cad1b58e38cf

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	777.64 KB
MD5	859e6cf84ff73e9a9921fb829c3a386e
SHA1	5bbc936fdb82ed3e57c1ae2f4a0cbfab459883b7
SHA256	cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410
SSDeep	24576:6QwJUPvfQ9Lu9lokWwq4uHopxqqYMEeq:6QwauQvWwq4wopVYME3
ImpHash	2d99dbf9a3c1158012345d1eb4ef7fac

PE Information

Image Base	0x00400000
Entry Point	0x0048E000
Size Of Code	0x00031000
Size Of Initialized Data	0x00056A00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2073-05-03 11:13 (UTC+2)

Version Information (9)

CompanyName	Luxe USA Corp.
FileDescription	PREfast LocalESPC analysis defect module
InternalName	LocalESPC
LegalCopyright	Luxe USA Corporation. All rights reserved.
LegalTrademarks	Luxe is a registered trademark of USA Corporation.
OriginalFilename	LocalESPC.dll
ProductName	PREfast
FileVersion	14.00.24325.1
ProductVersion	14.00.24325.1

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.didata	0x00401000	0x00036000	0x00000000	0x00000400	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	0.0
.itext	0x00437000	0x00001000	0x00000200	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.65
.rsrc	0x00438000	0x00055A54	0x00055A54	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.83
.idata	0x0048E000	0x00018000	0x000175FD	0x00056200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0

Imports (6)

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleW	-	0x0043708C	0x00037094	0x00000494	0x00000000

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetDlgItem	-	0x0043709C	0x000370A4	0x000004A4	0x00000000

advapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueA	-	0x004370AC	0x000370B4	0x000004B4	0x00000000

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellAboutW	-	0x004370BC	0x000370C4	0x000004C4	0x00000000

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x004370CC	0x000370D4	0x000004D4	0x00000000

comctl32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateStatusWindowA	-	0x004370DC	0x000370E4	0x000004E4	0x00000000

Memory Dumps (38)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	First Execution	32-bit	0x00A8E000	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A8F170	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00AA47D5	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A90000	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00AA50D5	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A91000	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A9209F	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A9366A	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A02000	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A34000	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A32DFE	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A97A6D	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A9827D	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A95490	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00AA4842	... Actions Go to Process Download Dump
buffer	1	0x00920000	0x009E2FFF	First Execution	32-bit	0x00935012	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A97A4D	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A9827D	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A95490	... Actions Go to Process Download Dump
buffer	1	0x06ADE000	0x06ADFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04DAD000	0x04DAFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0285E000	0x0285FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00197000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0067C9F0	0x0067CA6F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00920000	0x009E2FFF	First Network Behavior	32-bit	0x0092CD61	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A979C1	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A95490	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00AA4842	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A979C1	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00AA491E	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A96245	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A95490	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A982D5	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A979C1	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A95490	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Content Changed	32-bit	0x00A979C1	... Actions Go to Process Download Dump
cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe	1	0x00A00000	0x00AA5FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cad1b58e38cfc1e0a0431fa9aae253a1626b4e4e3a6cbc6a8f119cd4959f6410.exe.log

Dropped File

Text

MIME Type	text/plain
File Size	3.78 KB
MD5	f144a2b8f8aff4b91bbbc747a06c0830
SHA1	7e436d3a818488509b0b9a352783b49d1450df7f
SHA256	0b14e7a76bd3495917b44edc5eaba750ed336d41af19fc8a8a2fb7a022e6fe90
SSDeep	96:iqvYqhzo77mDlqGqroqdqHqz9UTRtIVmqdwjG0qxdALiSKwKv/F:iqvYqhzAKDlqGqroqdqHqz9+RtIVmqdv
ImpHash	-

c856be21cb666bcb207b0cad578589c87005329bb2bf64ae1c8dc5d91da5a7d0

Extracted File

Image

Parent File	5c9c5c31e7f97c90024f1ebdafb83da26e8de21909c989bc0d329331673b5bac
MIME Type	image/png
File Size	3.57 KB
MD5	08555b0dcca3cb2df3d2e0f38a861594
SHA1	d0e5cc5db6a92ca514af766b047c923f640a6e33
SHA256	c856be21cb666bcb207b0cad578589c87005329bb2bf64ae1c8dc5d91da5a7d0
SSDeep	48:LbTQFUUBqU7MGKkvEmoakqo6fX6KREIxiQ1wRV7/qZMCCo6fyM:CUUBk2YfxRKRdAMwRV7kMCC5qM
ImpHash	-

4bba6131f6e4fabc025902f43699f57f9d4de23b4e90d7d1e41ac413c3ef1576

Extracted File

Image

Parent File	5c9c5c31e7f97c90024f1ebdafb83da26e8de21909c989bc0d329331673b5bac
MIME Type	image/png
File Size	358 Bytes
MD5	6a0cf63b758f83fa87756f82ff7a9eea
SHA1	f4893affb3d5c2ef2484f422405615fac3da0fab
SHA256	4bba6131f6e4fabc025902f43699f57f9d4de23b4e90d7d1e41ac413c3ef1576
SSDeep	6:6v/lhPA2KhmZW+hPO2V8g5HFmS0ShcLIcSl21XGxkadp:6v/7bmm8g5HFnPhcLzzXIkw
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information