'0.0.0.1', u'EXE:FileVersion': u'5.4.2, build 1', u'File:FileSize': u'8.8 MB', u'EXE:CharacterSet': u'Windows, Latin1', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT', u'EXE:LegalTrademarks': u'Minehmute', u'EXE:ProductVersion': u'5.4.2, build 1', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'', u'File:FileName': u'd315accf779dfb2f7657746f1f93f27291672e80', u'EXE:ImageVersion': 1.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2023:06:20 05:03:58+00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LegalCopyright': u'\xa9 Minehmute Team', u'EXE:LinkerVersion': 2.26, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/d/3/1/5', u'EXE:FileDescription': u'Minehmute 0.0.1', u'EXE:EntryPoint': u'0x1590', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 44032, u'File:FileInodeChangeDate': u'2023:07:03 18:16:25+00:00', u'EXE:UninitializedDataSize': 38912, u'EXE:LanguageCode': u'Russian', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'0.0.0.1'}]
mime type	application/x-dosexec
imphash	1f2702872592229d2f4cb1162cfbc55b

File Paths

File Path on Client	Seen Count
d315accf779dfb2f7657746f1f93f27291672e80	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0xab20	0xac00	6.25323022591	a8d7ee6c93480cc7f0558d955ddad8a6
.data	0xc000	0x28	0x200	0.31242918466	5a57f321ae6f68794e78fba852a0ca30
.rdata	0xd000	0xf18	0x1000	5.55399941186	38fcaadbc82d759c822735974f5e0045
.eh_fram	0xe000	0x1d10	0x1e00	4.88208891252	9e2ddb9db862af03aae6cf976d81070c
.bss	0x10000	0x9678	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.idata	0x1a000	0xe28	0x1000	4.92285271772	f3f34beb12ab4e6fa44d8ec2bd39e3b3
.CRT	0x1b000	0x18	0x200	0.114463381259	680b5a97669538b6c270dcf63aeae555
.tls	0x1c000	0x20	0x200	0.20448815744	1d22717eb27005d2f0f43537e6a1e267
.rsrc	0x1d000	0x18a0	0x1a00	3.78948670134	48e7d2df1d7e8971b3e980d2883fc581

PE Imports

advapi32.dll
- RegCloseKey
- RegEnumKeyExA
- RegOpenKeyExA
- RegQueryValueExA
kernel32.dll
- CloseHandle
- CreateMutexA
- CreatePipe
- CreateProcessA
- DeleteCriticalSection
- EnterCriticalSection
- ExitProcess
- FindResourceExA
- FormatMessageA
- GetCommandLineA
- GetCurrentDirectoryA
- GetCurrentProcess
- GetEnvironmentVariableA
- GetExitCodeProcess
- GetLastError
- GetModuleFileNameA
- GetModuleHandleA
- GetProcAddress
- GetStartupInfoA
- GlobalMemoryStatusEx
- InitializeCriticalSection
- InterlockedExchange
- IsDBCSLeadByteEx
- LeaveCriticalSection
- LoadResource
- LocalFree
- LockResource
- MultiByteToWideChar
- ReadFile
- SetEnvironmentVariableA
- SetHandleInformation
- SetLastError
- SetUnhandledExceptionFilter
- Sleep
- TlsGetValue
- VirtualProtect
- VirtualQuery
- WaitForSingleObject
- WideCharToMultiByte
msvcrt.dll
- _strdup
- _stricoll
msvcrt.dll
- __getmainargs
- __mb_cur_max
- __p__environ
- __p__fmode
- __set_app_type
- _cexit
- _chdir
- _close
- _errno
- _findclose
- _findfirst
- _findnext
- _fullpath
- _iob
- _itoa
- _onexit
- _open
- _read
- _setmode
- _stat64
- _stricmp
- abort
- atexit
- atoi
- calloc
- fclose
- fopen
- fprintf
- fputc
- fputs
- free
- fwrite
- getenv
- isspace
- localeconv
- malloc
- mbstowcs
- memcpy
- printf
- puts
- realloc
- setlocale
- signal
- strcat
- strchr
- strcmp
- strcoll
- strcpy
- strlen
- strncat
- strncpy
- strpbrk
- strrchr
- strstr
- strtok
- tolower
- vfprintf
- wcslen
- wcstombs
shell32.dll
- ShellExecuteA
user32.dll
- CreateWindowExA
- DispatchMessageA
- EnumWindows
- FindWindowExA
- GetMessageA
- GetSystemMetrics
- GetWindowLongA
- GetWindowRect
- GetWindowTextA
- GetWindowThreadProcessId
- KillTimer
- LoadImageA
- MessageBoxA
- PostQuitMessage
- SendMessageA
- SetForegroundWindow
- SetTimer
- SetWindowPos
- ShowWindow
- TranslateMessage
- UpdateWindow

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 119568, u'sha256': u'a5328f426ae1bd1bbf88cb554d8d2a16c29439d8ba60c7a5c4598e59e42d0cc2', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0', u'size': 4264}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123832, u'sha256': u'aea03cf16db5442489333cdd88c5073b5a274dc4d07b30dd327cfa48c85c81b4', u'type': u'ASCII text, with no line terminators', u'size': 40}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123872, u'sha256': u'296c49e867d66f141f9dbe7815a55d9b564a51b1e196200bc30125c77d6420b8', u'type': u'ASCII text, with no line terminators', u'size': 6}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123880, u'sha256': u'075d3ddf5a3a826e13a92288e853bc4b2cb17fb05367ae865f401a4bb11f05ce', u'type': u'data', u'size': 2}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123888, u'sha256': u'4abf7f19d6b19f7d572bc675ccd97f7ac941da2c7ec8c72c91d06e8b6042a021', u'type': u'ASCII text, with no line terminators', u'size': 10}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123904, u'sha256': u'debc2f07db78d52d2def07b7bc620d7042367501d9439a62ba09b559a98e0957', u'type': u'ASCII text, with no line terminators', u'size': 5}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123912, u'sha256': u'91c2a5652b88665d5de623e946a59451f7527d2c704c30a5650cc10bb225ff02', u'type': u'ASCII text, with no line terminators', u'size': 3}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 123920, u'sha256': u'6597a0858f510f2e441b6bb2bdd92dd3724fa594a7c3f865d014b9299436d104', u'type': u'ASCII text, with no line terminators', u'size': 84}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 124008, u'sha256': u'4ef9e51eb916d15bf8901e8ae324390cdedf728297a729d0fb823964730801fe', u'type': u'ASCII text, with no line terminators', u'size': 50}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 124064, u'sha256': u'2621256c93375617aba5a69d36c418c44381c5e913dddfaca576702aa105a2b1', u'type': u'ASCII text, with no line terminators', u'size': 54}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 124120, u'sha256': u'0bf65805e92c10fa89fbeaf313dedeaaf166f8f8cee5827f7478f2a7d4c3bd9d', u'type': u'ASCII text, with no line terminators', u'size': 53}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 124176, u'sha256': u'a9c88a2082dfa1f26c8ee0d9f6f58ad42142baa0f111d239011830a847fea5c5', u'type': u'ASCII text, with no line terminators', u'size': 104}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 124280, u'sha256': u'a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0', u'type': u'MS Windows icon resource - 1 icon, 32x32', u'size': 20}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 124304, u'sha256': u'6dc7ffd1d67cadcd52b8dbd655d282bca43ee5a25cd5d9430a1363944e68b3c2', u'type': u'data', u'size': 784}

CERTIFICATE VALIDATION

Loading...