Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Mar-16 23:53:01 |
Detected languages |
English - United States
|
CompanyName | Microsoft Corporation |
FileDescription | Microsoft Direct3D |
FileVersion | 9.23.949.2378 |
InternalName | D3DX10.dll |
LegalCopyright | Copyright © Microsoft Corp. 1994-2007 |
OriginalFilename | D3DX10.dll |
ProductName | Microsoft® DirectX for Windows® |
ProductVersion | 9.23.949.2378 |
Suspicious | The PE is possibly packed. | Section .text is both writable and executable. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Kaspersky Lab
Issuer: VeriSign Class 3 Code Signing 2009-2 CA The file was modified after it was signed. |
Malicious | VirusTotal score: 58/67 (Scanned on 2022-01-10 12:43:44) |
Bkav:
W32.AIDetect.malware2
Lionic: Trojan.Win32.Shiz.lmYV Elastic: malicious (high confidence) Cynet: Malicious (score: 99) ALYac: Trojan.Ransom.Ryuk Cylance: Unsafe Zillya: Trojan.Generic.Win32.1381288 Sangfor: Trojan.Win32.Generic.ky K7AntiVirus: Trojan ( 0057a1ad1 ) BitDefender: Gen:Variant.Razy.852916 K7GW: Trojan ( 0057a1ad1 ) Cybereason: malicious.70c65a VirIT: Ransom.Win32.Ryuk.DAX Symantec: Downloader ESET-NOD32: a variant of Win32/Kryptik.HKDT APEX: Malicious Paloalto: generic.ml Kaspersky: HEUR:Trojan.Win32.Generic Alibaba: Ransom:Win32/Ryuk.ali1020007 NANO-Antivirus: Trojan.Win32.Packed2.irircx ViRobot: Trojan.Win32.RyukRansom.270848 MicroWorld-eScan: Gen:Variant.Razy.852916 Avast: Win32:Malware-gen Tencent: Malware.Win32.Gencirc.11bbd64d Ad-Aware: Gen:Variant.Razy.852916 Emsisoft: Gen:Variant.Razy.852916 (B) Comodo: Malware@#18mxhjovdjpmd DrWeb: Trojan.Packed2.42920 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Ransom.Win32.RYUK.FAIMDEW McAfee-GW-Edition: RDN/Ransom FireEye: Generic.mg.0eed6a270c65ab47 Sophos: Mal/Generic-S Ikarus: Trojan-Spy.Win32.CoinStealer GData: Gen:Variant.Razy.852916 Jiangmin: Trojan.Generic.guufx Webroot: W32.Gen.BT Avira: TR/Crypt.XPACK.Gen Antiy-AVL: Trojan/Generic.ASMalwS.32045A9 Gridinsoft: Ransom.Win32.Wacatac.oa!s1 Arcabit: Trojan.Razy.DD03B4 Microsoft: Ransom:Win32/Sodinokibi.AD!MTB TACHYON: Ransom/W32.Ryuk.279664 AhnLab-V3: Trojan/Win.Dridex.C4384280 McAfee: RDN/Ransom MAX: malware (ai score=100) VBA32: BScope.P2P-Worm.Palevo Malwarebytes: Ransom.Ryuk TrendMicro-HouseCall: Ransom.Win32.RYUK.FAIMDEW Rising: Trojan.Kryptik!8.8 (CLOUD) Yandex: Trojan.Agent!BT5vXCIL8d0 SentinelOne: Static AI - Malicious PE MaxSecure: Trojan.Malware.7164915.susgen Fortinet: W32/Generic!tr BitDefenderTheta: Gen:NN.ZexaE.34114.rq2@aycKqtgi AVG: Win32:Malware-gen Panda: Trj/GdSda.A CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2021-Mar-16 23:53:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 1.0 |
SizeOfCode | 0x2bc00 |
SizeOfInitializedData | 0x41200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0002C923 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1000 |
ImageBase | 0x35000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x60000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x45ba9 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
catsrv.dll |
DllUnregisterServer
|
---|---|
kernel32.dll |
IsProcessorFeaturePresent
GlobalUnlock GetUserDefaultUILanguage GetCurrentProcess QueryPerformanceCounter GetFileAttributesW LoadLibraryExW CloseHandle InitializeCriticalSectionAndSpinCount InitializeSListHead GetCurrentThreadId LoadLibraryA TerminateProcess CreateEventW GetModuleHandleW GetProcAddress SetUnhandledExceptionFilter VirtualProtectEx UnhandledExceptionFilter GlobalAlloc GlobalLock DeleteCriticalSection IsDebuggerPresent GetModuleFileNameW GetCurrentProcessId GetLastError OutputDebugStringW GetStartupInfoW |
msident.dll |
DllGetClassObject
|
ole32.dll |
CoUninitialize
CoInitialize CoCreateGuid |
rpcrt4.dll |
UuidCreate
|
user32.dll |
CloseClipboard
EnableWindow DrawIcon IsIconic EmptyClipboard OpenClipboard GetClientRect SendMessageW GetSystemMenu GetParent GetForegroundWindow SetClipboardData LoadIconW AppendMenuW GetSystemMetrics |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 9.23.949.2378 |
ProductVersion | 9.23.949.2378 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Microsoft Direct3D |
FileVersion (#2) | 9.23.949.2378 |
InternalName | D3DX10.dll |
LegalCopyright | Copyright © Microsoft Corp. 1994-2007 |
OriginalFilename | D3DX10.dll |
ProductName | Microsoft® DirectX for Windows® |
ProductVersion (#2) | 9.23.949.2378 |
Resource LangID | English - United States |
---|