16addbcee08fdefeafe90dfd72c9cd0e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Jul-30 03:08:07
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .msvcjmc
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Uses Microsoft's cryptographic API:
  • CryptReleaseContext
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptEncrypt
  • CryptDestroyKey
  • CryptAcquireContextW
  • CryptDeriveKey
 Has Internet access capabilities:
  • InternetCloseHandle
  • InternetConnectA
  • InternetOpenA
Malicious VirusTotal score: 14/67 (Scanned on 2021-04-15 11:53:28) Bkav: W32.AIDetect.malware2
Elastic: malicious (high confidence)
FireEye: Generic.mg.16addbcee08fdefe
Sangfor: Suspicious.Win32.Artemis.16ADDBCEE08F
CrowdStrike: win/malicious_confidence_60% (W)
APEX: Malicious
Paloalto: generic.ml
Rising: Malware.Heuristic!ET#81% (RDMK:cmRtazqzj3aP0nGljGJqzkBkGOO2)
Comodo: .MalCrypt.Indus!@0
McAfee-GW-Edition: BehavesLike.Win32.Generic.cz
Cynet: Malicious (score: 100)
VBA32: suspected of Trojan.Downloader.gen
Fortinet: PossibleThreat.MU
BitDefenderTheta: Gen:NN.ZexaF.34678.0GW@aC!Gk@pi

Hashes

MD5 16addbcee08fdefeafe90dfd72c9cd0e
SHA1 273895cc358c4c74f544eabd9791905c0ee95d97
SHA256 34115f39a2b1db6239b2ff6d982ae78b275f061ddfcb0ff71117f154225021ef
SHA3 553e6b473e036b9c0131a5969940c72fcb13278e7a73c2fd4e79ceeb6860738e
SSDeep 6144:1nhuo81iiiuuVfSKhEnJgAAgWRpYYM1vwnbekyIWdrV4OGgC5w28seKucGif/Y/:RgoyiiiuuVfSKgkdWFV0gpseKucGIcY
Imports Hash 5ab76505dfcbdd42c2ab72ea2da342e8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2020-Jul-30 03:08:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xa3800
SizeOfInitializedData 0x2ea00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00003D32 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xa5000
ImageBase 0x240000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xd8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c8282adb4e81f2565a0bff8da18a1be9
SHA1 00d7e4e8372e6ed2c3b04cfe13426091e0e7bb22
SHA256 a1c0480add7190079efaf4451f0057702a7d967adc52ab575c4bf33f60f1cfe9
SHA3 f16c0d1a2b6a436ef1669cc0ba5972fcc417d5c8f03c2728e1db7a6beeb76200
VirtualSize 0xa3797
VirtualAddress 0x1000
SizeOfRawData 0xa3800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.71137

.rdata

MD5 9412e3e31c91a97f3e1989ffff9a4da3
SHA1 d21f0dcee59fd4a4d35849151b51950f53dfac13
SHA256 27d43f7fd60950ec918490599c8b4b31e11b8d75d4283a46aba1b24196e9fe5d
SHA3 96c37cd2059a52cf6b7c278d6dd1a59f971ecbaa11edaefe4b1aec84e7995639
VirtualSize 0x251ce
VirtualAddress 0xa5000
SizeOfRawData 0x25200
PointerToRawData 0xa3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.50133

.data

MD5 821dd329c0e5f7c9b62ce68ab6c8b4a4
SHA1 43dae3d79f757f89f945441e069887db06eac423
SHA256 adc99401f9d4f4e8c2e081b4187dce0141e2a08d23fbedb6b4654fec1eb9caf6
SHA3 206aeeafe64137603e07bf600009b8ac472d59385187311e82e39bf4e833bdc2
VirtualSize 0x25d4
VirtualAddress 0xcb000
SizeOfRawData 0x1000
PointerToRawData 0xc8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.219

.idata

MD5 cc6e71a1a43726b304ecf2b202f11e83
SHA1 f31c278230a030a3d52ec8dfb4b9dc1f88b824bd
SHA256 5519b9db38f651d95b6555a12fe8de92d380d4edcbcbbc7b48d6a6d4b946ed56
SHA3 6345dd280a90eb2266a8cd8c21842b12b6d33be63d136f771fc00ad9a7e20b60
VirtualSize 0xf26
VirtualAddress 0xce000
SizeOfRawData 0x1000
PointerToRawData 0xc9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.79919

.msvcjmc

MD5 87d2cad14787eec51892c3abec76250e
SHA1 c20fbbdd1955cadc186677aae3bb017f9833ab6a
SHA256 15ac3f298c28cdf8dc46c2bdd4da64bb1f9708252200e8c8da440a568abdba7d
SHA3 802b76d2aa8c2b3b3b96431c932380c7ecf1f02b1601fd181ffec9c50f099317
VirtualSize 0x125
VirtualAddress 0xcf000
SizeOfRawData 0x200
PointerToRawData 0xcae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.329612

.00cfg

MD5 b68183789ca2e2d76ec0b8745c7754f7
SHA1 d8268a96a97f53b89849479b5ac14f0a00b72b5f
SHA256 8c51a06532758cefbbaf8fe9e38c703864012d4127149614c2eeff64a7ef7627
SHA3 581c877f2a023ae40ea44e0ce50f6458963a4b8fc1f39321fe523755abdcf0e3
VirtualSize 0x104
VirtualAddress 0xd0000
SizeOfRawData 0x200
PointerToRawData 0xcb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0611629

.rsrc

MD5 9ed611cedd79dbc37a0cddd82cdce833
SHA1 80db928e1b664e0b5eb46546affd9c9eb8b01a39
SHA256 69b313cecc5d6b6a48a3c1ae8a545876f0d3b4a6353ce879bb06ad030a8a2076
SHA3 e4c2e5e029c88f185a0531f092d4d3bee821505e890e4f875b25940b9ac64809
VirtualSize 0x506
VirtualAddress 0xd1000
SizeOfRawData 0x600
PointerToRawData 0xcb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.85108

.reloc

MD5 907ba0559e04ad5207ff949ba4376bd3
SHA1 19885895cc78fa25c38059e7560abd2899608928
SHA256 d2c37f934f69cb1db396d6d7ce21f7f6585f61b45168114c4803f9004dd2b403
SHA3 6fd89ed9470e467b9adf8a15500e531737497acf32e52023a01668822ac25b40
VirtualSize 0x5653
VirtualAddress 0xd2000
SizeOfRawData 0x5800
PointerToRawData 0xcb800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.20456

Imports

WININET.dll InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
ADVAPI32.dll CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptAcquireContextW
CryptDeriveKey
SHELL32.dll SHGetSpecialFolderPathA
KERNEL32.dll GetConsoleMode
FlushFileBuffers
DecodePointer
ReadConsoleW
RtlUnwind
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
GetLastError
Sleep
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
HeapQueryInformation
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
CreateFileW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetModuleHandleExW
GetStdHandle
ExitProcess
GetCommandLineA
GetCommandLineW
HeapValidate
GetSystemInfo
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapSize

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x224
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04378
MD5 245b863be176aab16ef1dbe168defe03
SHA1 c0a369f6f0e77b89c5d9d37fb94e1d5e2d431b5b
SHA256 59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa
SHA3 7efbe82f17422b353f747a146c1e8f1b9df37e90648150f2020442ff9477341e

Version Info

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x30b004
SEHandlerTable 0x308a90
SEHandlerCount 16

RICH Header

XOR Key 0x1bea995d
Unmarked objects 0
ASM objects (26715) 13
C++ objects (26715) 149
C objects (26715) 18
C++ objects (VS 2015/2017/2019 runtime 28117) 47
C objects (VS 2015/2017/2019 runtime 28117) 17
ASM objects (VS 2015/2017/2019 runtime 28117) 20
Imports (26715) 9
Total imports 104
C++ objects (VS2019 Update 4 (16.4.0-2) compiler 28314) 1
Resource objects (VS2019 Update 4 (16.4.0-2) compiler 28314) 1
Linker (VS2019 Update 4 (16.4.0-2) compiler 28314) 1

Errors

<-- -->