{ "1129dcd282f258807d1dd284042d2103a35fd9b053a831f5622f9d27368ebc50": { "DOS Header": { "e_magic": "MZ", "e_cblp": 144, "e_cp": 3, "e_crlc": 0, "e_cparhdr": 4, "e_minalloc": 0, "e_maxalloc": 65535, "e_ss": 0, "e_sp": 184, "e_csum": 0, "e_ip": 0, "e_cs": 0, "e_ovno": 0, "e_oemid": 0, "e_oeminfo": 0, "e_lfanew": 128 }, "Errors": "[!] Error: Could not read an import's name.\n[!] Error: The PE's resource section is invalid or has been manually modified. Resources will not be parsed.\n", "Hashes": { "MD5": "28a5471c1c8caeb0fe8525668df34870", "SHA1": "ce6f106a543f7bd3951648aa8763365b091aaa31", "SHA256": "1129dcd282f258807d1dd284042d2103a35fd9b053a831f5622f9d27368ebc50", "SHA3": "aa2ab996e708d0ffd436b6d6a5638d28d3df66ba0c55273637fac07e85c7b924", "SSDeep": "192:znlDihlnSogEddm8xh4OPb7SjJLJayhVcnnYx6mA7Ge:DlDihln5Zg4S913hVcnYx6r", "Imports Hash": "d41d8cd98f00b204e9800998ecf8427e" }, "Image Optional Header": { "Magic": "PE32", "LinkerVersion": "11.0", "SizeOfCode": 11776, "SizeOfInitializedData": 104448, "SizeOfUninitializedData": 0, "AddressOfEntryPoint": "0x00004D8E (Section: .text)", "BaseOfCode": 8192, "BaseOfData": 24576, "ImageBase": 4194304, "SectionAlignment": 8192, "FileAlignment": 512, "OperatingSystemVersion": "4.0", "ImageVersion": "0.0", "SubsystemVersion": "4.0", "Win32VersionValue": 0, "SizeOfImage": 139264, "SizeOfHeaders": 512, "Checksum": 0, "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_GUI", "DllCharacteristics": [ "IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE", "IMAGE_DLLCHARACTERISTICS_NO_SEH", "IMAGE_DLLCHARACTERISTICS_NX_COMPAT", "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE" ], "SizeofStackReserve": 1048576, "SizeofStackCommit": 4096, "SizeofHeapReserve": 1048576, "SizeofHeapCommit": 4096, "LoaderFlags": 0, "NumberOfRvaAndSizes": 16 }, "PE Header": { "Signature": "PE", "Machine": "IMAGE_FILE_MACHINE_I386", "NumberofSections": 3, "TimeDateStamp": "2014-Dec-22 11:54:25", "PointerToSymbolTable": 0, "NumberOfSymbols": 0, "SizeOfOptionalHeader": 224, "Characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_EXECUTABLE_IMAGE" ] }, "Plugins": { "packer": { "level": 2, "plugin_output": { "info_0": "The PE only has 0 import(s)." }, "summary": "The PE is possibly packed." }, "virustotal": { "level": 3, "plugin_output": { "MicroWorld-eScan": "Trojan.Generic.21535984", "McAfee": "RDN/Generic.grp", "AegisLab": "Troj.MSIL.Agent.mgRQ", "Arcabit": "Trojan.Generic.D1489CF0", "Symantec": "Trojan.Gen.2", "TrendMicro-HouseCall": "TROJ_GEN.R00XC0EE317", "BitDefender": "Trojan.Generic.21535984", "Ad-Aware": "Trojan.Generic.21535984", "Emsisoft": "Trojan.Generic.21535984 (B)", "F-Secure": "Trojan.Generic.21535984", "DrWeb": "Trojan.KillFiles.24781", "TrendMicro": "TROJ_GEN.R00XC0EE317", "McAfee-GW-Edition": "RDN/Generic.grp", "Ikarus": "Trojan.Atros", "Jiangmin": "Trojan/MSIL.gegi", "Avira": "TR/Killfiles.euxaz", "Antiy-AVL": "Trojan/MSIL.Agent", "GData": "Trojan.Generic.21535984", "ALYac": "Trojan.Generic.21535984", "MAX": "malware (ai score=85)", "Fortinet": "PossibleThreat", "Panda": "Trj/CI.A", "CrowdStrike": "malicious_confidence_100% (D)" }, "summary": "VirusTotal score: 23/65 (Scanned on 2017-09-01 10:11:02)" } }, "Sections": { ".text": { "MD5": "e7263b70b03c8f026eccc2b0d09b899c", "SHA1": "808ade0f6c1b015ce1198cf0b62f14cbe8129971", "SHA256": "302309a04874edc388dcb73db99fe684e2f85b1f77383fe1aacd7f5a36551f77", "SHA3": "fbfe21caf15351644312840175799a84b042b12057cd5ca16281b0f54c400b14", "VirtualSize": 11668, "VirtualAddress": 8192, "SizeOfRawData": 11776, "PointerToRawData": 512, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ" ], "Entropy": 3.56625 }, ".rsrc": { "MD5": "6d852566e931a4eee6c8578924e1a6f9", "SHA1": "85ebfa4658d79407877cc5062813754b2ab4620b", "SHA256": "13c45d2cae650f30b1f85b3bc0e335ff0e97c29ee71d6573b13554e0b24661af", "SHA3": "5975f3b69b58b20964c720b0b2ac3725d06a65e5f75f1dab55461aab6fa7dee8", "VirtualSize": 103560, "VirtualAddress": 24576, "SizeOfRawData": 103936, "PointerToRawData": 12288, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 0.47946 }, ".reloc": { "MD5": "dac9b23b7525d28049a34f3ff12c36e7", "SHA1": "567b97f01ec1aeb71c0b4bb4bbbb4aa85aee08f6", "SHA256": "a70155463cfb173a6366240e0068ad27e4874382063128f9b67d3b86789ea87e", "SHA3": "e9fe4a5945b7e11afc0db46a70eefe42d7935686a571a44be6de00b7339bb112", "VirtualSize": 12, "VirtualAddress": 131072, "SizeOfRawData": 512, "PointerToRawData": 116224, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_READ" ], "Entropy": 0.414679 } }, "Summary": { "Architecture": "IMAGE_FILE_MACHINE_I386", "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_GUI", "Compilation Date": "2014-Dec-22 11:54:25" } } }