029a8af41e287bc3eaecd689cb73ab3f422cc7ebb8f04237e8d66cd4d07a61dd

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Oct-23 08:07:15
Detected languages English - United States

Plugin Output

Suspicious The PE is packed with mpress Unusual section name found: .MPRESS1
Section .MPRESS1 is both writable and executable.
Unusual section name found: .MPRESS2
Section .MPRESS2 is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. Has Internet access capabilities:
  • URLDownloadToFileW
  • InternetOpenW
Malicious VirusTotal score: 31/66 (Scanned on 2026-02-25 12:16:00) ALYac: Gen:Variant.Application.Ulise.132296
APEX: Malicious
Arcabit: Trojan.Application.Ulise.D204C8
BitDefender: Gen:Variant.Application.Ulise.132296
Bkav: W64.AIDetectMalware
CTX: exe.trojan.ulise
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.Ulise.132296 (B)
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Application.Ulise.132296
Google: Detected
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.3979498761
MaxSecure: Trojan.Malware.526895311.susgen
McAfeeD: ti!029A8AF41E28
MicroWorld-eScan: Gen:Variant.Application.Ulise.132296
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Rising: Trojan.Kryptik@AI.93 (RDML:lBMoa7uh0W+movbYOKNONg)
Sangfor: Trojan.Win32.Ulise.Vvmt
SentinelOne: Static AI - Malicious PE
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.high.ml.score
TrellixENS: Artemis!6A746AE42DFE
VIPRE: Gen:Variant.Application.Ulise.132296
Varist: W64/ABTrojan.TKKM-8168
alibabacloud: Suspicious

Hashes

MD5 6a746ae42dfeadc801ac09d42e40744b
SHA1 095ee9fea5fb3380a8d05dccf0d500c1e1c8939b
SHA256 029a8af41e287bc3eaecd689cb73ab3f422cc7ebb8f04237e8d66cd4d07a61dd
SHA3 03e7d521273b56e639a38ecb1ea0d8814e80f8e47b842fc1a58a9c0abd3b2cc4
SSDeep 768:pOoqOzLsw5rN/fxMKssZfkEL190S0oKjLHXQQfqXoeU/2UrFeS8cd:wuLd3xosZsk190S0oK3QQv/2UheS
Imports Hash e44265e9a6f69d24ef89ea22deea71ad

DOS Header

e_magic MZ
e_cblp 0x40
e_cp 0x1
e_crlc 0
e_cparhdr 0x2
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0xb400
e_oeminfo 0xcd09
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2025-Oct-23 08:07:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x10c00
SizeOfInitializedData 0x8800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001E3FA (Section: .MPRESS2)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x20000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.MPRESS1

MD5 e0c5a22c9e907a76cbea39808f2f7ac7
SHA1 6566b5984ff1cf54a7e8044341c3f900818543fa
SHA256 6b1e89f93f1c1842b4cd23a439033e835539a9cd3288d459a45d6d68e8288221
SHA3 41302266240dfacd5a441e6d8a7595a9034c47bb396ed269cf9ae1a2946139a5
VirtualSize 0x1d000
VirtualAddress 0x1000
SizeOfRawData 0x9200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.995

.MPRESS2

MD5 3ab055eb667905b3a8da4620d4509567
SHA1 ae9aab674ea5fe690c1e37a118a36f70ca496c9a
SHA256 da8651a359ab136cb3f51458be5c77b0a4b5e280996d97ac2d706f6d5fc87346
SHA3 aa471de9e6c280c2d391e1f3be29187002c8769ed80943a3e2f5d85b1996043b
VirtualSize 0xef4
VirtualAddress 0x1e000
SizeOfRawData 0x1000
PointerToRawData 0x9400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.84876

.rsrc

MD5 23a9216ac150bf442ee0cbf543040fb1
SHA1 5ff0dc0297087d5c2033d18c6792b3cbcb340037
SHA256 188c7ba0aa03b742711661bbe09fbe51fc043a92dc21243b676639127afe7bbf
SHA3 c9447d494414bdfd56b059757221a063f7df96e4da95587a28b814dc77f02868
VirtualSize 0x1d8
VirtualAddress 0x1f000
SizeOfRawData 0x200
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.71006

Imports

KERNEL32 GetModuleHandleA
GetProcAddress
MSVCP140.dll _Strxfrm
urlmon.dll URLDownloadToFileW
SHLWAPI.dll PathFileExistsW
WININET.dll InternetOpenW
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll memcpy
api-ms-win-crt-heap-l1-1-0.dll free
api-ms-win-crt-string-l1-1-0.dll wcscpy_s
api-ms-win-crt-runtime-l1-1-0.dll exit
api-ms-win-crt-locale-l1-1-0.dll ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.