077c16ef24a60509f3f6ae5cf6e37c38

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2022-Jul-28 04:56:18
Detected languages English - United States
Debug artifacts C:\Users\joezid\Source\Repos\ASCWG3\Release\ASCWG3.pdb

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
Malicious VirusTotal score: 6/70 (Scanned on 2022-08-06 03:37:19) Bkav: W32.AIDetect.malware2
Cynet: Malicious (score: 100)
Elastic: malicious (high confidence)
APEX: Malicious
MaxSecure: Trojan.Malware.300983.susgen
CrowdStrike: win/malicious_confidence_90% (W)

Hashes

MD5 077c16ef24a60509f3f6ae5cf6e37c38
SHA1 1106f6cae952a816e2aab55e2399476d77972d46
SHA256 ec8f7f6c102bdaf02dde6400b4b3a0d66bce530e58ae81f21c811e44e7223470
SHA3 1ea79680290c939b01c2aca48527408204eb3f850c6bf971d346bcdd75cb7187
SSDeep 192:N8ClLJyTvJhUc4oLw//jDR9EQHvgrjOQ8rMcUKbE5pz6FzgZeeZ:N8ClLJyTvJa2EjDPfHvWjtKbe0
Imports Hash 50de6a9ec937ab5a45411ca99c97f5d1

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2022-Jul-28 04:56:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1c00
SizeOfInitializedData 0x2800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001FE3 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2e31370cabc9c386a0429c76f6fbd4ad
SHA1 e32e8b9c1defde3ee8e96de269af3a8dc52dc27e
SHA256 ea57b149419eaea245809db218cb2c914f7ff57d7ef5f6e76223b95f88ec8ef2
SHA3 2a3f55320cebfb5cb4ecbfdec6ed8aa20fa353b7f238d812f28c98339d42ceef
VirtualSize 0x1a6f
VirtualAddress 0x1000
SizeOfRawData 0x1c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.15247

.rdata

MD5 0b376ba5b77726e06b829b4bf7557f59
SHA1 9fc1f21a8bad89ea565128fc611e5e1763311f4b
SHA256 11916c6a2bd06ae9896141f66113e1c230670b4416cd909bff871d9c5cd3898b
SHA3 a1de597a5671a5bd89c28609881aea821df38c6b9b9aec647f634108b17bbde8
VirtualSize 0xc46
VirtualAddress 0x3000
SizeOfRawData 0xe00
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.325

.data

MD5 2360d29f1f1fbdf74cf701b1256f123d
SHA1 d935e4288b717768ecfb749298f137e7903d3e22
SHA256 07137eaf0dc93b6abab9a39a13bfe0b0cf44ba0aba1d5d94db5cee28a713c5d1
SHA3 b31b9c9454d6d23e7cd27986651b6c6ab16ec06fc0646a58be0a6c94ee6d318b
VirtualSize 0x13e0
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.828106

.rsrc

MD5 d223c232889289f7388583adeff234e1
SHA1 c626ea22a142a61f8fae49784e0bf3b394949d93
SHA256 8d0e65473c37914d5f13864b6a4bceff6a94c8ea650ea1df6a5fd1ccd89d3aa3
SHA3 ef5414bed58ea3506d9b5314f7fe1d09d85dd0f20a21c81d881da7659997b852
VirtualSize 0x1e0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6976

.reloc

MD5 4af4ca2318c0d2bb9834a043b969e398
SHA1 9f6a989440ec2da6b592a4e50f3132f4b42f5d37
SHA256 6a9872a8c651d8487290cb8e2af851ba6ceff58e847f77a7ee1a9597430b9873
SHA3 d8faab23f0ab28e8c8430f5ca0dccdaab19ef60c2eb7e4b9804be386b785521c
VirtualSize 0x214
VirtualAddress 0x7000
SizeOfRawData 0x400
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.18592

Imports

KERNEL32.dll HeapFree
GetCurrentThread
LoadLibraryA
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
USER32.dll SwitchDesktop
CharUpperA
CreateDesktopA
ShowWindow
FindWindowA
VCRUNTIME140.dll strrchr
__current_exception
__current_exception_context
memset
_except_handler4_common
api-ms-win-crt-runtime-l1-1-0.dll _set_app_type
_initialize_onexit_table
_cexit
_c_exit
_crt_atexit
_controlfp_s
terminate
_seh_filter_exe
exit
_register_thread_local_exe_atexit_callback
__p___argv
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_register_onexit_function
_configure_narrow_argv
__p___argc
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2022-Jul-28 04:56:18
Version 0.0
SizeofData 79
AddressOfRawData 0x32c4
PointerToRawData 0x22c4
Referenced File C:\Users\joezid\Source\Repos\ASCWG3\Release\ASCWG3.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2022-Jul-28 04:56:18
Version 0.0
SizeofData 20
AddressOfRawData 0x3314
PointerToRawData 0x2314

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Jul-28 04:56:18
Version 0.0
SizeofData 596
AddressOfRawData 0x3328
PointerToRawData 0x2328

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2022-Jul-28 04:56:18
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xbc
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x404004
SEHandlerTable 0x4032c0
SEHandlerCount 1

RICH Header

XOR Key 0xdda0ab5c
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (VS 2015/2017/2019 runtime 29118) 2
C++ objects (VS 2015/2017/2019 runtime 29118) 19
C objects (VS 2015/2017/2019 runtime 29118) 12
ASM objects (VS 2015/2017/2019 runtime 29118) 3
Imports (27412) 5
Total imports 58
C++ objects (LTCG) (VS2019 Update 8 (16.8.5-6) compiler 29337) 1
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337) 1
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337) 1

Errors

<-- -->