Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-Jul-30 03:08:07 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: .msvcjmc |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 14/67 (Scanned on 2021-04-15 11:53:28) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (high confidence) FireEye: Generic.mg.16addbcee08fdefe Sangfor: Suspicious.Win32.Artemis.16ADDBCEE08F CrowdStrike: win/malicious_confidence_60% (W) APEX: Malicious Paloalto: generic.ml Rising: Malware.Heuristic!ET#81% (RDMK:cmRtazqzj3aP0nGljGJqzkBkGOO2) Comodo: .MalCrypt.Indus!@0 McAfee-GW-Edition: BehavesLike.Win32.Generic.cz Cynet: Malicious (score: 100) VBA32: suspected of Trojan.Downloader.gen Fortinet: PossibleThreat.MU BitDefenderTheta: Gen:NN.ZexaF.34678.0GW@aC!Gk@pi |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 2020-Jul-30 03:08:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xa3800 |
SizeOfInitializedData | 0x2ea00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00003D32 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xa5000 |
ImageBase | 0x240000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xd8000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WININET.dll |
InternetCloseHandle
HttpSendRequestA HttpOpenRequestA InternetConnectA InternetOpenA |
---|---|
ADVAPI32.dll |
CryptReleaseContext
CryptDestroyHash CryptHashData CryptCreateHash CryptEncrypt CryptDestroyKey CryptAcquireContextW CryptDeriveKey |
SHELL32.dll |
SHGetSpecialFolderPathA
|
KERNEL32.dll |
GetConsoleMode
FlushFileBuffers DecodePointer ReadConsoleW RtlUnwind GetConsoleCP SetFilePointerEx GetFileSizeEx CreateFileA DeleteFileA FindFirstFileA FindNextFileA GetFileSize ReadFile WriteFile CloseHandle GetLastError Sleep GetCurrentThreadId IsDebuggerPresent RaiseException MultiByteToWideChar WideCharToMultiByte UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetSystemTimeAsFileTime InitializeSListHead GetStartupInfoW GetModuleHandleW HeapAlloc HeapFree GetProcessHeap VirtualQuery FreeLibrary GetProcAddress HeapQueryInformation InterlockedPushEntrySList InterlockedFlushSList GetModuleFileNameW LoadLibraryExW CreateFileW SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer GetModuleHandleExW GetStdHandle ExitProcess GetCommandLineA GetCommandLineW HeapValidate GetSystemInfo GetCurrentThread GetFileType GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW OutputDebugStringW WriteConsoleW SetConsoleCtrlHandler FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW HeapReAlloc HeapSize |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x30b004 |
SEHandlerTable | 0x308a90 |
SEHandlerCount | 16 |
XOR Key | 0x1bea995d |
---|---|
Unmarked objects | 0 |
ASM objects (26715) | 13 |
C++ objects (26715) | 149 |
C objects (26715) | 18 |
C++ objects (VS 2015/2017/2019 runtime 28117) | 47 |
C objects (VS 2015/2017/2019 runtime 28117) | 17 |
ASM objects (VS 2015/2017/2019 runtime 28117) | 20 |
Imports (26715) | 9 |
Total imports | 104 |
C++ objects (VS2019 Update 4 (16.4.0-2) compiler 28314) | 1 |
Resource objects (VS2019 Update 4 (16.4.0-2) compiler 28314) | 1 |
Linker (VS2019 Update 4 (16.4.0-2) compiler 28314) | 1 |