Analysis

Category Package Started Completed Duration Log
STATIC 2019-10-04 01:30:44 2019-10-04 01:30:44 0 seconds Show Log

    

MalScore

0.0

Benign

File Details

File Name IAStorHelp.resources.dll
File Size 320072 bytes
File Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 33f78aec79a4843a1bc1abc14536ebd1
SHA1 9750dcfb1bc728e2591b42e6872f93d527c2e7da
SHA256 2ecbcd45bb7e15beff7059d99bc88e676cbfdb3e386fbe1a16fe16172b677878
SHA512 3e2e05265bb47bab9b84b3c3c01423183186dd5c47f8d3d2d85091db01b849b8716c1391033659a56fe6bbad8a989bf00ba129c2c82c67225d4d845ccc5226d6
CRC32 13DC68AF
Ssdeep 6144:+3pog0Z9EnqtlEtU+bLF3u2fuiuFE1W8l:+mHf3EtU+Z/l
TrID None matched
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x10000000
Entry Point 0x1004d19e
Reported Checksum 0x00057523
Actual Checksum 0x00057523
Minimum OS Version 4.0
Compile Time 2017-10-12 16:54:51
Import Hash dae02f32a21e03ce65412f6e56942daa

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00002000 0x0004b1a4 0x0004b200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.28
.rsrc 0x0004e000 0x000003e0 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.22
.reloc 0x00050000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Overlay

Offset 0x0004ba00
Size 0x00002848

Imports

Library mscoree.dll:
0x10002000 _CorDllMain

.text
`.rsrc
@.reloc
Chipset -piirisarjaan ja levyihin.
v4.0.30319
#Strings
#GUID
#Blob
<Module>
mscorlib
System.Reflection
AssemblyTitleAttribute
.ctor
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
IAStorHelp.resources.dll
IAStorHelp.resources
IAStorHelp.L10N.IAStorHelp.fi.resources
IAStorHelp
Intel Corporation
Intel Corporation. All rights reserved.
_CorDllMain
mscoree.dll
HC_11_5_100
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
CompanyName
Intel Corporation
FileDescription
IAStorHelp
FileVersion
15.9.0.1015
InternalName
IAStorHelp.resources.dll
LegalCopyright
Intel Corporation. All rights reserved.
OriginalFilename
IAStorHelp.resources.dll
ProductName
IAStorHelp
ProductVersion
15.9.0.1015
Assembly Version
15.9.0.1015
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 1.593 seconds )

  • 0.962 Static
  • 0.219 static_dotnet
  • 0.16 TargetInfo
  • 0.158 CAPE
  • 0.086 Strings
  • 0.006 AnalysisInfo
  • 0.001 BehaviorAnalysis
  • 0.001 Debug

Signatures ( 0.043 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 93522
Mongo ID 5d96a0f5fb45e6122a1fd5ec
Cuckoo release 1.3-CAPE
Delete