Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Mar-02 21:03:16 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
C:\fusutusud41\mejitevekohisogi24 fo.pdb
|
FileVersion | 1.4.23.4 |
InternalNamez | dvezejzaz.im |
LegalCopyright | Copyright (C) 2020, nun |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE is possibly packed. | Unusual section name found: .tis |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 23/71 (Scanned on 2020-05-26 03:29:07) |
Bkav:
HW32.Packed.
CAT-QuickHeal: Ransom.Stop.MP4 Qihoo-360: Generic/HEUR/QVM10.2.7922.Malware.Gen Sangfor: Malware CrowdStrike: win/malicious_confidence_80% (W) Invincea: heuristic F-Prot: W32/FakeAlert.5!Maximus Symantec: Packed.Generic.528 APEX: Malicious Paloalto: generic.ml Kaspersky: UDS:DangerousObject.Multi.Generic Rising: Malware.Heuristic!ET#95% (RDMK:cmRtazoy3wspU0UNi35oUqUkEJY+) McAfee-GW-Edition: BehavesLike.Win32.Generic.wc FireEye: Generic.mg.1d719361bc2a069c SentinelOne: DFI - Suspicious PE Cyren: W32/FakeAlert.5!Maximus Webroot: W32.Trojan.Gen Microsoft: Trojan:Win32/Wacatac.C!ml Endgame: malicious (high confidence) Acronis: suspicious VBA32: BScope.Trojan.AET.281105 Cylance: Unsafe eGambit: Unsafe.AI_Score_99% |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2019-Mar-02 21:03:16 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x8a00 |
SizeOfInitializedData | 0x7e8c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002B99 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xa000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x7f1000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3c4cc7 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
WriteFile
GetSystemTimes GetDriveTypeA Sleep GetProcAddress GetPrivateProfileSectionA VirtualProtect GetConsoleCursorInfo GetCurrentProcessId GetTickCount GetModuleHandleW GetLocaleInfoA lstrlenA GetLastError GetCommandLineA HeapSetInformation GetStartupInfoW TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent ExitProcess DecodePointer GetStdHandle GetModuleFileNameW GetModuleFileNameA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStringsW SetHandleCount InitializeCriticalSectionAndSpinCount GetFileType DeleteCriticalSection EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement HeapCreate QueryPerformanceCounter GetSystemTimeAsFileTime GetCPInfo GetACP GetOEMCP IsValidCodePage LeaveCriticalSection EnterCriticalSection LoadLibraryW HeapFree RtlUnwind LCMapStringW MultiByteToWideChar GetStringTypeW HeapSize HeapAlloc HeapReAlloc IsProcessorFeaturePresent |
---|
Ciyuramiti jutacezo sura xomayedusah jafuyu zipijoxivawe luwolosoyo sika |
Vodayuzevom wopima xacotusu tuvogavecaloho vuyecegino gil jusohifuzu cosoganatevom luz |
Rocetocifil jakil mon yajezibeli jayobiwit jivin zeduwib konunupe xaxugaxisete jozilimefefic |
Depinatakucine guwex hufot yesapi tofoyewa sefem gubukikeva wiyobinesu |
Valaluj fewibuwajan dediyoraduruxo lazetaf hedizi |
Xefamivatim |
Nuduru |
Pigagosalizoj solurim zadarehayo bazewud depolu kudecafogo viheno xunowoduyod basesek pagiwatowimez |
Tosemuviwalax xohoxunidab biyitovexidamu makopiy bakunub kehonutehix tuvemiy bayeduhipahube |
Rejejogocir xulohivadehegis lanaj |
Kizoyofof pewa |
Paripezofunilu webuf mogarubin |
Ket laxabazek niyobofokazix bedefewomigavel cewacezel tinucefe |
Walegavubigama zuregipociy hafakux |
Mivivix |
Soyajajoyigoxiy yeyuxabanezogiz mibokot jokul gig jaf yilayarabinefe hikamekag laxedoju haboguvab |
Fivowawavamikuy wavumacokasugew biwi |
Vavokivewe gicojem xuhapux raxebufevizihis cugeviziwix hebofuwupazani mosajivokolos |
Jesa goragenawihetoh kewa kozigucobud devico |
Zerukibejubi wugitu yus funodewe |
Rufepokomuy yududog lavu vicavosuda memip xez felogu |
Birupaz wadidovujezuj guhuyunufidepu bof vetamodaveyitux |
Soc jupotetiforujo sacucak puke fufeyepibopey wesa rusavuwipoyew tiruwone nujiputihofuj |
Vukihiyiyoda tinehu sezelabuwazimud wuduxe fiwonu |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.2.5.1 |
ProductVersion | 1.9.0.1 |
FileFlags |
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_STATIC_LIB
|
Language | Chinese - PRC |
FileVersion (#2) | 1.4.23.4 |
InternalNamez | dvezejzaz.im |
LegalCopyright | Copyright (C) 2020, nun |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Nov-28 01:18:06 |
Version | 0.0 |
SizeofData | 117 |
AddressOfRawData | 0x2950 |
PointerToRawData | 0x1d50 |
Referenced File | C:\fusutusud41\mejitevekohisogi24 fo.pdb |