Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2022-Jan-18 19:08:39 |
Detected languages |
English - United States
|
Debug artifacts |
D:\leetcode\needle3\x64\Debug\needle3.pdb
|
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Suspicious | The PE is possibly packed. |
Section .textbss is both writable and executable.
Unusual section name found: .msvcjmc |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 36/68 (Scanned on 2024-01-16 23:29:26) |
ALYac:
Trojan.GenericKD.64436265
AVG: Win64:Malware-gen Alibaba: Trojan:Win64/Genric.b28af063 Antiy-AVL: Trojan/Win64.SGeneric Arcabit: Trojan.Generic.D3D73829 Avast: Win64:Malware-gen BitDefender: Trojan.GenericKD.64436265 Bkav: W64.AIDetectMalware CrowdStrike: win/malicious_confidence_100% (W) Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS ESET-NOD32: a variant of Generik.CENYOZO Elastic: malicious (moderate confidence) Emsisoft: Trojan.GenericKD.64436265 (B) Fortinet: W32/PossibleThreat GData: Trojan.GenericKD.64436265 Ikarus: Trojan.Win64.Meterpreter Jiangmin: Trojan.Pincav.bdp Lionic: Trojan.Win32.Pincav.4!c Malwarebytes: Generic.Malware/Suspicious MaxSecure: Trojan.Malware.12215.susgen McAfee: Artemis!2AC1F1DB6D3D MicroWorld-eScan: Trojan.GenericKD.64436265 Microsoft: Trojan:Win32/Phonzy.A!ml Panda: Trj/Chgt.AD Rising: Trojan.Pincav!8.252 (CLOUD) Sangfor: Trojan.Win32.Agent.V59f Skyhigh: BehavesLike.Win64.Generic.tm Sophos: Mal/Generic-S Symantec: ML.Attribute.HighConfidence Tencent: Win32.Trojan.Agen.Zwhl TrendMicro-HouseCall: TROJ_GEN.R002H0CAC24 VBA32: Trojan.Pincav VIPRE: Trojan.GenericKD.64436265 Zillya: Trojan.Pincav.Win32.30632 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 11 |
TimeDateStamp | 2022-Jan-18 19:08:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xd0000 |
SizeOfInitializedData | 0x42a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000064FE0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x17b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CloseHandle
ExitProcess CreateRemoteThread OpenProcess VirtualAllocEx IsDebuggerPresent GetModuleHandleA GetProcAddress CreateToolhelp32Snapshot Process32First Process32Next CreateFileW WriteProcessMemory GetFullPathNameA GetCurrentThreadId RaiseException MultiByteToWideChar WideCharToMultiByte RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetSystemTimeAsFileTime InitializeSListHead GetStartupInfoW GetModuleHandleW GetLastError HeapAlloc HeapFree GetProcessHeap VirtualQuery FreeLibrary RtlUnwindEx InterlockedPushEntrySList InterlockedFlushSList GetModuleFileNameW LoadLibraryExW SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer RtlPcToFileHeader GetModuleHandleExW GetStdHandle WriteFile GetCommandLineA GetCommandLineW HeapSize HeapValidate GetSystemInfo GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetFileType GetCurrentThread OutputDebugStringW WriteConsoleW SetConsoleCtrlHandler FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW HeapReAlloc HeapQueryInformation FlushFileBuffers GetConsoleOutputCP GetConsoleMode GetFileSizeEx SetFilePointerEx ReadFile ReadConsoleW RtlUnwind |
---|---|
ADVAPI32.dll |
GetUserNameA
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Jan-18 19:08:39 |
Version | 0.0 |
SizeofData | 66 |
AddressOfRawData | 0x15be2c |
PointerToRawData | 0xf922c |
Referenced File | D:\leetcode\needle3\x64\Debug\needle3.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Jan-18 19:08:39 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x15be70 |
PointerToRawData | 0xf9270 |
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140164008 |
XOR Key | 0xc9fe68ed |
---|---|
Unmarked objects | 0 |
C objects (27412) | 11 |
ASM objects (27412) | 7 |
C++ objects (27412) | 145 |
C++ objects (30034) | 45 |
C objects (30034) | 17 |
ASM objects (30034) | 9 |
Imports (27412) | 5 |
Total imports | 98 |
C++ objects (VS2019 Update 10 (16.10.4) compiler 30040) | 1 |
Resource objects (VS2019 Update 10 (16.10.4) compiler 30040) | 1 |
Linker (VS2019 Update 10 (16.10.4) compiler 30040) | 1 |