0b35385c3460c558db0d6b42a1b41d90

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Oct-28 03:33:44
Detected languages English - United States
TLS Callbacks 2 callback(s) detected.
Debug artifacts C:\Repos\Launcher\x64\Release\Launcher.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Possibly launches other programs:
  • CreateProcessW
 Leverages the raw socket API to access the Internet:
  • #23
  • #16
  • #115
  • getaddrinfo
  • #3
  • freeaddrinfo
  • #19
  • #4
  • #116
 Manipulates other processes:
  • OpenProcess
  • Process32NextW
  • Process32FirstW
Info The PE's resources present abnormal characteristics. Resource 101 is possibly compressed or encrypted.
Suspicious VirusTotal score: 1/72 (Scanned on 2020-11-21 07:10:11) Cynet: Malicious (score: 100)

Hashes

MD5 0b35385c3460c558db0d6b42a1b41d90
SHA1 0cffe1c2861842fd5a7b8f00a72a0be6b6a04438
SHA256 3a2eac0e2dfb01d86dd71716768a986821feecc1c47aafa7374155927faa7eb6
SHA3 c2d47640a3ad63275124a55b3a234b1dce4be83980b4c34519d1638c63f37492
SSDeep 384:ur7Crjva/88n+f19AJGVLImCU9RssosoVDv0ghy:u27AezDOlU9CsvqDcgh
Imports Hash 77566590a4c769e9d9c5d7b50bbb5429

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2020-Oct-28 03:33:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2600
SizeOfInitializedData 0x3600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002374 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3f7d8278ce5431f0f422020053bd5d06
SHA1 213e07fd304f2c940bbdb65f0b97ecfc6e5b0ddd
SHA256 3d90b3eebdf38e868a3bce83c3d87dc85e655ef13c27ee4008f03826e2343a81
SHA3 23dbaee248c24ff641f632f2f61820c45481289a11fc24d9a483276a0e570354
VirtualSize 0x242e
VirtualAddress 0x1000
SizeOfRawData 0x2600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.96284

.rdata

MD5 2debad5da85b5cf440099a447488accf
SHA1 edf1da96f97ca3c6af7539a650c867bc0e7ebefa
SHA256 197598fabf81dde13d0cb109144417b3d843c2f0e50770dac03428d3054aa90a
SHA3 8e487c836391d6cbbd691f3a55c74cf2122f1d6b56ed56c018cd35d07fbbcf5d
VirtualSize 0x1ce8
VirtualAddress 0x4000
SizeOfRawData 0x1e00
PointerToRawData 0x2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.18387

.data

MD5 b78accbac7aaac9f129c94053b3d85b6
SHA1 d85ef98acb389b979a2ec87f96d652aa8d457038
SHA256 41e5cc4bad2e8f6a22e4416c85c38df9d5b467cdcf4da0a387b3570074be78c0
SHA3 a64182e182c1debdfb148916e33303e6ae2aa3fb3a6bef8622cc8c5b4704e0b6
VirtualSize 0x728
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.40837

.pdata

MD5 e161c6614823503a09012ed864cd318d
SHA1 a906036ad79bc78f788bc0a026a971cb12799795
SHA256 e6ab21132d00498294fe5a7084c1fbf21b4322db183d15c9c0f16f806ca326dc
SHA3 2b4ddb9a9287d0955157fc4e3f9a13de332782f9516f7a9132ec89a9b3f86a55
VirtualSize 0x324
VirtualAddress 0x7000
SizeOfRawData 0x400
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.28123

.rsrc

MD5 7e2fbf1a832d307e29efb3a07ef9048c
SHA1 673c0698bf15be68a8a3ccbfd67a6999d7ef3ae3
SHA256 51136c63a4dcdcac7488eb218a3f529911f9f5bbbeb0be33e1180d1bd1441a20
SHA3 56f7ff704fa34de03927b0c3e2ae232284cd1a8f6e1e70c8e74d57cbf324f1d9
VirtualSize 0x9c0
VirtualAddress 0x8000
SizeOfRawData 0xa00
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.59356

.reloc

MD5 ec8e4d30ce2a8c3f5530a3d6096e94f6
SHA1 2a59b4597171f13a99ef648f0579282bfba7f80f
SHA256 c13c058192014a12e07d65491310a9755562ae3e315adf25c593a07cea0c5362
SHA3 ce577f16c8f1811e5e69bc32e3306081c30dde3e762001e252bac82e5c33b8aa
VirtualSize 0x64
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.38947

Imports

KERNEL32.dll SizeofResource
VirtualAlloc
LockResource
LoadResource
FindResourceW
GetModuleHandleW
GetModuleFileNameW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
K32GetModuleBaseNameW
Process32FirstW
CloseHandle
GetCurrentProcessId
CreateProcessW
GetComputerNameExA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetLastError
RtlCaptureContext
MultiByteToWideChar
LocalFree
OLEAUT32.dll #16
#8
#22
#9
#411
#15
#21
#26
#2
#6
WS2_32.dll #23
#16
#115
getaddrinfo
#3
freeaddrinfo
#19
#4
#116
mscoree.dll CLRCreateInstance
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __current_exception_context
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
__C_specific_handler
__std_terminate
memset
__current_exception
api-ms-win-crt-runtime-l1-1-0.dll _initialize_narrow_environment
_get_initial_narrow_environment
terminate
_crt_atexit
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_register_onexit_function
_initterm
exit
_initialize_onexit_table
__p___argv
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argc
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vswprintf
__p__commode
_set_fmode
api-ms-win-crt-heap-l1-1-0.dll free
malloc
_set_new_mode
_callnewh
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

101

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0x7a0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.91452
MD5 6f146aa5fb229c479b59d0c54f7230df
SHA1 04a66d05ff03a839d80c7eff6a8d52e35ad74977
SHA256 7fa7322497cc3e42afa8ef33667383c605f7f112122cf2c5f876403f07079702
SHA3 24c62dd354c1457a0511ffca74058bd7d9001897073b13e383afc1a1fe489cd6

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Oct-28 03:33:44
Version 0.0
SizeofData 67
AddressOfRawData 0x49ac
PointerToRawData 0x33ac
Referenced File C:\Repos\Launcher\x64\Release\Launcher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Oct-28 03:33:44
Version 0.0
SizeofData 20
AddressOfRawData 0x49f0
PointerToRawData 0x33f0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Oct-28 03:33:44
Version 0.0
SizeofData 872
AddressOfRawData 0x4a04
PointerToRawData 0x3404

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2020-Oct-28 03:33:44
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140004d90
EndAddressOfRawData 0x140004d91
AddressOfIndex 0x140006120
AddressOfCallbacks 0x140004390
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_1BYTES
Callbacks 0x0000000140001270
0x0000000140001440

Load Configuration

Size 0x130
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140006008

RICH Header

XOR Key 0x9cda5573
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (28619) 4
Imports (VS2008 build 21022) 2
C++ objects (28619) 34
C objects (28619) 10
ASM objects (28619) 4
Imports (27412) 7
Total imports 99
265 (28806) 3
Resource objects (28806) 1
151 1
Linker (28806) 1

Errors

<-- -->