09f1305bf6446675becbce188eaa23b7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Apr-15 02:03:40
Comments %%^%%%%$$$#$###
CompanyName 8&*&&^&^^^%%%^%%$%%$
FileDescription ^$%$##$#$$$%$$$%
FileVersion 2.21.54.1
InternalName 5411M.exe
LegalCopyright Copyright © 2018
OriginalFilename 5411M.exe
ProductName HGFTFDFDDSD
ProductVersion 2.21.54.1
Assembly Version 0.0.0.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VMWare presence:
  • VMware
Suspicious This PE is packed with RPCrypt Unusual section name found: i\x1bh\x16&\x02\x03\x0b
Section i\x1bh\x16&\x02\x03\x0b is both writable and executable.
Unusual section name found:
Suspicious The PE is possibly a dropper. Resources amount for 75.0618% of the executable.
Malicious VirusTotal score: 52/68 (Scanned on 2018-10-02 07:33:18) MicroWorld-eScan: Trojan.GenericKD.6409891
CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4
McAfee: Packed-ZI!09F1305BF644
Cylance: Unsafe
TheHacker: Trojan/Kryptik.mlj
K7GW: Trojan ( 00524be01 )
K7AntiVirus: Trojan ( 00524be01 )
Arcabit: Trojan.Generic.D61CEA3
TrendMicro: TROJ_TIGGRE.DA
F-Prot: W32/MSIL_Injector.OE.gen!Eldorado
Symantec: Trojan.Gen
TrendMicro-HouseCall: TROJ_TIGGRE.DA
Avast: Win32:Malware-gen
Kaspersky: Trojan.MSIL.Phny.qf
BitDefender: Trojan.GenericKD.6409891
NANO-Antivirus: Trojan.Win32.Crypt.exioyy
Paloalto: generic.ml
Tencent: Win32.Trojan.Inject.Auto
Ad-Aware: Trojan.GenericKD.6409891
Emsisoft: Trojan.GenericKD.6409891 (B)
Comodo: UnclassifiedMalware
F-Secure: Trojan.GenericKD.6409891
DrWeb: Trojan.PWS.Stealer.19347
Zillya: Trojan.Crypt.Win32.40920
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Generic.fh
Fortinet: MSIL/Kryptik.MLJ!tr
Sophos: Mal/Generic-S
SentinelOne: static engine - malicious
Cyren: W32/MSIL_Injector.OE.gen!Eldorado
Jiangmin: Trojan.MSIL.ijva
Webroot: W32.Spyware.Tesla
Avira: HEUR/AGEN.1002656
MAX: malware (ai score=100)
Antiy-AVL: Trojan/MSIL.Crypt
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Tiggre!rfn
AegisLab: Troj.Msil.Crypt!c
ZoneAlarm: Trojan.MSIL.Phny.qf
AhnLab-V3: Trojan/Win32.Crypt.C2365240
ALYac: Trojan.MSIL.Crypt.gen
AVware: Trojan.Win32.Generic!BT
VBA32: Trojan.MSIL.Crypt
Malwarebytes: Spyware.AgentTesla
ESET-NOD32: a variant of MSIL/Kryptik.MLJ
Yandex: Trojan.Phny!
Ikarus: Trojan.VB.Crypt
GData: Win32.Trojan.Kryptik.JK
AVG: Win32:Malware-gen
Cybereason: malicious.bf6446
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: Win32/Trojan.a19

Hashes

MD5 09f1305bf6446675becbce188eaa23b7
SHA1 83fb556a3a6e345939e8ff70715774d7037f86a2
SHA256 1723a93256f6134d2407e7641acb8dd4447e38cb4931dfd094ab15e2eea39cac
SHA3 922e28d898b7df9dfce29a423ce9b8972c6c6de1ca4db4869d3255ea84853784
SSDeep 6144:7i19R+SCkVjp1UrqTDOKnl2+cf5zB+9X5vma/5x8tL9cAiOnx5RTqCwmV/90S0v:7i1HC2jp1UrqTDOKnlJUB+9B8xKAiOq
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2017-Apr-15 02:03:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x8400
SizeOfInitializedData 0x52600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0006200A (Section: )
BaseOfCode 0x10000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x64000
SizeOfHeaders 0x400
Checksum 0x5ea10
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

i\x1bh\x16&\x02\x03\x0b

MD5 0950963b07d6c7c6442c4017e9177f8f
SHA1 8b6b48d3148a2da3be982fa369eace4863567dba
SHA256 ed1c2b1c198d54f3adce797236a31d4c615879194c0cbde73320e87e45e6df90
SHA3 b2bd0f2672e607b482ca8ffdf4af433e0ea9c58121d5cc6c312dddb32add9c5e
VirtualSize 0xdcc0
VirtualAddress 0x2000
SizeOfRawData 0xde00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99649

.text

MD5 1a8d060506d4636a9db49813ccd19b6c
SHA1 cc7e4fff00176483fda70ed518156ecb2accaa95
SHA256 88869f3608d2d6a24bc9de9716f5eb96379c0b3acd9f64adbc593c12c0ccbb05
SHA3 39436a21dc8a3fc678840b3192ddd8afb220b13a1dd97f92065fffa5e4efe2fd
VirtualSize 0x80c8
VirtualAddress 0x10000
SizeOfRawData 0x8200
PointerToRawData 0xe200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.86769

.rsrc

MD5 e2e4a1ae237d1eb1279926dd0c09aaa1
SHA1 5f9ef6e3fa1da41b7c516793591da8219065ed38
SHA256 c85c3f15e31d2308bc2710a44869d81b48be616daa439b58f4997fab1c407cfc
SHA3 d56e6e272c7d9c03e1ce4eea6fa7b7ceaf7838648813b58e0bbb72bf428a99c9
VirtualSize 0x44408
VirtualAddress 0x1a000
SizeOfRawData 0x44600
PointerToRawData 0x16400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.04375

.reloc

MD5 9671074003f92c986a18f008e4cdab89
SHA1 20371027e1ac080cbb8d8a8ce23845c28418ff4b
SHA256 c3682535e1cda67d576db1b99227ce396a8e89eea5b541141734ceed3c8876f2
SHA3 b69ea80b2990c59fbb702f05a8f4d676e1de7e7b60d537bbb785ad215412dac1
VirtualSize 0xc
VirtualAddress 0x60000
SizeOfRawData 0x200
PointerToRawData 0x5aa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0980042

MD5 0f9bfa3c1db01f267a7f6becb10e3fc1
SHA1 f6af9100f7ea162943341a45212f23e83789b89a
SHA256 e1a39cfa1057baa68360b58bca15ff4b63e55b8f92a1d4aac0837b0569bbb813
SHA3 66225ebfc9f0683a538338c7dba465e55b6017196199be0787a2ddd8326fc593
VirtualSize 0x10
VirtualAddress 0x62000
SizeOfRawData 0x200
PointerToRawData 0x5ac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.142636

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x340
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48967
MD5 0bfdabd6fc2cce3a47f4a6ab6af6727e
SHA1 2bbfd68c703f382a31e9bd6b46ceae25f83a1d4c
SHA256 8011891fffa148b25b9fb6d59e4110d8b721d06c99b24205f707e08ee316fde0
SHA3 0e920c7c98b8bbf15aec53bd46521edfbcc398d62a50925114abfcb8fe5ef76f

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x44026
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.02515
MD5 b6427a0033b4e2ba83b0626fb42f4835
SHA1 01048546c11e96deb98d55ff41b4d2f891ea38b5
SHA256 c65b5df3e8f4209126b06ff88f63751a830529bb0cd492bbf6c309ee316c7b82
SHA3 7d8c6258246d7b13992ee367ea8fc53d428fc4884364692e9838d54b72dc5a8c

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.21.54.1
ProductVersion 2.21.54.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments %%^%%%%$$$#$###
CompanyName 8&*&&^&^^^%%%^%%$%%$
FileDescription ^$%$##$#$$$%$$$%
FileVersion (#2) 2.21.54.1
InternalName 5411M.exe
LegalCopyright Copyright © 2018
OriginalFilename 5411M.exe
ProductName HGFTFDFDDSD
ProductVersion (#2) 2.21.54.1
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors