Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Aug-03 18:10:59 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to AES |
Malicious | VirusTotal score: 59/68 (Scanned on 2021-11-16 12:12:38) |
Bkav:
W32.AIDetect.malware1
Lionic: Trojan.Win32.Encoder.j!c Elastic: malicious (high confidence) Cynet: Malicious (score: 100) CAT-QuickHeal: Trojan.Agent ALYac: Trojan.Ransom.Filecoder Cylance: Unsafe Zillya: Trojan.Encoder.Win32.2630 Sangfor: Ransom.Win32.Encoder.nlh K7AntiVirus: Trojan ( 00580ce41 ) Alibaba: Ransom:Win32/BlackMatter.32ccedbf K7GW: Trojan ( 00580ce41 ) CrowdStrike: win/malicious_confidence_100% (W) Cyren: W32/Filecoder.CB.gen!Eldorado Symantec: Trojan.Gen.MBT ESET-NOD32: Win32/Filecoder.BlackMatter.C APEX: Malicious Paloalto: generic.ml Kaspersky: Trojan-Ransom.Win32.Encoder.nlh BitDefender: Gen:Heur.Mint.Zard.25 NANO-Antivirus: Virus.Win32.Gen.ccmw MicroWorld-eScan: Gen:Heur.Mint.Zard.25 Avast: Win32:BlackMatter-B [Ransom] Tencent: Malware.Win32.Gencirc.11c8d6c1 Ad-Aware: Gen:Heur.Mint.Zard.25 Emsisoft: Gen:Heur.Mint.Zard.25 (B) Comodo: Malware@#3mzekhy580jjd DrWeb: Trojan.Encoder.34227 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Ransom.Win32.BLACKMATTER.YXBHJ-T McAfee-GW-Edition: BehavesLike.Win32.VTFlooder.lh FireEye: Generic.mg.1dd464cbb3fbd688 Sophos: Mal/Generic-R + Troj/BlackMat-B Ikarus: Trojan-Ransom.DarkSide GData: Win32.Trojan.Agent.WU41H5 Jiangmin: Trojan.Encoder.ajg Webroot: W32.Ransom.Blackmatter Avira: TR/Crypt.EPACK.Gen2 Antiy-AVL: Trojan/Generic.ASMalwS.34857D0 Kingsoft: Win32.Troj.Undef.(kcloud) Gridinsoft: Ransom.Win32.Ransom.sa Arcabit: Trojan.Mint.Zard.25 Microsoft: Ransom:Win32/BlackMatter.MAK!MTB AhnLab-V3: Ransomware/Win.BlackMatter.C4575089 McAfee: Ransom-BlakMatr!1DD464CBB3FB MAX: malware (ai score=80) VBA32: TScope.Malware-Cryptor.SB Malwarebytes: Ransom.BlackMatter TrendMicro-HouseCall: Ransom.Win32.BLACKMATTER.YXBHJ-T Rising: Trojan.Generic@ML.94 (RDMK:uCpm5OnN2qlL5bLzHKelaQ) Yandex: Trojan.Filecoder!5MDkeF1GepM SentinelOne: Static AI - Suspicious PE eGambit: Unsafe.AI_Score_72% Fortinet: W32/BlackMatter.A!tr.ransom BitDefenderTheta: AI:Packer.341FE0F91E AVG: Win32:BlackMatter-B [Ransom] Cybereason: malicious.bb3fbd Panda: Trj/WLT.G MaxSecure: Trojan.Malware.73926358.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Aug-03 18:10:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xee00 |
SizeOfInitializedData | 0x2600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000FB28 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x10000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x15000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1c516 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
gdi32.dll |
TextOutW
SetDCBrushColor GetTextMetricsW GetDeviceCaps |
---|---|
USER32.dll |
CreateMenu
DialogBoxParamW GetDlgItem GetDlgItemTextW GetWindowTextW LoadImageW LoadMenuW |
KERNEL32.dll |
SetLastError
GetProcAddress GetLastError GetCommandLineW |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Aug-03 18:10:59 |
Version | 0.0 |
SizeofData | 228 |
AddressOfRawData | 0x1006c |
PointerToRawData | 0xf26c |