059bb09924b0d8cb7a8cffb72fd0bb03

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Aug-06 06:21:58
FileDescription Reduce backup recovery time and costs to reduce user impact
FileVersion 0.0.0.0
InternalName Emeka.exe
LegalCopyright
OriginalFilename Emeka.exe
ProductName Reduce backup recovery time and costs to reduce user impact
ProductVersion 0.0.0.0
Assembly Version 0.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Malicious VirusTotal score: 49/69 (Scanned on 2019-03-06 04:01:54) MicroWorld-eScan: Trojan.GenericKD.30815205
CAT-QuickHeal: Trojan.IGENERIC
McAfee: Artemis!059BB09924B0
Cylance: Unsafe
K7GW: Trojan ( 0052b34c1 )
K7AntiVirus: Trojan ( 0052b34c1 )
Arcabit: Trojan.Generic.D1D633E5
TrendMicro: TROJ_GEN.R002C0DLE18
Cyren: W32/Trojan.BJZ.gen!Eldorado
Symantec: Trojan Horse
TrendMicro-HouseCall: TROJ_GEN.R002C0DLE18
Paloalto: generic.ml
Kaspersky: Trojan.MSIL.Crypt.gsrj
BitDefender: Trojan.GenericKD.30815205
NANO-Antivirus: Trojan.Win32.Crypt.fcanek
ViRobot: Trojan.Win32.Z.Kryptik.481280.S
Ad-Aware: Trojan.GenericKD.30815205
Sophos: Troj/Inject-DLN
Comodo: Malware@#1tk6uspfzdnpn
F-Secure: Heuristic.HEUR/AGEN.1015993
DrWeb: Trojan.PWS.Stealer.19347
Zillya: Trojan.Kryptik.Win32.1423285
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Generic.gc
Fortinet: MSIL/Kryptik.OEH!tr
Trapmine: malicious.high.ml.score
Emsisoft: Trojan.GenericKD.30815205 (B)
SentinelOne: static engine - malicious
F-Prot: W32/Trojan.BJZ.gen!Eldorado
Jiangmin: Trojan.MSIL.jevl
Webroot: W32.Trojan.GenKD
Avira: HEUR/AGEN.1015993
MAX: malware (ai score=99)
Antiy-AVL: Trojan/MSIL.Crypt
Microsoft: Trojan:Win32/Bluteal!rfn
ZoneAlarm: Trojan.MSIL.Crypt.gsrj
Acronis: suspicious
ALYac: Trojan.GenericKD.30815205
Malwarebytes: Trojan.PasswordStealer.MSIL
Panda: Trj/GdSda.A
ESET-NOD32: a variant of MSIL/Kryptik.NJJ
Tencent: Msil.Trojan.Crypt.Fih
Ikarus: Trojan.MSIL.Inject
GData: Trojan.GenericKD.30815205
AVG: Win32:Malware-gen
Cybereason: malicious.924b0d
Avast: Win32:Malware-gen
CrowdStrike: win/malicious_confidence_100% (W)
Qihoo-360: HEUR/QVM03.0.3121.Malware.Gen

Hashes

MD5 059bb09924b0d8cb7a8cffb72fd0bb03
SHA1 87a02be494bc914211d91a45a9ccbf4d47238566
SHA256 0abb52b3e0c08d5e3713747746b019692a05c5ab8783fd99b1300f11ea59b1c9
SHA3 ec7ac3fc5468fd55def72eedcaa8b8754de3a3a721e6f981a8b0ce415f495279
SSDeep 6144:7jsPaZguP9OIuP3af2AdvqXASJpqAbzr+jX45taM/l4RFAwHfTH8zjpT:cPwZ1xuP31YvSqAbOjMl4R98JT
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Aug-06 06:21:58
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x74e00
SizeOfInitializedData 0x800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00076D7E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7c000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dfebde2be393626cfbb9c1d63a386d87
SHA1 a680ffd23a124f87dafa1e773c2b9a0fc458993b
SHA256 e9d5a07d04051d9ff054c9e512f66f502cc466819e5e92d1768b90284c6c5177
SHA3 63f59604e28b1a4bc8004989897ae9c9aa2125a9242d4b34d12c9d3454216a34
VirtualSize 0x74d84
VirtualAddress 0x2000
SizeOfRawData 0x74e00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.94724

.rsrc

MD5 3b9794ccc992acf68cf4302184d5cd26
SHA1 ab3378fa4829d226e45b665465ff39a1961c6aed
SHA256 763e4cc1947839bfe494be69043967ed039381fb65866f5352b789af93721b69
SHA3 54b9098414daffae321c8aee31d205cd0f36c0cf8c3c0b12ec2b619d341c5801
VirtualSize 0x5d4
VirtualAddress 0x78000
SizeOfRawData 0x600
PointerToRawData 0x75000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.3599

.reloc

MD5 3ec4ab36d5e374ab339a65589cba001c
SHA1 45664d7b52836f83bd8273392e7cce09b42c2dc6
SHA256 a8c52b87b93840027a29fef7b10250301a8c8b4fb0c6e6fb60aa2266d882ddf0
SHA3 eb41af24cd3898ad77e875c6bf263e5587f8b6fc94d6a48cd8e325e282ae41e9
VirtualSize 0xc
VirtualAddress 0x7a000
SizeOfRawData 0x200
PointerToRawData 0x75600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x348
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28959
MD5 722047a8acc668de4912e56d18612974
SHA1 7c43c1f82830535bfa7ccebb8ecfd62c380acf0f
SHA256 085471e0728158da8a368275d84b12b599f00c1d3e7a431a063cf30cf7627aed
SHA3 46f1074992f47d40b8eefe19adc235933e50aa67f627423d661de9a075988e63

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileDescription Reduce backup recovery time and costs to reduce user impact
FileVersion (#2) 0.0.0.0
InternalName Emeka.exe
LegalCopyright
OriginalFilename Emeka.exe
ProductName Reduce backup recovery time and costs to reduce user impact
ProductVersion (#2) 0.0.0.0
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors