2cf31bf51f7282de0accf92ef372b2b6

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Jul-19 19:19:44
Detected languages English - United States

Plugin Output

Suspicious The PE is packed with UPX Unusual section name found: BPX0
Section BPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 9 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Has Internet access capabilities:
  • URLDownloadToFileW
Malicious VirusTotal score: 19/73 (Scanned on 2024-03-19 20:15:48) APEX: Malicious
Alibaba: Exploit:Application/CVE-2019-1215.74faceeb
Antiy-AVL: GrayWare/Win32.Wacapew
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (W)
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (moderate confidence)
FireEye: Generic.mg.2cf31bf51f7282de
Fortinet: W32/PossibleThreat
Google: Detected
Gridinsoft: Trojan.Heur!.032120EB
Ikarus: Exploit.CVE-2019-1215
Lionic: Trojan.Win32.Generic.4!c
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!2CF31BF51F72
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Skyhigh: BehavesLike.Win64.Trojan.lc

Hashes

MD5 2cf31bf51f7282de0accf92ef372b2b6
SHA1 859e0aa20c8f6dbb8e43ed69635c4465614d3b2b
SHA256 867fc33678d74d2af94aa1f9f1ad7c4652f71f8a3441721efab5090c653d72ad
SHA3 ff4f74b81178fe9b937b2a5d2b01178a8b3b5de44ccb67dd5d3a2e44cb1cca5f
SSDeep 384:Z/jlWEAbGs4nopeYm6pXBdjSqAmWdjO+W:xpWmnsM6pXHSgWc+
Imports Hash d5007f7a253dd12eb1af280ee190b5ef

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2023-Jul-19 19:19:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x4000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x26000
AddressOfEntryPoint 0x000000000002A930 (Section: UPX1)
BaseOfCode 0x27000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x2c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

BPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x26000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 169c8b1a89f99aca9eea2eab927da73b
SHA1 7d681193c16a493775f46409693c3313b2a0890c
SHA256 afea4124eee05a7f673a0f9b86501924b26a8ca37407870e207891d287381904
SHA3 657f8f55c08c135cfe8582331241deaa46d775d44176958b02719fe1ef84d7eb
VirtualSize 0x4000
VirtualAddress 0x27000
SizeOfRawData 0x3e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.74365

.rsrc

MD5 c224a27533bb568fef5ff3ff00ca28e0
SHA1 3aa9bd26df904232afd9e11891f075e63c0c9887
SHA256 84913481656bccbb97a003db0d356cb8f00f7575e55071c2e885c9124d4f90ad
SHA3 36dad8b8794f9d3176ce0e49e40891a07399ce3eec4225b9f1d673b89b0ad15a
VirtualSize 0x1000
VirtualAddress 0x2b000
SizeOfRawData 0x400
PointerToRawData 0x4200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.69268

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
MSVCP140D.dll _Mbrtowc
ucrtbased.dll exit
urlmon.dll URLDownloadToFileW
VCRUNTIME140_1D.dll __CxxFrameHandler4
VCRUNTIME140D.dll memcpy

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14001f018

RICH Header

XOR Key 0xc3aeb37e
Unmarked objects 0
C++ objects (32420) 25
C objects (32420) 11
ASM objects (32420) 3
Imports (32420) 7
Imports (30795) 6
Total imports 101
C++ objects (VS 2015-2022 runtime 32532) 1
Resource objects (VS 2015-2022 runtime 32532) 1
Linker (VS 2015-2022 runtime 32532) 1

Errors

[*] Warning: Section BPX0 has a size of 0!
<-- -->