| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | ud8qQSCc7kEdZKzblmZWqRhCfNo79m7T |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | e541b15427e08d8c0ea7bb03080e6341dba1672f |
| MD5: | 8adee9dce45b8d418ce98bb23d8c1c62 |
| First Seen Date: | 2023-07-03 21:50:35.555538 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-07-06 16:54:26.993982 ( ) |
| Human Expert Analysis Date: | 2023-07-04 10:34:15.671363 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [[42.2, u'Win32 Executable MS Visual C++ (generic)'], [37.3, u'Win64 Executable (generic)'], [8.8, u'Win32 Dynamic Link Library (generic)'], [6.0, u'Win32 Executable (generic)'], [2.7, u'Generic Win/DOS Executable']] |
| compilation time stamp | 0x62792EE4 [Mon May 9 15:10:28 2022 UTC] |
| InternalName | HondaForza.exe |
| LegalTrademarks2 | unobservable |
| FileVersion | 88.53.80.23 |
| CompanyName | History |
| FileDescriptions | Blast |
| ProductName | FreewayTrip |
| ProductVersion | 57.71.45.5 |
| LegalCopyrights | Challengers mazambik inc. |
| Translation | 0x4250 0x03ff |
| entry point | 0x4058cc (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 358400 |
| ssdeep | 6144:VBkESC272XNJSjjkE1aaQYrv6BTokELZGi7HM8SO:cRC272Xy//AJ61LpMbO |
| sha256 | 98f91b9e77276b58e267d61783f27c9a5af536427bbdc37f1e1bc98260696bdf |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'EXE:FileDescriptions': u'Blast', u'EXE:LegalCopyrights': u'Challengers mazambik inc.', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/e/5/4/1/e541b15427e08d8c0ea7bb03080e6341dba1672f', u'EXE:ProductName': u'FreewayTrip', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:06 16:52:52+00:00', u'EXE:InitializedDataSize': 24388096, u'File:FileModifyDate': u'2023:07:03 21:49:31+00:00', u'EXE:LinkerVersion': 10.0, u'EXE:FileVersionNumber': u'100.0.0.0', u'EXE:FileVersion': u'88.53.80.23', u'File:FileSize': u'350 kB', u'EXE:CharacterSet': u'Unknown (85B1)', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'57.71.45.5', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'History', u'File:FileName': u'e541b15427e08d8c0ea7bb03080e6341dba1672f', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.1, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2022:05:09 15:10:28+00:00', u'EXE:LegalTrademarks2': u'unobservable', u'EXE:FileFlagsMask': u'0x003f', u'EXE:InternalName': u'HondaForza.exe', u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/e/5/4/1', u'EXE:EntryPoint': u'0x58cc', u'EXE:SubsystemVersion': 5.1, u'EXE:CodeSize': 119808, u'File:FileInodeChangeDate': u'2023:07:03 21:49:31+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Unknown (0291)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'2.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 144f161f98acce6fa2a99dd080adf6b9 |
| File Path on Client | Seen Count |
|---|---|
| e541b15427e08d8c0ea7bb03080e6341dba1672f | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x1d21a | 0x1d400 | 4.86962561467 | 0f029c4eb2caed5310c40b731ca80da9 |
| .data | 0x1f000 | 0x1728d8c | 0x29800 | 7.96439781296 | 46528a011f7a81fce096b5332fddaa8e |
| .yalibe | 0x1748000 | 0x244 | 0x400 | 0.0 | 0f343b0931126a20f133d67c2b018a3b |
| .rsrc | 0x1749000 | 0x102a0 | 0x10400 | 3.66325281327 | f8cdce1d5450b57b07017dc1353d2f34 |
-
KERNEL32.dll
- CreateMutexW
- WriteConsoleInputW
- AllocConsole
- lstrcpynA
- HeapAlloc
- InterlockedIncrement
- InterlockedDecrement
- GetNamedPipeHandleStateA
- GetUserDefaultLCID
- GetModuleHandleW
- GetTickCount
- GetCurrentThread
- GetConsoleAliasesLengthA
- GetWindowsDirectoryA
- GetCompressedFileSizeW
- GetConsoleAliasExesW
- WaitNamedPipeW
- GetCommandLineA
- GetPriorityClass
- GetVolumePathNameW
- GetPrivateProfileIntA
- SetFileShortNameW
- _hread
- GetCalendarInfoW
- CreateEventA
- GetConsoleAliasExesLengthW
- GetFileAttributesA
- CreateSemaphoreA
- WriteConsoleW
- IsDBCSLeadByte
- QueryInformationJobObject
- CompareStringW
- GetACP
- lstrlenW
- FindNextVolumeMountPointW
- SetThreadPriority
- GetTempFileNameW
- EnumSystemLocalesA
- DeleteFiber
- GetLastError
- GetProcAddress
- HeapSize
- BeginUpdateResourceW
- RemoveDirectoryA
- SetComputerNameA
- EnterCriticalSection
- SearchPathA
- SetFileAttributesA
- LoadLibraryA
- OpenWaitableTimerW
- LocalAlloc
- MoveFileA
- GetNumberFormatW
- AddAtomW
- OpenJobObjectW
- FindAtomA
- GetPrivateProfileSectionNamesA
- GetModuleHandleA
- OpenFileMappingW
- FreeEnvironmentStringsW
- FindNextFileW
- GetStringTypeW
- GetCurrentDirectoryA
- EnumDateFormatsW
- GetShortPathNameW
- SetCalendarInfoA
- GetVersionExA
- GetFileInformationByHandle
- DebugBreak
- ReadConsoleOutputCharacterW
- lstrcpyW
- DeleteFileA
- LocalFileTimeToFileTime
- CreateMailslotW
- GetVolumeNameForVolumeMountPointA
- Sleep
- InitializeCriticalSection
- DeleteCriticalSection
- LeaveCriticalSection
- EncodePointer
- DecodePointer
- WideCharToMultiByte
- HeapSetInformation
- GetStartupInfoW
- HeapFree
- RtlUnwind
- GetCPInfo
- GetOEMCP
- IsValidCodePage
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- SetLastError
- GetCurrentThreadId
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- IsDebuggerPresent
- TerminateProcess
- GetCurrentProcess
- SetFilePointer
- CloseHandle
- RaiseException
- ExitProcess
- WriteFile
- GetStdHandle
- GetModuleFileNameW
- GetModuleFileNameA
- GetEnvironmentStringsW
- SetHandleCount
- InitializeCriticalSectionAndSpinCount
- GetFileType
- HeapCreate
- QueryPerformanceCounter
- GetCurrentProcessId
- GetSystemTimeAsFileTime
- MultiByteToWideChar
- IsProcessorFeaturePresent
- LCMapStringW
- SetStdHandle
- GetConsoleCP
- GetConsoleMode
- FlushFileBuffers
- LoadLibraryW
- HeapReAlloc
- ReadFile
- CreateFileW
-
ADVAPI32.dll
- ReadEventLogA
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_CURSOR', u'offset': 24475840, u'sha256': u'9290ec1d55e739cae08232a2be51bfb9b40ca69ffd44e796d493b1e1d2cc2c2c', u'type': u'data', u'size': 304}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_CURSOR', u'offset': 24476168, u'sha256': u'755c3646883985ad1d833271ae1e161293ac394342f70366fceea5cbc99163c4', u'type': u'dBase III DBT, version number 0, next free block index 40, 1st item "\\251\\317"', u'size': 2216}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24417936, u'sha256': u'473b3dc0103a23a9d5abcb6f19ef1149207891771df687705e4b5dc71f2182d6', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24420152, u'sha256': u'8d016fb9c92edcf1850f2f59859e29c53694fe4c95b6e8d9a2ecc75a452d56a0', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24424456, u'sha256': u'827d728d1c820464b12a9efd1db6a2b5e0c19bf5ae4f5648d49d47d5cae8afe0', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24428208, u'sha256': u'838fd9dbe2cc292d66985fe619a3c3b1b23616f35816aa6c73b39e1da4c75bc0', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 8421249, next used block 8486785', u'size': 2216}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24430424, u'sha256': u'b3f2dadfbc25c0c7b0c9bc9e4a9560a6a7fa8e15ff6dca1a1f55d518626bcd75', u'type': u'data', u'size': 1736}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24432160, u'sha256': u'a7db661cf2baebd26701a8240230b7eef076b1c21276c594d9ec948bba70add7', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24433544, u'sha256': u'8d350f08329202b4cec021f5d6f0d50b6e37d3446609aae8692cd300f61f7869', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24443184, u'sha256': u'eb4a6da063e7784aea81129764c970b722fea271fa0dab93214c5cb4898b994a', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24447448, u'sha256': u'9fbedaf874b439e55201d4aa035fc21f92563d84c84eb54416de6131ebbbec1b', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24449888, u'sha256': u'9755fb3d3b909214b06f05f6c77588002cc757c7d84ef41ff36cf147053fd6b2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24451136, u'sha256': u'f513b135c532198e665434e76e250c99144ab95dea3aa502928258ef7e89f14e', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24454888, u'sha256': u'5a9c99cfe749d148127358279e78f31ce7995f2d0effbc872757b8d734885fcc', u'type': u'data', u'size': 1736}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24456624, u'sha256': u'fc7bc3ef7fae01961560c42cb43f103df4704cd68c9a119d97593783b140a3db', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24458008, u'sha256': u'159675d9b23d89384868e9c9ce495eeec3417c37fb295fa0b968883eb9ba4ae3', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24467648, u'sha256': u'7f0bb3d548c32280b644f1d0c51e008d2bcc1b108b906e19a135359921015636', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24471912, u'sha256': u'2742f2772961300e72146e84c6710a21b4189c1cd19b55d7c2229881ec0d8029', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 2440}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ICON', u'offset': 24474352, u'sha256': u'65421a2ca72911d0a57fba2046b6f90db6cf7388e5fac91829e5a3c439570081', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_TAMIL', u'name': u'RT_STRING', u'offset': 24479128, u'sha256': u'263830501bd669e83adda456cf7db69f7542fc6e9be09db1d435db60474b294a', u'type': u'data', u'size': 780}
{u'lang': u'LANG_TAMIL', u'name': u'RT_STRING', u'offset': 24479912, u'sha256': u'eda3585e1c96a3d5c96e53e2b51e101e7c3e38817a9b5658d798a16c34b05eb9', u'type': u'data', u'size': 892}
{u'lang': u'LANG_TAMIL', u'name': u'RT_STRING', u'offset': 24480808, u'sha256': u'7a4812c8d8f749a728b9742263b3ffa6a986204a3ee03b5aabf28a55c3e88fcf', u'type': u'data', u'size': 780}
{u'lang': u'LANG_TAMIL', u'name': u'RT_STRING', u'offset': 24481592, u'sha256': u'bd196690e3b7ca69d418e1b68d8a8686609a50837cb6a8edac377c5c574bbe7f', u'type': u'data', u'size': 868}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ACCELERATOR', u'offset': 24475720, u'sha256': u'9b2d7d995e9dad1565597040980e1f68a7ddc8d6d6e6e4325331e0d477b44975', u'type': u'data', u'size': 120}
{u'lang': u'LANG_TAMIL', u'name': u'RT_ACCELERATOR', u'offset': 24475584, u'sha256': u'e94ddc2be1ecf7ad6811c0cd18c161169c4249c7fcf361eb94d4fb9becf44236', u'type': u'data', u'size': 136}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_CURSOR', u'offset': 24476144, u'sha256': u'460268b31726095b94bc0903e72b1853f08dc863ff255ea143173a9047106e16', u'type': u'MS Windows icon resource - 1 icon, 32x32, 2 colors', u'size': 20}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_CURSOR', u'offset': 24478384, u'sha256': u'217d450a16a2372b00cba65fee0521ed845f5ced6dea83c12e37275f8bbbcc42', u'type': u'MS Windows icon resource - 1 icon, 32x32', u'size': 20}
{u'lang': u'LANG_TAMIL', u'name': u'RT_GROUP_ICON', u'offset': 24424416, u'sha256': u'365743600699d40fef274a86084ef5ec4abaf99a83a1adc852eff39efef7d24c', u'type': u'MS Windows icon resource - 2 icons, 32x32', u'size': 34}
{u'lang': u'LANG_TAMIL', u'name': u'RT_GROUP_ICON', u'offset': 24451016, u'sha256': u'69ec7901164492b9daeb674122ffd9ce6521afa84546e6bde2e9d97d69bb6e18', u'type': u'MS Windows icon resource - 8 icons, 48x48', u'size': 118}
{u'lang': u'LANG_TAMIL', u'name': u'RT_GROUP_ICON', u'offset': 24475480, u'sha256': u'95c3d8d9f5922917620fcfddf9c590d501fb9b4cdf881bd6ea5198cb729071b9', u'type': u'MS Windows icon resource - 7 icons, 48x48', u'size': 104}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 24478408, u'sha256': u'5bbbe58b1aff027d7efa45d6aabc087db65bcdfc528776c0e7479ed868cdeca9', u'type': u'data', u'size': 716}