Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Jun-21 15:11:19 |
Detected languages |
English - United States
Russian - Russia |
FileVersion | 1.0 |
ProductVersion | 1.0 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h) MASM/TASM - sig1(h) |
Suspicious | PEiD Signature: | PolyEnE 0.01+ by Lennart Hedlund |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses known Diffie-Helman primes Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Global Microtrading PTE. LTD
Issuer: thawte SHA256 Code Signing CA |
Malicious | VirusTotal score: 33/65 (Scanned on 2022-06-23 11:07:03) |
Lionic:
Riskware.Win32.MediaGet.1!c
FireEye: Generic.mg.313657a50b3759f7 McAfee: GenericRXSZ-RH!313657A50B37 Malwarebytes: PUP.Optional.MediaGet Sangfor: PUP.Win32.MediaGet.gen K7AntiVirus: Adware ( 0055d3751 ) K7GW: Adware ( 0055d3751 ) Elastic: malicious (high confidence) ESET-NOD32: a variant of Win32/MediaGet.AO potentially unwanted Avast: FileRepPup [PUP] Cynet: Malicious (score: 100) Kaspersky: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen BitDefender: Trojan.GenericKD.50498468 ViRobot: Adware.Mediaget.3729040 MicroWorld-eScan: Trojan.GenericKD.50498468 Rising: Downloader.MediaGet!8.13A69 (CLOUD) Comodo: ApplicUnwnt@#2d1rls22b2lza DrWeb: Program.MediaGet.134 McAfee-GW-Edition: GenericRXSZ-RH!313657A50B37 Sophos: Generic PUA CI (PUA) Ikarus: not-a-virus:Downloader.Win32.MediaGet Webroot: W32.Downloader.Gen Gridinsoft: PUP.MediaGet.sd!c ZoneAlarm: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen GData: Win32.Adware.MediaGet.A AhnLab-V3: Malware/Win.RH.C5177790 VBA32: BScope.Downloader.MediaGet MAX: malware (ai score=80) Cylance: Unsafe Fortinet: Riskware/MediaGet AVG: FileRepPup [PUP] Paloalto: generic.ml CrowdStrike: win/grayware_confidence_90% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2022-Jun-21 15:11:19 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x19e200 |
SizeOfInitializedData | 0x1ec400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x001900AC (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a0000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x395000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3995ec |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
listen
htonl sendto recvfrom accept __WSAFDIsSet ioctlsocket gethostname getaddrinfo freeaddrinfo WSASetLastError connect socket getpeername getsockopt htons bind ntohs getsockname setsockopt WSAIoctl recv WSACleanup WSAGetLastError select inet_ntoa getnameinfo closesocket WSAStartup gethostbyname send shutdown |
---|---|
WLDAP32.dll |
#46
#22 #211 #217 #143 #50 #26 #30 #200 #32 #35 #79 #33 #301 #27 #41 #60 |
KERNEL32.dll |
CreateNamedPipeW
SetEvent ReadFile ResetEvent CreateEventW ConnectNamedPipe CreateFileW GetOverlappedResult RaiseException EnterCriticalSection LeaveCriticalSection GetModuleFileNameW InitializeCriticalSection DeleteCriticalSection lstrcmpW MulDiv SetLastError GlobalUnlock GlobalLock GlobalAlloc lstrcmpiW FreeLibrary LoadLibraryExW GetModuleHandleW GlobalFree GlobalHandle CreateMutexW SetEndOfFile SetFilePointer WideCharToMultiByte Process32NextW Process32FirstW CreateToolhelp32Snapshot IsWow64Process HeapFree HeapAlloc GetProcessHeap CreateProcessW GetFileAttributesW RemoveDirectoryW FindClose FindNextFileW FindFirstFileW DeleteFileW GetTempPathW TerminateProcess CreatePipe LocalFree FormatMessageW CreateDirectoryW OpenProcess GetCurrentProcessId SetErrorMode GetFileSizeEx GetDiskFreeSpaceExW lstrlenA GetLastError GetCommandLineW ReleaseSemaphore WaitNamedPipeW WaitForMultipleObjects TransactNamedPipe VirtualQuery SetNamedPipeHandleState ExitProcess SetUnhandledExceptionFilter GetProcAddress LoadLibraryW CreateSemaphoreW GetSystemDefaultUILanguage VerifyVersionInfoA VerSetConditionMask GetSystemDirectoryA LoadLibraryA GetModuleHandleA QueryPerformanceFrequency SleepEx QueryPerformanceCounter GetEnvironmentVariableA PeekNamedPipe GetFileType GetStdHandle FormatMessageA MoveFileExA GetEnvironmentVariableW GetConsoleMode SetConsoleMode ReadConsoleA ReadConsoleW GetSystemTimeAsFileTime GetVersion DeleteFiber SwitchToFiber CreateFiber GlobalMemoryStatus ConvertFiberToThread ConvertThreadToFiber SystemTimeToFileTime InterlockedCompareExchange IsProcessorFeaturePresent VirtualFree VirtualAlloc InterlockedExchange GetStartupInfoW UnhandledExceptionFilter IsDebuggerPresent GetExitCodeProcess Sleep GetTickCount CreateThread DisconnectNamedPipe CloseHandle WriteFile SetFileAttributesW FindResourceW SizeofResource GetVersionExW LoadResource LockResource TerminateThread MultiByteToWideChar IsBadWritePtr InterlockedIncrement GetCurrentThreadId GetCurrentProcess FlushInstructionCache lstrcpynW lstrlenW InterlockedDecrement GetSystemTime WaitForSingleObject GetLocaleInfoW |
USER32.dll |
AllowSetForegroundWindow
SetForegroundWindow SendMessageW PeekMessageW CopyRect InflateRect OffsetRect SetCursor UnregisterClassA PostThreadMessageW ReleaseDC GetDC GetCursorPos GetActiveWindow GetCapture WindowFromPoint DefWindowProcW ReleaseCapture IsWindow FillRect FrameRect DrawStateW DrawFocusRect DrawTextW CallWindowProcW SetWindowLongW GetWindowLongW CreateWindowExW GetWindowTextW GetWindowTextLengthW GetWindowRect GetClientRect ClientToScreen ScreenToClient InvalidateRect RedrawWindow SetCapture GetParent GetDlgCtrlID DestroyCursor SetWindowPos LoadStringW GetSysColor GetIconInfo LoadImageW GetProcessWindowStation GetUserObjectInformationW EnumWindows GetWindowThreadProcessId MessageBoxW SystemParametersInfoW CreateDialogIndirectParamW GetMessageW TranslateMessage DispatchMessageW MapDialogRect SetWindowContextHelpId RegisterWindowMessageW CreateAcceleratorTableW RegisterClassExW LoadCursorW GetClassInfoExW SetFocus GetFocus DestroyAcceleratorTable GetDesktopWindow GetClassNameW IsChild InvalidateRgn MoveWindow CharNextW EndPaint BeginPaint TrackPopupMenu PostQuitMessage MonitorFromPoint DestroyMenu GetWindow MonitorFromWindow GetMonitorInfoW MapWindowPoints IsDialogMessageW AppendMenuW CreatePopupMenu GetDlgItem DestroyWindow KillTimer ShowWindow SetWindowTextW LoadBitmapW |
GDI32.dll |
GetStockObject
SetTextColor BitBlt SetBkColor SelectObject CreateCompatibleDC CreateBitmap SetBkMode MoveToEx LineTo CreateSolidBrush CreatePen DeleteObject ExtTextOutW CreateCompatibleBitmap GetObjectW GetDeviceCaps CreateFontW SetPixelFormat ChoosePixelFormat DeleteDC |
ADVAPI32.dll |
RegCloseKey
RegDeleteValueW RegCreateKeyExW RegOpenKeyExW RegSetValueExW RegQueryInfoKeyW RegEnumKeyExW FreeSid CheckTokenMembership AllocateAndInitializeSid GetTokenInformation CryptGenRandom CryptDecrypt CryptSetHashParam CryptSignHashW CryptExportKey CryptGetUserKey CryptGetProvParam CryptDestroyKey CryptEnumProvidersW RegisterEventSourceW ReportEventW DeregisterEventSource CryptAcquireContextW CryptCreateHash CryptReleaseContext CryptHashData CryptDestroyHash CryptGetHashParam RegEnumValueW DeleteService OpenSCManagerW RegEnumKeyW RegQueryValueExW EnumDependentServicesW OpenServiceW ControlService QueryServiceStatusEx CloseServiceHandle OpenProcessToken RegDeleteKeyW |
SHELL32.dll |
SHBrowseForFolderW
SHGetSpecialFolderLocation CommandLineToArgvW SHGetPathFromIDListW SHGetSpecialFolderPathW ShellExecuteExW Shell_NotifyIconW SHFileOperationW ShellExecuteW |
ole32.dll |
OleRun
CoTaskMemFree CoTaskMemRealloc OleUninitialize OleInitialize CreateStreamOnHGlobal CoTaskMemAlloc CoCreateInstance CLSIDFromString CLSIDFromProgID CoGetClassObject OleLockRunning StringFromGUID2 CoInitialize CoUninitialize |
OLEAUT32.dll |
VarUI4FromStr
OleCreateFontIndirect LoadTypeLib LoadRegTypeLib DispCallFunc SysAllocString SysStringLen SysStringByteLen SysAllocStringByteLen SysAllocStringLen VariantChangeType VariantClear VariantInit SysFreeString GetErrorInfo |
SHLWAPI.dll |
AssocQueryStringW
PathCombineW |
COMCTL32.dll |
InitCommonControlsEx
ImageList_GetIcon |
OPENGL32.dll |
wglDeleteContext
wglMakeCurrent wglCreateContext glGetString |
WININET.dll |
InternetCloseHandle
InternetReadFile HttpQueryInfoW HttpSendRequestW InternetSetOptionW InternetQueryOptionW HttpOpenRequestW InternetOpenW InternetConnectW |
PSAPI.DLL |
GetModuleFileNameExW
GetProcessImageFileNameW GetModuleBaseNameW EnumProcesses |
MSVCR90.dll |
__crtLCMapStringA
abort isupper _stricmp _strnicmp raise _exit _vsnprintf _vsnwprintf _strdup _wfopen strerror_s strcmp _setmode isxdigit getenv ferror signal _stat64i32 _fileno _fstat64i32 setbuf _gmtime64 __sys_nerr fgets strspn _lseeki64 _fstat64 _getpid strpbrk fflush setvbuf _beginthreadex fputc fputs qsort feof _stat64 strrchr strchr strerror strncpy fopen fseek ftell fclose strstr _mbspbrk fwrite fread calloc strncmp _strtoi64 strtoul _errno isdigit strcat_s printf sscanf atoi _snwprintf_s exit _set_invalid_parameter_handler _set_purecall_handler __iob_func fprintf memmove mbstowcs sprintf rand wcsncpy wcscpy_s btowc wctob tolower strtol _controlfp_s _local_unwind4 _invoke_watson _crt_debugger_hook ?_type_info_dtor_internal_method@type_info@@QAEXXZ __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _configthreadlocale _initterm_e _initterm _wcmdln _XcptFilter _cexit __wgetmainargs wcstombs _amsg_exit _decode_pointer _onexit _lock _encode_pointer __dllonexit _unlock _except_handler4_common ?terminate@@YAXXZ _open _close _unlink _write _read _access _free_locale __uncaught_exception islower wcsncpy_s wcsstr malloc swprintf_s _recalloc memcpy isspace _time64 srand __RTDynamicCast ??0exception@std@@QAE@ABQBD@Z ?what@exception@std@@UBEPBDXZ ??1exception@std@@UAE@XZ sprintf_s strcspn ??0bad_cast@std@@QAE@ABV01@@Z ??1bad_cast@std@@UAE@XZ ??0bad_cast@std@@QAE@PBD@Z ??0exception@std@@QAE@XZ memchr localeconv memset setlocale _calloc_crt memcpy_s memmove_s _purecall realloc free __CxxFrameHandler3 _invalid_parameter_noinfo ??2@YAPAXI@Z __pctype_func ___lc_codepage_func ___lc_handle_func _CxxThrowException ??0exception@std@@QAE@ABV01@@Z ??_V@YAXPAX@Z ??3@YAXPAX@Z |
CRYPT32.dll |
CertCloseStore
CertDuplicateCertificateContext CertFreeCertificateContext CertGetCertificateContextProperty CertOpenStore CertEnumCertificatesInStore CertFindCertificateInStore |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileVersion (#2) | 1.0 |
ProductVersion (#2) | 1.0 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x6214e0 |
SEHandlerTable | 0x609210 |
SEHandlerCount | 516 |
XOR Key | 0x44402ed4 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 build 21022) | 2 |
ASM objects (VS2008 build 21022) | 15 |
150 (20413) | 10 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 8 |
Total imports | 564 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 31 |
C objects (VS2008 build 21022) | 653 |
137 (VS2008 build 21022) | 14 |
C objects (VS2008 SP1 build 30729) | 9 |
C++ objects (VS2008 SP1 build 30729) | 1 |
C++ objects (VS2008 build 21022) | 63 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |