Windows Analysis Report HD1(GPS) v2.24.exe
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice |
---|
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | File created: |
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File created: |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | Key value created or modified: |
Source: | Static file information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File opened / queried: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | File Volume queried: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection1 | Masquerading22 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Registry Run Keys / Startup Folder1 | DLL Side-Loading1 | Virtualization/Sandbox Evasion1 | LSASS Memory | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Registry Run Keys / Startup Folder1 | Process Injection1 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | DLL Side-Loading1 | NTDS | System Information Discovery12 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
No contacted domains info |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 85 |
Start date: | 29.06.2021 |
Start time: | 21:25:09 |
Joe Sandbox Product: | CloudBasic |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | HD1(GPS) v2.24.exe |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Detection: | CLEAN |
Classification: | clean4.winEXE@3/25@0/0 |
Warnings: | Show All
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 67002 |
Entropy (8bit): | 4.596222790733321 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 862 |
Entropy (8bit): | 6.590862113291391 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129659 |
Entropy (8bit): | 2.0284694119888735 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2928640 |
Entropy (8bit): | 5.836793538282988 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 346696 |
Entropy (8bit): | 7.917287971920076 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116442 |
Entropy (8bit): | 4.729001881244087 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 6.206632501179402 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 3.147025307853983 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 4.394500643269032 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 3.6147958656153993 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 1.6176853708804466 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 167926 |
Entropy (8bit): | 6.018738622681652 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48128 |
Entropy (8bit): | 6.3377933069406085 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1142 |
Entropy (8bit): | 4.635117562984788 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1117 |
Entropy (8bit): | 4.609547621877304 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1106 |
Entropy (8bit): | 4.666610459479573 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\HD1(GPS)\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 765697 |
Entropy (8bit): | 0.6916559918233969 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 933960 |
Entropy (8bit): | 6.355065762804709 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 163480 |
Entropy (8bit): | 5.796385844990045 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 147456 |
Entropy (8bit): | 5.536016637218308 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1070232 |
Entropy (8bit): | 6.301401815183038 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 85648 |
Entropy (8bit): | 5.751764686105291 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 119960 |
Entropy (8bit): | 5.894311725943536 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 259736 |
Entropy (8bit): | 5.892051514062089 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\alfredo\Desktop\HD1(GPS) v2.24.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 444840 |
Entropy (8bit): | 6.35089801730904 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.986913455063313 |
TrID: |
|
File name: | HD1(GPS) v2.24.exe |
File size: | 3592691 |
MD5: | 1148fd1e4b2c4237bf152a9ceb94a62f |
SHA1: | 41463fd921d1f07033560338e533f91f8747ed6e |
SHA256: | 3cd2b40b277c073b3d29387d9fcbe8b09cca7a47b3213c5f212ce847ec23c64f |
SHA512: | 31a801a8e4ef5b52d37f8e1f3b435efae2b19c98b1c274134d592d42eb50df8b40615668d931fedbc5af2680f5e4591a5da485aaec8030b3739329c26ca7a5b6 |
SSDEEP: | 98304:pwYe48gRVGISZWZWka30ia81fR2ARmGf7YIw1f:p+V93WZ/SYATLw1f |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1...-...1..*....1..A-...1..*....1.......1.......1...1...1.......1...1..91..=....1...7...1..Rich.1................. |
File Icon |
---|
Icon Hash: | c8d49ccde690ae46 |
General | |
---|---|
Entrypoint: | 0x4253ca |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x40813A96 [Sat Apr 17 14:09:26 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 76d5c02c1b61ff55cf8d344cde5d8b26 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00428828h |
push 00424EE0h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 58h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [0042812Ch] |
xor edx, edx |
mov dl, ah |
mov dword ptr [0047F344h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [0047F340h], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [0047F33Ch], ecx |
shr eax, 10h |
mov dword ptr [0047F338h], eax |
xor esi, esi |
push esi |
call 00007F9160C834F5h |
pop ecx |
test eax, eax |
jne 00007F9160C8341Ah |
push 0000001Ch |
call 00007F9160C834C5h |
pop ecx |
mov dword ptr [ebp-04h], esi |
call 00007F9160C84848h |
call dword ptr [00428108h] |
mov dword ptr [0047F840h], eax |
call 00007F9160C84706h |
mov dword ptr [0047F378h], eax |
call 00007F9160C844AFh |
call 00007F9160C843F1h |
call 00007F9160C82BC3h |
mov dword ptr [ebp-30h], esi |
lea eax, dword ptr [ebp-5Ch] |
push eax |
call dword ptr [0042818Ch] |
call 00007F9160C84382h |
mov dword ptr [ebp-64h], eax |
test byte ptr [ebp-30h], 00000001h |
je 00007F9160C83418h |
movzx eax, word ptr [ebp-2Ch] |
jmp 00007F9160C83415h |
push 0000000Ah |
pop eax |
push eax |
push dword ptr [ebp-64h] |
push esi |
push esi |
call dword ptr [0042822Ch] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28b88 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x80000 | 0xfb0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28000 | 0x418 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26ae0 | 0x26c00 | False | 0.58205015121 | data | 6.59632180574 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x28000 | 0x2208 | 0x2400 | False | 0.415907118056 | zlib compressed data | 5.57765758968 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2b000 | 0x54858 | 0x3200 | False | 0.465703125 | data | 5.50529776871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x80000 | 0xfb0 | 0x1000 | False | 0.37744140625 | data | 4.30991765431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x80e60 | 0x134 | data | Finnish | Finland |
RT_BITMAP | 0x80c88 | 0x1d4 | data | Finnish | Finland |
RT_ICON | 0x806d0 | 0x2e8 | data | Finnish | Finland |
RT_DIALOG | 0x802a0 | 0xf0 | data | Finnish | Finland |
RT_DIALOG | 0x80438 | 0x1e0 | data | Finnish | Finland |
RT_DIALOG | 0x80390 | 0xa6 | data | Finnish | Finland |
RT_DIALOG | 0x80618 | 0xb6 | data | Finnish | Finland |
RT_GROUP_CURSOR | 0x80f98 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Finnish | Finland |
RT_GROUP_ICON | 0x809b8 | 0x14 | data | Finnish | Finland |
RT_MANIFEST | 0x809d0 | 0x2b8 | XML 1.0 document, ASCII text, with CRLF line terminators | Finnish | Finland |
DLL | Import |
---|---|
KERNEL32.dll | WaitForSingleObject, GetModuleFileNameA, GetDateFormatA, GetSystemDirectoryA, GetWindowsDirectoryA, GetCommandLineA, GetVersionExA, CreateMutexA, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcmpA, GetSystemTime, LocalFree, LocalAlloc, GetVersion, GetSystemInfo, GetComputerNameA, SetEndOfFile, LCMapStringA, GetStringTypeW, GetStringTypeA, GetOEMCP, lstrcpynA, GetCPInfo, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA, RtlUnwind, TerminateProcess, HeapAlloc, HeapFree, GetExitCodeProcess, SetFileTime, GlobalMemoryStatus, GetShortPathNameA, SetErrorMode, WritePrivateProfileStringA, WritePrivateProfileSectionA, MoveFileExA, GetCurrentProcess, ExitProcess, WideCharToMultiByte, CreateProcessA, RemoveDirectoryA, GetFileTime, VerLanguageNameA, CompareFileTime, CopyFileA, GetFileSize, GetLogicalDriveStringsA, FreeLibrary, GetCurrentDirectoryA, SetCurrentDirectoryA, MultiByteToWideChar, SetFileAttributesA, LCMapStringW, GetTempPathA, GetFileAttributesA, CreateDirectoryA, GetLocaleInfoA, FindFirstFileA, lstrcmpiA, FindNextFileA, FindClose, GetDriveTypeA, lstrcatA, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetTickCount, Sleep, GetCurrentThread, QueryPerformanceFrequency, QueryPerformanceCounter, GetThreadPriority, SetThreadPriority, GlobalReAlloc, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, MulDiv, lstrlenA, GetLastError, FormatMessageA, WriteFile, ReadFile, lstrcpyA, SetFilePointer, CreateFileA, CloseHandle, GetACP, DeleteFileA |
USER32.dll | FindWindowA, IsIconic, PostMessageA, RegisterClassA, SetRectEmpty, ExitWindowsEx, MsgWaitForMultipleObjects, GetMessageA, TranslateMessage, DispatchMessageA, FillRect, PostQuitMessage, EnableWindow, SetWindowPos, SetTimer, GetDlgItemTextA, CreateDialogParamA, GetWindowLongA, IsWindowEnabled, GetSystemMetrics, RegisterClassExA, GetClientRect, IsWindowVisible, PtInRect, SetCursor, EndDialog, GetActiveWindow, WaitMessage, IsDialogMessageA, MessageBoxA, CopyRect, KillTimer, DrawEdge, GetDlgItem, SendDlgItemMessageA, SetDlgItemTextA, PeekMessageA, SetWindowTextA, ReleaseDC, EnumDisplaySettingsA, LoadBitmapA, GetDC, DestroyWindow, DefWindowProcA, GetWindowRect, InvalidateRect, LoadIconA, LoadImageA, GetSysColor, GetDesktopWindow, SystemParametersInfoA, SetForegroundWindow, DialogBoxParamA, GetWindowTextLengthA, GetWindowTextA, CreateWindowExA, SetWindowLongA, SetFocus, GetSystemMenu, DeleteMenu, AppendMenuA, ShowWindow, LoadCursorA, GetCursorPos, ScreenToClient, SendMessageA |
GDI32.dll | SaveDC, SetMapMode, SetViewportOrgEx, RestoreDC, StartDocA, StartPage, EndPage, TextOutA, SetBkMode, SelectObject, CreateFontA, GetDeviceCaps, BitBlt, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, SetBkColor, SetTextColor, CreateCompatibleBitmap, CreateCompatibleDC, StretchDIBits, GetTextExtentPoint32A, CreateBitmap, CreateDIBitmap, CreatePalette, AddFontResourceA, CreateScalableFontResourceA, EndDoc, RemoveFontResourceA |
comdlg32.dll | GetOpenFileNameA, PrintDlgA |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExA, AdjustTokenPrivileges, LookupPrivilegeValueA, RegDeleteValueA, RegQueryInfoKeyA, RegEnumKeyExA, OpenThreadToken, DuplicateToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, FreeSid, GetUserNameA, RegSetValueExA, RegCreateKeyExA, OpenProcessToken, RegQueryValueExA |
SHELL32.dll | SHFileOperationA, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, ShellExecuteA, SHChangeNotify |
ole32.dll | CoUninitialize, CoInitialize, OleInitialize, CoCreateInstance, OleUninitialize |
OLEAUT32.dll | RegisterTypeLib, LoadTypeLib |
WINMM.dll | waveOutGetNumDevs, midiOutGetNumDevs, joyGetPos |
COMCTL32.dll | ImageList_Create, ImageList_Add |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Finnish | Finland |