66d8985a256af_installer.exe
First submission 2024-09-04 19:48:02
File details
File type: | PE32+ executable (GUI) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 4857.94 KB (4974530 bytes) |
Compile time: | 2012-05-10 10:34:40 |
MD5: | 4b0348bf0a8544b5c6b90c79bbeca054 |
SHA1: | fffc3fed695f793866fc13fd2000531134e8874f |
SHA256: | aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0 |
Import Hash : | ce92706925e359aa40f23197a9743843 |
Sections 5 | .text .rdata .data .pdata .rsrc |
Directories 3 | import resource security |
File features detected
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x1b300 | 111616 | 347710d71a7059c2d8e943dcebe4a481f3bb7e81 | 643d4d5512b6ada56e2a13964b71f570 | |
.rdata | 0x1d000 | 0x52a2 | 21504 | 11a11880d7a7c8eddc524c5345c30a90e8726c22 | 4888581b1f6d73fcfaf679eb2500c4af | |
.data | 0x23000 | 0x2f68 | 3072 | 1005a8ed8253ef91ac15f544465510a4f754fd03 | 24b7f532e0985a338e74a2bde02e07f0 | |
.pdata | 0x26000 | 0x16e0 | 6144 | f0867fee774119fe1924b4d9df96342bd1a77301 | 1c1230c663f280fbde04cc10c5014dcc | |
.rsrc | 0x28000 | 0x48f92 | 299008 | a8e88b649aef21d8280dbf837341940b6de6d9aa | 1a5fb610b1e110b6c229b59ae9dde189 |
PE Resources 3
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x7076c | 1128 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x70bd4 | 118 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x70c4c | 838 |
Packers detected 1
Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 1
GetLastError |
Anti debug functions 1
Bochs & QEmu CPUID Trick |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
925a6b2cf5754b5d2f6b0c7002bb4241 | da651a27cdb20fb8312e99aa38e8638047ae6163 | 21912 | 4952618 |
Strings analysis - File found
Executable |
Vk.SO |
Library |
%setup_app_tmp.dll |
ADVAPI32.dll |
SHELL32.dll |
COMCTL32.dll |
USER32.dll |
KERNEL32.dll |
MSVCRT.dll |
OLEAUT32.dll |
ole32.dll |
GDI32.dll |
Strings analysis - Possible URLs found 15
http://ocsp.digicert.com0\ |
http://ocsp.digicert.com0C |
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
http://ocsp.digicert.com0A |
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
http://www.digicert.com/CPS0 |
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
http://sourceforge.net/projects/s-zipsfxbuilder/) |
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
http://ocsp.digicert.com0X |
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Import functions
Name | Latest seen | MD5 |
---|---|---|
66d7540419a3a_installer.exe | 2024-09-04 00:24:02 | 9a0770b61e54640630a3c8542c5bc7ac |