0507575641d200f4d273e87acb964ed2a8feedfcf664bab4c34df6746c02a256

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Nov-11 20:13:14
Detected languages English - United States
Debug artifacts c:\Users\User\Documents\Visual Studio 2008\Projects\DAZXCFGTYUNI\Release\DAZXCFGTYUNI.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 55/64 (Scanned on 2026-03-03 17:16:44) ALYac: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
APEX: Malicious
AhnLab-V3: Trojan/Win32.Emotet.R294637
Alibaba: Trojan:Win32/Emotet.9d47c22c
Antiy-AVL: Trojan[Banker]/Win32.Emotet
Arcabit: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
Avira: HEUR/AGEN.1318123
BitDefender: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
Bkav: W32.AIDetectMalware
CAT-QuickHeal: TrojanBanker.Emotet
CTX: exe.trojan.emotet
ClamAV: Win.Trojan.Emotet-7338391-0
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
Cynet: Malicious (score: 99)
DrWeb: Trojan.Emotet.762
ESET-NOD32: Win32/Emotet.BN trojan
Elastic: malicious (high confidence)
Emsisoft: Trojan.Emotet (A)
F-Secure: Heuristic.HEUR/AGEN.1318123
Fortinet: W32/Kryptik.GXIK!tr
GData: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
Google: Detected
Gridinsoft: Malware.Win32.Emotet.tr
Ikarus: Trojan-Banker.Emotet
Jiangmin: Trojan.Banker.Emotet.lfs
K7AntiVirus: Trojan ( 0055d5751 )
K7GW: Trojan ( 0055d5751 )
Kingsoft: Win32.Trojan-Banker.Emotet.gen
Lionic: Trojan.Win32.Emotet.L!c
Malwarebytes: Malware.AI.2311593780
MaxSecure: Trojan.Malware.74690904.susgen
McAfeeD: ti!0507575641D2
MicroWorld-eScan: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
Microsoft: Trojan:Win32/Emotet.PG!MTB
NANO-Antivirus: Trojan.Win32.Emotet.gditho
Paloalto: generic.ml
Panda: Trj/GdSda.A
Sangfor: Spyware.Win32.Emotet.Vgbd
Sophos: Mal/Generic-S
Symantec: Trojan.Emotet
Tencent: Malware.Win32.Gencirc.14632168
Trapmine: suspicious.low.ml.score
TrendMicro: TrojanSpy.Win32.EMOTET.SMB.hp
TrendMicro-HouseCall: TrojanSpy.Win32.EMOTET.SMB.hp
VIPRE: Dump:Generic.ShellCode.RDI.Marte.1.99A97195
Varist: W32/Emotet.ZY.gen!Eldorado
ViRobot: Trojan.Win.Z.Emotet.178688.B
VirIT: Trojan.Win32.Emotet.BNB
Webroot: W32.Trojan.Emotet
Yandex: Trojan.GenAsa!RiYntR8m+lY
Zillya: Trojan.Emotet.Win32.18172
Zoner: Trojan.Win32.85612
alibabacloud: Trojan[stealer]:Win/Emotet.76707dcf
huorong: VirTool/Obfuscator.dp

Hashes

MD5 b4aafaca718db0917984034ff26961a6
SHA1 31c15dfeac1220a098c96deb552655d62d464cdf
SHA256 0507575641d200f4d273e87acb964ed2a8feedfcf664bab4c34df6746c02a256
SHA3 4f0d287a1ccc2482d9a459585b04cb4b33f7758ddbaa02a03094bf0b2c2e52c0
SSDeep 3072:1efx+Z+FjoD/aPkInA/n7kl7m56mztCb+ZLhzI5alj/5ISf:1e4+pPkAA/gJm5tg+ZLhzialjyu
Imports Hash e28e04a7ac948b435bd640e83b2d285c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Nov-11 20:13:14
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x11800
SizeOfInitializedData 0x1ba00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00003228 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x13000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x31000
SizeOfHeaders 0x400
Checksum 0x32446
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1597514a0dd33da02b768614b5360113
SHA1 1c9b7c4efeb6f2d53d3061abbe8135fc3a0814ad
SHA256 7dea6528b5bface4968c048188621c6d10ed0c07fc424b829bbc0a9011a48103
SHA3 af45ddde9080ae28c9d92e2412c439a46b3dac41f9b3cd1739f1bda7531a6070
VirtualSize 0x1172f
VirtualAddress 0x1000
SizeOfRawData 0x11800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.7231

.rdata

MD5 e4a263c354b313c9966959c605e5e40c
SHA1 f3c3398c2ad79ca8849fa0b1180015129fbb2386
SHA256 d57077c9f62623e44730702f16e8f08f0a2ddcbe05f47a9d49df8285b45b36c8
SHA3 b490975bcf8a75e1ad3512c057e173b9e6ee3d3df24e6dff430e337879bbba08
VirtualSize 0x18002
VirtualAddress 0x13000
SizeOfRawData 0x18200
PointerToRawData 0x11c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.2794

.data

MD5 739bbc801d0c8ce60af1fae123572b70
SHA1 b7771a1ec759ef93dfdc95303490d4b926c0be05
SHA256 4b6a56676ef4d3294e7a88a1932541b93104492ae7a3ca7aa839a19ad0638add
SHA3 75494f60bde17ebf9ad432848cd1e4048650bfd53ebf513e9d7a6935d7de7300
VirtualSize 0x335c
VirtualAddress 0x2c000
SizeOfRawData 0x1800
PointerToRawData 0x29e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.51324

.rsrc

MD5 b36446a632d400aa4be99318d9547ff7
SHA1 94c3a33f8946c925f011b345924c65e0df522eae
SHA256 43c67a2f6507166bb66a1a6b771822c14c2e4ec4cd46e193e0e226150826c8d6
SHA3 8edd6bb9b196f35a0e35bc963f19036b7d191a4f4da474b95cb0f95aa1cd5bbc
VirtualSize 0x36a
VirtualAddress 0x30000
SizeOfRawData 0x400
PointerToRawData 0x2b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.0725

Imports

USER32.dll LoadStringW
KERNEL32.dll HeapAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
RtlUnwind
GetLastError
HeapFree
CloseHandle
RaiseException
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Delayed Imports

DSAXZCTYHJKIOP

Ordinal 1
Address 0x14c0

36

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.39929
MD5 83419d82ca6df32f36acfcf4ab39bd1a
SHA1 ab9f4af2b43684e695f355232ebf27de3f511ceb
SHA256 88cbb66681c426441a7b8968e900d212f0defe82d14db8c5add5b1664c6e56ac
SHA3 17729eb1a241d7bfe771915de3c7c69338a16df71653a1ec2502c1c4ffd64b2f

44

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x6c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36795
MD5 937369aa6a5dcec1926ee2b4de350ea1
SHA1 801bb1b9aaecc302a9a3b552703f118b36bc2318
SHA256 dafe1e950d0fdfe2bdf67350674e0a799e21e1523a68ed45098609275e2da315
SHA3 e7993605ac64ab6c16a8e2bd4938170b1d75e9cfdea199f7dbeffe9dd98d9203

65

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.34631
MD5 0cccb2b99a0f6054e79f82f04a905127
SHA1 147c79a55e6159500f6135863a8f6f972120254a
SHA256 190ef72a35036c413198f3272fe12b49939d02d30ec3b70336d9d27c5c31fa43
SHA3 5e0e16859ff9fffe1a8b52777cbcb7654ec2938d082edec1059a93a588670ee8

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x196
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93317
MD5 7cb71b006fcdcf8ade80e31fd5ab8060
SHA1 655380fb2cca01b0ca707f748fc7dcf006732518
SHA256 be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243
SHA3 1a03e76e664cba5cc9c5b4570c991d3f72475aebcf3d870270d080dcf1246092

String Table contents

1260387982
っャジ私ャすたェェャきたジス意のでた愛いもててい任すャもはも愛っ愛のスス愛て
3487774651

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Oct-06 19:45:36
Version 0.0
SizeofData 114
AddressOfRawData 0x29e50
PointerToRawData 0x28a50
Referenced File c:\Users\User\Documents\Visual Studio 2008\Projects\DAZXCFGTYUNI\Release\DAZXCFGTYUNI.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x42c02c
SEHandlerTable 0x42a0e0
SEHandlerCount 12

RICH Header

XOR Key 0x95b215f8
Unmarked objects 0
C++ objects (VS2008 build 21022) 53
ASM objects (VS2008 build 21022) 28
C objects (VS2008 build 21022) 142
Imports (VS2012 build 50727 / VS2005 build 50727) 5
Total imports 89
138 (VS2008 build 21022) 2
Exports (VS2008 build 21022) 1
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors

Leave a comment

No comments yet.