Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-Apr-26 13:51:42 |
Detected languages |
English - United States
|
CompanyName | Microsoft Corporation |
FileDescription | Paint |
FileVersion | 10.0.19041.3758 (WinBuild.160101.0800) |
InternalName | MSPAINT |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | MSPAINT.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.19041.3758 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Akeo Consulting
Issuer: Sectigo Public Code Signing CA EV R36 The file was modified after it was signed. |
Malicious | VirusTotal score: 47/72 (Scanned on 2024-04-27 15:11:50) |
ALYac:
Gen:Variant.Lazy.398180
APEX: Malicious AVG: Win32:Agent-BDOJ [Trj] Alibaba: TrojanSpy:Win64/PyInstaller.283acd4e Arcabit: Trojan.Lazy.D61364 Avast: Win32:Agent-BDOJ [Trj] Avira: TR/Crypt.FKM.Gen BitDefender: Trojan.Generic.35770214 Bkav: W64.AIDetectMalware Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS DrWeb: Python.Muldrop.16 ESET-NOD32: a variant of Win64/Packed.PyInstaller.L Elastic: malicious (high confidence) Emsisoft: Trojan.Generic.35770214 (B) F-Secure: Trojan.TR/Crypt.FKM.Gen FireEye: Trojan.Generic.35770214 Fortinet: W64/PackedPyInstaller.L!tr GData: Trojan.Generic.35770214 Google: Detected Gridinsoft: Trojan.Win64.Agent.sa Ikarus: Trojan.Python.SLoader Jiangmin: TrojanSpy.Agent.afwu Kaspersky: Trojan-Spy.Win32.Agent.dffz Lionic: Trojan.Win32.Agent.Y!c MAX: malware (ai score=83) Malwarebytes: Generic.Malware.AI.DDS MaxSecure: Trojan.Malware.121218.susgen McAfee: Artemis!EDCA91C4B809 MicroWorld-eScan: Trojan.Generic.35770214 Microsoft: Trojan:Win64/Lazy.AME!MTB Paloalto: generic.ml Panda: Trj/CI.A Rising: Spyware.Agent/PYC!1.EA8F (CLASSIC) SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win64.Generic.vc Sophos: Mal/Generic-S Symantec: Scr.Malcode!gen129 Tencent: Win32.Trojan.Pyinstaller.Yolw TrendMicro: TROJ_GEN.R002C0DDQ24 TrendMicro-HouseCall: TROJ_GEN.R002C0DDQ24 VIPRE: Gen:Variant.Lazy.398180 Varist: W64/Agent.IMI.gen!Eldorado Yandex: TrojanSpy.Agent!msb6+VQ6+xw ZoneAlarm: Trojan-Spy.Win32.Agent.dffz alibabacloud: Trojan[spy]:Win/Lazy.AZM2XJC |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2024-Apr-26 13:51:42 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x2ae00 |
SizeOfInitializedData | 0x1f000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000C330 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x51000 |
SizeOfHeaders | 0x400 |
Checksum | 0x6ef2e6 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x1e8480 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
CreateWindowExW
MessageBoxW MessageBoxA SystemParametersInfoW DestroyIcon SetWindowLongPtrW GetWindowLongPtrW GetClientRect InvalidateRect ReleaseDC GetDC DrawTextW GetDialogBaseUnits EndDialog DialogBoxIndirectParamW MoveWindow SendMessageW |
---|---|
COMCTL32.dll |
#380
|
KERNEL32.dll |
IsValidCodePage
GetStringTypeW GetFileAttributesExW HeapReAlloc FlushFileBuffers GetCurrentDirectoryW GetACP GetOEMCP GetModuleHandleW MulDiv GetLastError SetDllDirectoryW GetModuleFileNameW CreateSymbolicLinkW GetProcAddress GetCommandLineW GetEnvironmentVariableW GetCPInfo ExpandEnvironmentStringsW CreateDirectoryW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW FreeLibrary LoadLibraryExW SetConsoleCtrlHandler FindClose FindFirstFileExW CloseHandle GetCurrentProcess LocalFree FormatMessageW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap GetTimeZoneInformation HeapSize WriteConsoleW SetEndOfFile SetEnvironmentVariableW RtlUnwindEx RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer RaiseException RtlPcToFileHeader GetCommandLineA CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindNextFileW SetStdHandle DeleteFileW ReadFile GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW |
ADVAPI32.dll |
OpenProcessToken
GetTokenInformation ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidW |
GDI32.dll |
SelectObject
DeleteObject CreateFontIndirectW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.19041.3758 |
ProductVersion | 10.0.19041.3758 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Paint |
FileVersion (#2) | 10.0.19041.3758 (WinBuild.160101.0800) |
InternalName | MSPAINT |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | MSPAINT.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 10.0.19041.3758 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-26 13:51:42 |
Version | 0.0 |
SizeofData | 812 |
AddressOfRawData | 0x3bae0 |
PointerToRawData | 0x3ace0 |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14003f040 |
GuardCFCheckFunctionPointer | 5368890400 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xaad19891 |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 8 |
C++ objects (30795) | 188 |
C objects (30795) | 10 |
Unmarked objects (#2) | 1 |
253 (VS 2015-2022 runtime 33030) | 4 |
C++ objects (VS 2015-2022 runtime 33030) | 40 |
C objects (VS 2015-2022 runtime 33030) | 17 |
ASM objects (VS 2015-2022 runtime 33030) | 17 |
Imports (30795) | 11 |
Total imports | 139 |
C objects (33135) | 21 |
Linker (33135) | 1 |