Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Jun-28 14:45:44 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA256 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource ARCHIVE is possibly compressed or encrypted.
Resource DECOMPRESSOR detected as a PE Executable. Resources amount for 99.0524% of the executable. |
Malicious | VirusTotal score: 23/67 (Scanned on 2020-09-15 17:53:30) |
Bkav:
W32.AIDetectVM.malware2
Elastic: malicious (high confidence) Cylance: Unsafe K7AntiVirus: Unwanted-Program ( 004ba1a41 ) K7GW: Unwanted-Program ( 004ba1a41 ) Invincea: Generic ML PUA (PUA) Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/HackTool.CheatEngine.AF potentially unsafe APEX: Malicious Cynet: Malicious (score: 100) FireEye: Generic.mg.0bd7b65ed269e667 SentinelOne: DFI - Malicious PE GData: Win32.Riskware.Hacktool.D Jiangmin: TrojanSpy.KeyLogger.lsz eGambit: Unsafe.AI_Score_99% Antiy-AVL: HackTool[Hoax]/Win32.CheatEngine.a Microsoft: Trojan:Win32/Wacatac.DB!ml Acronis: suspicious Rising: Trojan.Generic@ML.100 (RDML:shrI9v1FSSZ6RbosN5iEAQ) Yandex: HackTool.CheatEngine!h2lP7QG9eRI MaxSecure: Trojan.Malware.300983.susgen Fortinet: Riskware/CheatEngine CrowdStrike: win/malicious_confidence_70% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2013-Jun-28 14:45:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x8e00 |
SizeOfInitializedData | 0x581200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000015EB (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xa000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x58e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x11163 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
PathAddBackslashA
PathStripPathA PathRemoveFileSpecA |
---|---|
KERNEL32.dll |
GetModuleFileNameA
FindResourceA GetModuleHandleA SizeofResource LoadResource GetTempPathA CreateDirectoryA DeleteFileA CreateFileA WriteFile CloseHandle CreateProcessA WaitForSingleObject RemoveDirectoryA FlushFileBuffers GetTempFileNameA GetCurrentThreadId GetCommandLineA GetStartupInfoA TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetModuleHandleW Sleep GetProcAddress ExitProcess GetStdHandle FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW WideCharToMultiByte GetLastError GetEnvironmentStringsW SetHandleCount GetFileType DeleteCriticalSection TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement SetLastError InterlockedDecrement HeapCreate VirtualFree HeapFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime SetFilePointer GetConsoleCP GetConsoleMode EnterCriticalSection LeaveCriticalSection GetCPInfo GetACP GetOEMCP IsValidCodePage LoadLibraryA InitializeCriticalSectionAndSpinCount HeapAlloc VirtualAlloc HeapReAlloc RtlUnwind SetStdHandle WriteConsoleA GetConsoleOutputCP WriteConsoleW MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW GetLocaleInfoA HeapSize |
USER32.dll |
MessageBoxA
|
ADVAPI32.dll |
ConvertStringSecurityDescriptorToSecurityDescriptorA
|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40db60 |
SEHandlerTable | 0x40b550 |
SEHandlerCount | 3 |
XOR Key | 0xd73b8ed3 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2008 build 21022) | 31 |
ASM objects (VS2008 build 21022) | 16 |
C objects (VS2008 build 21022) | 96 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 9 |
Total imports | 99 |
138 (VS2008 build 21022) | 2 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |