1a3ef7b96688871fb793472b41d432bf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Aug-29 10:38:42
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is possibly packed. Section .text is both writable and executable.
Section .data is both writable and executable.
The PE only has 7 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Malicious VirusTotal score: 45/72 (Scanned on 2020-07-26 16:17:35) Bkav: W32.AIDetectVM.malware2
MicroWorld-eScan: Trojan.Generic.12966153
FireEye: Generic.mg.1a3ef7b96688871f
CAT-QuickHeal: Trojan.Dynamer
McAfee: Artemis!1A3EF7B96688
Cylance: Unsafe
Sangfor: Malware
CrowdStrike: win/malicious_confidence_80% (W)
K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
TrendMicro: TROJ_GEN.R002C0CGM20
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
BitDefender: Trojan.Generic.12966153
NANO-Antivirus: Trojan.Win32.Crypted.ffwukq
Avast: Win32:Malware-gen
Tencent: Win32.Trojan.Crypt.Dxxe
Ad-Aware: Trojan.Generic.12966153
Sophos: Mal/Generic-S
F-Secure: Trojan.TR/Crypt.XPACK.Gen
VIPRE: Trojan.Win32.Generic!BT
Invincea: heuristic
Trapmine: malicious.high.ml.score
Emsisoft: Trojan.Generic.12966153 (B)
Webroot: W32.Trojan.Gen
Avira: TR/Crypt.XPACK.Gen
Antiy-AVL: Trojan/Generic.Generic
Microsoft: Trojan:Win32/Dynamer!rfn
Endgame: malicious (high confidence)
Arcabit: Trojan.Generic.DC5D909
AegisLab: Trojan.Win32.Malicious.4!c
GData: Trojan.Generic.12966153
Cynet: Malicious (score: 85)
AhnLab-V3: Unwanted/Win32.KeyGen.C1356057
BitDefenderTheta: Gen:NN.ZexaF.34138.amW@aeV!Nig
ALYac: Trojan.Generic.12966153
MAX: malware (ai score=100)
VBA32: Trojan.Dynamer
TrendMicro-HouseCall: TROJ_GEN.R002C0CGM20
Ikarus: Trojan.Crypt
eGambit: Unsafe.AI_Score_57%
MaxSecure: Trojan.Malware.1728101.susgen
AVG: Win32:Malware-gen
Cybereason: malicious.966888
Panda: Trj/CI.A

Hashes

MD5 1a3ef7b96688871fb793472b41d432bf
SHA1 9f063314b83626a21f44a84ab01f4a481f86f697
SHA256 4846602248a56ba8b4295d2cac614b4861defd98ae8f4528e79265d375a4a128
SHA3 dedcd0fb6e795c060367f5b7264fe5a810c205d768832b883c1644f8ee172f6d
SSDeep 96:iCW+WKsyq+aQ0G89r9d8Iid1B2kaJptEhXCgB/A/IGWTQNOp1IDJUURKf:o+TsyDaQI9id1BpKpAXBmwRTQNCOUyK
Imports Hash 837c25c2579db69dabe8e2336d5b8f65

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2010-Aug-29 10:38:42
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x2000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x4000
AddressOfEntryPoint 0x000064B0 (Section: .data)
BaseOfCode 0x5000
BaseOfData 0x7000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x4000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data

MD5 dfaf008c5b7f102088983de49c344e19
SHA1 0bb214e5f78d4c8bc567a063d2c322a216ebdda5
SHA256 6c8c13d8c5a337c971ca55564aaa4cd2bf42753930771440060058d086a98efa
SHA3 034b6eca8e129588e5ac2015633c0ba2b56829e72f080ef4a231402ee3ab95fe
VirtualSize 0x2000
VirtualAddress 0x5000
SizeOfRawData 0x1800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.50527

.rsrc

MD5 cbbb31f7704b2533aeb90a0a7c3e2622
SHA1 240df611365d781bfa8b01e661a432791d5841c2
SHA256 71ba932b08f440554152b860d4844689d9523fd68dbe7c9fe9909cb4b24436fb
SHA3 3b199290a48a5c5ecb413f998bf965fe279f08cc508255656d4000083b311c56
VirtualSize 0x1000
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.3537

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
USER32.dll EndDialog

Delayed Imports

103

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x2ae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Resource is empty!
<-- -->