17132e555876f1702124e8b2f63a8bb9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Feb-01 20:18:05

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Malicious VirusTotal score: 19/66 (Scanned on 2019-07-15 09:29:25) CAT-QuickHeal: Trojan.GenericPMF.S1944067
McAfee: Artemis!17132E555876
Cylance: Unsafe
Cyren: W32/Nitol.AB.gen!Eldorado
APEX: Malicious
Paloalto: generic.ml
Endgame: malicious (high confidence)
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Generic.mh
Trapmine: malicious.high.ml.score
FireEye: Generic.mg.17132e555876f170
F-Prot: W32/Nitol.AB.gen!Eldorado
Microsoft: Trojan:Win32/Fuery.B!cl
TACHYON: Trojan-Dropper/W32.Scrop.90624
Acronis: suspicious
Rising: Trojan.Generic@ML.92 (RDML:BScNWopemMBdofX6xIqCAQ)
SentinelOne: DFI - Suspicious PE
MaxSecure: Trojan.Malware.7164915.susgen
CrowdStrike: win/malicious_confidence_100% (W)

Hashes

MD5 17132e555876f1702124e8b2f63a8bb9
SHA1 cd9a0feb46dccc97bba4bf55d8203b0fd4805dfd
SHA256 af24fa989ca4eb94112ec285561190f0df0d24801ba5e7ef05c939a82ac1ae43
SHA3 3682dd1304a55421832f0ff9881b71e07f055358cff9500061408440c164346b
SSDeep 1536:k07ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfjwpOT:kKFfHgTWmCRkGbKGLeNTBfjr
Imports Hash 2c5f2513605e48f2d8ea5440a870cb9e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Feb-01 20:18:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x11200
SizeOfInitializedData 0x4c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .code)
BaseOfCode 0x1000
BaseOfData 0x13000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.code

MD5 da73045b586ab1e28e607f483a0c2ce0
SHA1 507983a0abe672ba6203b221d333ee56d059efd9
SHA256 9e4a4a5a85d7f56dbe993993414ad1845cda9d3f676803a7a3bbc95cfb8dec2a
SHA3 2206812f5c8ca53d71da884605200869a369ab2dcf9c347f0e057f122989afd4
VirtualSize 0x387e
VirtualAddress 0x1000
SizeOfRawData 0x3a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.52797

.text

MD5 45a4903077d6f7155f4006b168c87dca
SHA1 e45017f5e1a6c39a392914fc2b62281d81e3d806
SHA256 2785518da47da968edd245918c6ce4b38a1f1d314c9556b36b26d14e4cb00c94
SHA3 29b0134b9172776f45523d8b8f87084f34819a92754a0f43c6abd57c5fe03cf5
VirtualSize 0xd642
VirtualAddress 0x5000
SizeOfRawData 0xd800
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54615

.rdata

MD5 fc9dcbeb475affc5d4c8d32f8314c9b3
SHA1 372c95f62895d5a5c1d8b320ce5c57a1cae3d3a8
SHA256 be3aaad4078e702cd46b669fec9d297dfb3684b17454dbaca12b835376f9d542
SHA3 c63e0fefe810327ac7eea78ccbe4000fd153b28a413add8bcf628052a546845f
VirtualSize 0x33a8
VirtualAddress 0x13000
SizeOfRawData 0x3400
PointerToRawData 0x11600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.11033

.data

MD5 9ddd0ebb37e1052064a23b3056e1aec8
SHA1 06ba142232d7df5d9ee45b66e5b3113980e6b829
SHA256 44cfd0666e9d0b7c08fa8ea77adbfce0d903040dfce06e098bc8d1b2a9a21430
SHA3 c3ac9f9201316e7cde174bbb099b16b0615b180d2fa8294d786d1bb5d05b5e1f
VirtualSize 0x178c
VirtualAddress 0x17000
SizeOfRawData 0x1200
PointerToRawData 0x14a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10003

.rsrc

MD5 9a41e0ee981461a460fd53ca1582c50f
SHA1 0f7d9b6716a9e1b45433cf5d50524b4a79022434
SHA256 e2e00e10ae719bbf52864bb1dfefc6b3676fb9b6ae1bc78803b53c518fd00e76
SHA3 b35e8438ef0770e182928bdda6ca25fca6ee42c6dd3586ad9f859931b919ce08
VirtualSize 0x4e4
VirtualAddress 0x19000
SizeOfRawData 0x600
PointerToRawData 0x15c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.2665

Imports

MSVCRT.dll memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc
KERNEL32.dll GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject
USER32.DLL CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
GDI32.DLL GetStockObject
COMCTL32.DLL InitCommonControlsEx
SHELL32.DLL ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
WINMM.DLL timeBeginPeriod
OLE32.DLL CoInitialize
CoTaskMemFree
SHLWAPI.DLL PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Delayed Imports

38C9E9A25BF196A254E6E5ABAA3AEAD2

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x41
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.78376
MD5 607329c90181e9a4727674707df4b541
SHA1 3081ee316b2c5367fc134c0680b034d4dafb23c0
SHA256 98a08c43716511c3efdf6142174b15253d878ab83d09ec5cfa43d923f7d558b0
SHA3 cef59d1784b1438814800a951e2697ccd910536fc771c51ba85fb18b48a74940

47FC6589EE

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA3 2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7

527164C77186D6DB7F2C02688376EFC7

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.23593
MD5 7bb55e591962edd967c9a3039407256c
SHA1 e84642313805d66ef70fdada202992d040a1c2cc
SHA256 8fcbd3ba77d0af716d0b3f342b877539512ba665a6c5ad7999a531bff05a6a91
SHA3 116f25e12adcabbb7a50c5223cf85536391d06d1114f226b2e5d018f6907ff91

E3685CCA4DD048A13C5EA951A706BEC16A326A0B

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4183
MD5 898b4711c29b9813bfc2d9abb67fee6a
SHA1 60435d929e8dda0669a3233aab278e10ba9f9516
SHA256 3a026a92b44c6e76cde802e896911a195d34accd71fdaa22692f631d689e956e
SHA3 1d2e20c2a2807a139041addee7764ec05d3669adfe99595b40f2008ea3205b9f

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x263
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.92322
MD5 841795bb3b61ebd511249778aa26af77
SHA1 59f426938522ef9906b0740821e8cc270d1ca897
SHA256 be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7
SHA3 5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->