Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Oct-27 12:33:57 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 8/67 (Scanned on 2018-12-06 10:35:18) |
MicroWorld-eScan:
Gen:Variant.Razy.414089
Cylance: Unsafe Arcabit: Trojan.Razy.D65189 Ad-Aware: Gen:Variant.Razy.414089 ALYac: Gen:Variant.Razy.414089 MAX: malware (ai score=88) Rising: Malware.Heuristic!ET#95% (RDM+:cmRtazoyxPZZTxquf5HcIfPgHjOC) Qihoo-360: HEUR/QVM20.1.AE7E.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Oct-27 12:33:57 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x22000 |
SizeOfInitializedData | 0x13c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00007673 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x23000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateMutexW
GetLastError GetModuleFileNameW CreateProcessW WaitForDebugEventEx OpenThread GetThreadContext SetThreadContext ContinueDebugEvent CreateFileW WideCharToMultiByte EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer MultiByteToWideChar SetLastError InitializeCriticalSectionAndSpinCount SwitchToThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetProcAddress CompareStringW LCMapStringW GetLocaleInfoW GetStringTypeW GetCPInfo UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId InitializeSListHead IsDebuggerPresent GetStartupInfoW RtlUnwind RaiseException FreeLibrary LoadLibraryExW GetStdHandle WriteFile ExitProcess GetModuleHandleExW GetCommandLineA GetCommandLineW HeapAlloc HeapFree IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetFileType CloseHandle FlushFileBuffers GetConsoleCP GetConsoleMode ReadFile GetFileSizeEx SetFilePointerEx ReadConsoleW HeapReAlloc FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetProcessHeap HeapSize WriteConsoleW |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-27 12:33:57 |
Version | 0.0 |
SizeofData | 788 |
AddressOfRawData | 0x30ff0 |
PointerToRawData | 0x303f0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-27 12:33:57 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x43306c |
SEHandlerTable | 0x430f60 |
SEHandlerCount | 36 |
XOR Key | 0xd66e749e |
---|---|
Unmarked objects | 0 |
ASM objects (26213) | 13 |
C++ objects (26213) | 165 |
C objects (26213) | 22 |
ASM objects (VS 2015/2017 runtime 26706) | 20 |
C++ objects (VS 2015/2017 runtime 26706) | 59 |
C objects (VS 2015/2017 runtime 26706) | 33 |
Imports (26213) | 3 |
Total imports | 92 |
265 (VS2017 v15.8.9 compiler 26732) | 2 |
Resource objects (VS2017 v15.8.9 compiler 26732) | 1 |
Linker (VS2017 v15.8.9 compiler 26732) | 1 |