| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | fe3658635c66bb8b0981fe3f73cebf1b229ed661 |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | fe3658635c66bb8b0981fe3f73cebf1b229ed661 |
| MD5: | a48de889c19197426214da54922eb7ad |
| First Seen Date: | 2023-07-20 10:16:32.895832 ( ) |
| Number of Clients Seen: | 5 |
| Last Analysis Date: | 2023-07-20 10:39:04.237325 ( ) |
| Human Expert Analysis Date: | 2023-07-20 18:47:44.243530 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [{u'Path': u'C:\\lepofutu\\kafi\\90_kexof.pdb\x00', u'GUID': u'{51a7bed9-7f7e-47cc-a7f3-5a4b36c4c767}', u'timestamp': u'2023-07-14 02:29:38'}] |
| number of sections | 4 |
| trid | [[76.4, u'Win64 Executable (generic)'], [12.4, u'Win32 Executable (generic)'], [5.5, u'Generic Win/DOS Executable'], [5.5, u'DOS Executable Generic']] |
| compilation time stamp | 0x637C6365 [Tue Nov 22 05:51:33 2022 UTC] |
| LegalCopyright | Copyright (C) 2023, historic |
| ProductName | Fruits |
| ProductsVersion | 32.64.57.24 |
| ProductionVersion | 75.19.17.96 |
| FileDescription | Underweather |
| Translation | 0x07fd 0x0855 |
| entry point | 0x405de7 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 405504 |
| ssdeep | 6144:FdJL5aCNSwXadmlzRO3YUMmJxqD54zt2ySqOOS:7J1ahld8RUYUzED5It2POS |
| sha256 | f4fed6410af40a0441fd09c9f8d2b203938d46b8ae18dd75f6ea78ac9f675a2b |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/e/3/6/fe3658635c66bb8b0981fe3f73cebf1b229ed661', u'EXE:ProductName': u'Fruits', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:20 10:15:50+00:00', u'EXE:InitializedDataSize': 33525760, u'File:FileModifyDate': u'2023:07:20 10:15:49+00:00', u'EXE:ProductsVersion': u'32.64.57.24', u'EXE:ProductionVersion': u'75.19.17.96', u'EXE:FileVersionNumber': u'74.0.0.0', u'File:FileSize': u'396 kB', u'EXE:CharacterSet': u'Unknown (31F2)', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Unknown (0x20761)', u'EXE:ObjectFileType': u'Unknown', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'fe3658635c66bb8b0981fe3f73cebf1b229ed661', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2022:11:22 05:51:33+00:00', u'EXE:FileFlagsMask': u'0x141a', u'EXE:LegalCopyright': u'Copyright (C) 2023, historic', u'EXE:LinkerVersion': 9.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/e/3/6', u'EXE:FileDescription': u'Underweather', u'EXE:EntryPoint': u'0x5de7', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 230400, u'File:FileInodeChangeDate': u'2023:07:20 10:15:49+00:00', u'EXE:LanguageCode': u'Faeroese', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'36.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 01c4ee1c294ad77d8fcb236b1ae3a868 |
| File Path on Client | Seen Count |
|---|---|
| fe3658635c66bb8b0981fe3f73cebf1b229ed661 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x3825c | 0x38400 | 7.79393372885 | 7d149c1a91239df913ab218c4ef371d8 |
| .data | 0x3a000 | 0x1fd001c | 0x1a00 | 2.11885652094 | 9084ffb95c1be5496dffe45ba4457e77 |
| .rsrc | 0x200b000 | 0x1faf0 | 0x1fc00 | 4.08000889801 | e846b6b5ad2124015465e85691602b0e |
| .reloc | 0x202b000 | 0x9168 | 0x9200 | 0.978377933854 | aad80466572b44e5319dff91c83817a6 |
-
KERNEL32.dll
- lstrlenA
- GetConsoleAliasesLengthW
- EnumDateFormatsExW
- FindResourceW
- GlobalAddAtomA
- EnumCalendarInfoW
- _lwrite
- AddConsoleAliasW
- GetComputerNameW
- GetTickCount
- GetConsoleAliasesA
- GetWindowsDirectoryA
- WriteFile
- GlobalAlloc
- LoadLibraryW
- ReadConsoleInputA
- FreeConsole
- EnumSystemCodePagesA
- FindNextVolumeW
- GetCompressedFileSizeA
- SetThreadPriority
- DisconnectNamedPipe
- GetConsoleAliasesW
- CreateMutexW
- GetProfileIntA
- OpenMutexW
- SetLastError
- lstrcmpiA
- GetProcAddress
- VirtualAlloc
- SearchPathA
- LoadLibraryA
- SetCurrentDirectoryW
- GetOEMCP
- SetLocaleInfoW
- CreateMutexA
- FatalAppExitA
- ScrollConsoleScreenBufferA
- SetProcessShutdownParameters
- _lopen
- OpenSemaphoreW
- SetFileShortNameA
- AddConsoleAliasA
- LocalFileTimeToFileTime
- CreateFileA
- CloseHandle
- WriteConsoleW
- InterlockedExchange
- GetDateFormatW
- InterlockedIncrement
- InterlockedDecrement
- Sleep
- InitializeCriticalSection
- DeleteCriticalSection
- EnterCriticalSection
- LeaveCriticalSection
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetLastError
- HeapFree
- MultiByteToWideChar
- GetStartupInfoW
- RtlUnwind
- RaiseException
- GetModuleHandleW
- ExitProcess
- GetStdHandle
- GetModuleFileNameA
- HeapAlloc
- HeapCreate
- VirtualFree
- HeapReAlloc
- SetHandleCount
- GetFileType
- GetStartupInfoA
- TerminateProcess
- GetCurrentProcess
- IsDebuggerPresent
- GetCPInfo
- GetACP
- IsValidCodePage
- TlsGetValue
- TlsAlloc
- TlsSetValue
- TlsFree
- GetCurrentThreadId
- GetModuleFileNameW
- FreeEnvironmentStringsW
- GetEnvironmentStringsW
- GetCommandLineW
- QueryPerformanceCounter
- GetCurrentProcessId
- GetSystemTimeAsFileTime
- HeapSize
- GetLocaleInfoA
- GetStringTypeA
- GetStringTypeW
- InitializeCriticalSectionAndSpinCount
- SetFilePointer
- WideCharToMultiByte
- GetConsoleCP
- GetConsoleMode
- LCMapStringA
- LCMapStringW
- FlushFileBuffers
- SetStdHandle
- WriteConsoleA
- GetConsoleOutputCP
-
USER32.dll
- DdeQueryStringW
- CharUpperBuffA
- LoadMenuW
- CharLowerBuffW
-
ADVAPI32.dll
- InitializeAcl
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_CURSOR', u'offset': 33726248, u'sha256': u'609cf0e1c5d2f8c59ce55228574bd35efef29d9ea018a50a9bc73703d4170006', u'type': u'data', u'size': 304}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_CURSOR', u'offset': 33726552, u'sha256': u'67ceff3facc1ae98c4212a57be34fd73f7ac41d47c65002d6b77f7a3f3d33144', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 176}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33601936, u'sha256': u'a666afd3e4f2ae14376d1aaf6ebb0363e4cb3fcf3e074bb917165000dffc751c', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33605688, u'sha256': u'311fe735d4737b0fb08580124d9ae3aad8ce3814db9c2a735691b93b4680c4df', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33607904, u'sha256': u'748be7e442b638cc22722acf1d312e6143702007bc128ad08aa546f850052f8b', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33617544, u'sha256': u'632f3adf7b5ef345ecdd2057c6b9d8d940cf4fb812d3a74cab829caca25087b4', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33621808, u'sha256': u'f0a50e6419f34115e8bc5e9e630be26da9cb6ef143a341907645dca29044cd65', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33623016, u'sha256': u'e4a2f7038c2ceca105d45e0c56251421b91530f2fe7c6c798b5d380abe640d89', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33626768, u'sha256': u'dfc34afdf97c4ecc41842947381804a3ebc50fe368f6946e2fa97bbc0a8684ff', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33628984, u'sha256': u'de3e53e3244fdfbaab09bd199d42fde1c978ff74554817f40bb958423b49a6b9', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33630368, u'sha256': u'bf71c5d6d306e21ea3949c1fbb7d39cb156bf2e15e2971524d0b4eef0b929543', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33640008, u'sha256': u'4225a26fe42ddd8381d9feb12427f89fbb35d914db5d12ffa75c34b0e7fb6aad', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33644272, u'sha256': u'f47568d1e910f8982cbb5916d7d722beb2063c87218d36a19ffab59464a3b0e3', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33646712, u'sha256': u'1f230a0d458a0ea150ce020579c65e056d318e876ee7f25d22323dcaad9ce985', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33647944, u'sha256': u'693d8d82a0da488903270aee555f801f0d549eedef17188dbf9a9dd0d442097c', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33651696, u'sha256': u'0dcdbe8a931fffa860c73ea3602eddc70f2be4247e05abb23a81cef41f8290c4', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 8486783, next used block 8487041', u'size': 2216}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33653912, u'sha256': u'c6aee3fb118b359f7f3e6937de46e5e3c7f9c377fc9078c2021be77e4da23099', u'type': u'data', u'size': 1736}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33655648, u'sha256': u'7aa39916bde3ef77b5422355a3852e8d43ee3c7e1efa5ffa66734814c36b3ffe', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33657032, u'sha256': u'c3fb7b29234e19d881f53d5752d10215314475f9e4e63fe1c4b96be17d3754fb', u'type': u'dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33666672, u'sha256': u'2a0bd0f482e442287bc9e0068b1e25b7f70f500e4a3207d8687cdfaa6a6f0609', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 2139127680, next used block 2172616577', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33670936, u'sha256': u'14f307f3bebe7f8f19c71f12806d92811b7ebcc4e33ac8c9b058e050da2f2eb5', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33673376, u'sha256': u'0c5d1617edfd3f3163334bceb32ca0dddc4efef7091455ac4a77c1c56b4c9ef7', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33674624, u'sha256': u'3656b29897cb3d5403daf139d2fc89b54ebf3901ec58cba39bb74d9c8f3350f0', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33678376, u'sha256': u'7bc7052d2337b334c3cec97b08018acd5662362199c16d4ec3b6967d697b9689', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33680592, u'sha256': u'6c2111f65fc89a00fed15352455f525a87be49ad76cf2fcf32cd752c366aab97', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33681976, u'sha256': u'2e7c06e8886b5776c234abc985be512319c799e512ee014642b33f9b4dba7527', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33691616, u'sha256': u'75d7dc4cc8d39efc920917c72b1009bc7e3f81509c8d3446f018d07ec2313139', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33695880, u'sha256': u'05f7f5966632bf7e5a61e7764d5bf94ad899d931a55ed28debb9c8428f4d08a9', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33698320, u'sha256': u'78abf7426193331d5fc244a03b9d59ecdf18807ae01dd80bba7c505f6248817b', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33699552, u'sha256': u'ef024e149e1f020a36c94e15dd96cebde21d73b15a78327e0bc432614e3971ba', u'type': u'data', u'size': 3752}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33703304, u'sha256': u'50bd97c2c17ac945cfeb0140cb7d297a4ef96febc4c63fde17c747ef9461509b', u'type': u'data', u'size': 2216}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33705520, u'sha256': u'a234da42fa7c694a3ed14d0c734d006be412cb6be46f73e101240c69307a6173', u'type': u'data', u'size': 1736}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33707256, u'sha256': u'fd5e468da0d84731ffc7e8eedf39191bd5606edd2ac34b3537acee2458f8855d', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33708640, u'sha256': u'761cc770ebbe93c41a084a1ef12d3eda4f96b780fe9f39a62712cc15e16b6053', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33718280, u'sha256': u'3b01425f8a888854f8a7934b3169a8e8c76a04ca773eb317e9da275ee370bfe3', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33722544, u'sha256': u'6da3af8f955f48528555c713ce8c2834b2a8d5130c456d507b7a673df3a79ff1', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_ICON', u'offset': 33724984, u'sha256': u'31f3496f7b71ae5fbbd0af662ce7268e8e6b7127709ed7bb55563da2c56c7443', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 33727336, u'sha256': u'a9566e7e84a8a200f6b9d080f3d0c3932ef4d050644cc5d06bc9056ce4bab62a', u'type': u'data', u'size': 1372}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 33728712, u'sha256': u'23ed4fe69304bca2cd0c770baf53759f689c05d0b1f455794210d9ed927ef062', u'type': u'data', u'size': 546}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_CURSOR', u'offset': 33726728, u'sha256': u'be5db25a165b649701f88c017e632e6733e43938e1342e3a4d885a471d42c618', u'type': u'MS Windows icon resource - 2 icons, 32x32, 2 colors', u'size': 34}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 33622936, u'sha256': u'5daa005129f6706482a1ce299959e546bc0525594a44f2e4c14f99bf5dde9ac3', u'type': u'MS Windows icon resource - 5 icons, 48x48', u'size': 76}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 33647840, u'sha256': u'175c44cd427ffa52ec94040b15fee5c8af481e715ab585dbfa4938b18d6efd9b', u'type': u'MS Windows icon resource - 7 icons, 48x48', u'size': 104}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 33674504, u'sha256': u'f021825f19bdd266589a740e022304a9d050670d15390948bd034503bf4e6e26', u'type': u'MS Windows icon resource - 8 icons, 48x48', u'size': 118}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 33726112, u'sha256': u'9b3b1518bf5f1aafc04111fac5e8528214768123db6029d013eb17a922fc6f7b', u'type': u'MS Windows icon resource - 8 icons, 48x48', u'size': 118}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_GROUP_ICON', u'offset': 33699448, u'sha256': u'b1fe53b069e5fc407b674159dd4b277cb60093f857a7294e3d4571134e34a583', u'type': u'MS Windows icon resource - 7 icons, 48x48', u'size': 104}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 33726768, u'sha256': u'5d0ee16eb1df426580b6f10abad19b0a8b9bc0fde94b1da3c44b4aa8b785eb0a', u'type': u'data', u'size': 564}
{u'lang': u'LANG_NEUTRAL', u'name': u'241', u'offset': 33726232, u'sha256': u'2aae662c2afa7f5a59bfcae85b9dd1b56003e39da081ed0921c06d7deeadf12b', u'type': u'data', u'size': 10}