313657a50b3759f73f28c30b97928351

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Jun-21 15:11:19
Detected languages English - United States
Russian - Russia
FileVersion 1.0
ProductVersion 1.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h)
MASM/TASM - sig1(h)
Suspicious PEiD Signature: PolyEnE 0.01+ by Lennart Hedlund
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to internet browsers:
  • chrome.exe
  • firefox.exe
  • iexplore.exe
Contains references to security software:
  • AVGUI.exe
  • AvastSvc.exe
  • AvastUI.exe
  • avastsvc.exe
  • avgidsagent.exe
  • avguard.exe
  • avp.exe
  • coreFrameworkHost.exe
  • coreserviceshell.exe
  • guard.exe
  • iface.exe
  • mcshield.exe
  • msmpeng.exe
  • msseces.exe
  • nav.exe
  • qhactivedefense.exe
  • qhsafetray.exe
  • qhwatchdog.exe
  • uiWatchDog.exe
May have dropper capabilities:
  • CurrentControlSet\Services
  • CurrentControlSet\services
  • CurrentVersion\Run
Contains domain names:
  • Entrust.net
  • Izenpe.com
  • clients2.google.com
  • curl.haxx.se
  • example.com
  • google.com
  • hg.mozilla.org
  • http://mediaget.com
  • https://clients2.google.com
  • https://clients2.google.com/service/update2/crx
  • https://curl.haxx.se
  • https://curl.haxx.se/docs/http-cookies.html
  • https://hg.mozilla.org
  • https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
  • https://www.openssl.org
  • https://www.openssl.org/docs/faq.html
  • mediaget.com
  • mozilla.org
  • openssl.org
  • www.openssl.org
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Uses known Diffie-Helman primes
Microsoft's Cryptography API
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Can access the registry:
  • RegCloseKey
  • RegDeleteValueW
  • RegCreateKeyExW
  • RegOpenKeyExW
  • RegSetValueExW
  • RegQueryInfoKeyW
  • RegEnumKeyExW
  • RegEnumValueW
  • RegEnumKeyW
  • RegQueryValueExW
  • RegDeleteKeyW
Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
Uses Microsoft's cryptographic API:
  • CryptGenRandom
  • CryptDecrypt
  • CryptSetHashParam
  • CryptSignHashW
  • CryptExportKey
  • CryptGetUserKey
  • CryptGetProvParam
  • CryptDestroyKey
  • CryptEnumProvidersW
  • CryptAcquireContextW
  • CryptCreateHash
  • CryptReleaseContext
  • CryptHashData
  • CryptDestroyHash
  • CryptGetHashParam
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Has Internet access capabilities:
  • InternetCloseHandle
  • InternetReadFile
  • InternetSetOptionW
  • InternetQueryOptionW
  • InternetOpenW
  • InternetConnectW
Leverages the raw socket API to access the Internet:
  • listen
  • htonl
  • sendto
  • recvfrom
  • accept
  • __WSAFDIsSet
  • ioctlsocket
  • gethostname
  • getaddrinfo
  • freeaddrinfo
  • WSASetLastError
  • connect
  • socket
  • getpeername
  • getsockopt
  • htons
  • bind
  • ntohs
  • getsockname
  • setsockopt
  • WSAIoctl
  • recv
  • WSACleanup
  • WSAGetLastError
  • select
  • inet_ntoa
  • getnameinfo
  • closesocket
  • WSAStartup
  • gethostbyname
  • send
  • shutdown
Functions related to the privilege level:
  • CheckTokenMembership
  • OpenProcessToken
Interacts with services:
  • DeleteService
  • OpenSCManagerW
  • OpenServiceW
  • ControlService
  • QueryServiceStatusEx
Manipulates other processes:
  • Process32NextW
  • Process32FirstW
  • OpenProcess
  • EnumProcesses
Can take screenshots:
  • GetDC
  • BitBlt
  • CreateCompatibleDC
Interacts with the certificate store:
  • CertOpenStore
Info The PE is digitally signed. Signer: Global Microtrading PTE. LTD
Issuer: thawte SHA256 Code Signing CA
Malicious VirusTotal score: 33/65 (Scanned on 2022-06-23 11:07:03) Lionic: Riskware.Win32.MediaGet.1!c
FireEye: Generic.mg.313657a50b3759f7
McAfee: GenericRXSZ-RH!313657A50B37
Malwarebytes: PUP.Optional.MediaGet
Sangfor: PUP.Win32.MediaGet.gen
K7AntiVirus: Adware ( 0055d3751 )
K7GW: Adware ( 0055d3751 )
Elastic: malicious (high confidence)
ESET-NOD32: a variant of Win32/MediaGet.AO potentially unwanted
Avast: FileRepPup [PUP]
Cynet: Malicious (score: 100)
Kaspersky: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen
BitDefender: Trojan.GenericKD.50498468
ViRobot: Adware.Mediaget.3729040
MicroWorld-eScan: Trojan.GenericKD.50498468
Rising: Downloader.MediaGet!8.13A69 (CLOUD)
Comodo: ApplicUnwnt@#2d1rls22b2lza
DrWeb: Program.MediaGet.134
McAfee-GW-Edition: GenericRXSZ-RH!313657A50B37
Sophos: Generic PUA CI (PUA)
Ikarus: not-a-virus:Downloader.Win32.MediaGet
Webroot: W32.Downloader.Gen
Gridinsoft: PUP.MediaGet.sd!c
ZoneAlarm: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen
GData: Win32.Adware.MediaGet.A
AhnLab-V3: Malware/Win.RH.C5177790
VBA32: BScope.Downloader.MediaGet
MAX: malware (ai score=80)
Cylance: Unsafe
Fortinet: Riskware/MediaGet
AVG: FileRepPup [PUP]
Paloalto: generic.ml
CrowdStrike: win/grayware_confidence_90% (W)

Hashes

MD5 313657a50b3759f73f28c30b97928351
SHA1 28c182b5d90486064390e4289f0d9ac9e7da0e0a
SHA256 a712700ae6d48f1585c56bd3059aa2dd06cba602f7abfc93cf6405684f999022
SHA3 aeea0542af49d10c9d383de63836a3cf83bb6151a0e991abf119da42b4c8a9fb
SSDeep 49152:+RkaWZ/XEywLPDkguscdB58vB3dpMa9NaE3hAsDnUaAehfV4I5loVujOkwWMD:8WhgFcb5EIajaEWKV4CY
Imports Hash 9747e4d488b709282be71390bf79c9c0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2022-Jun-21 15:11:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x19e200
SizeOfInitializedData 0x1ec400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x001900AC (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1a0000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x395000
SizeOfHeaders 0x400
Checksum 0x3995ec
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 aecb09fe7c6a2c4656a986aebf42a89f
SHA1 016ce07a459ab25d44578cf581beaef504a423e3
SHA256 008a8383c2015bc807b023fac5a8f70bf9fe897946a650312abbfdcbb9907e1f
SHA3 925f56ec8efa727294c61b56f1ab57689b120197c6f82262c533dbff39529416
VirtualSize 0x19e164
VirtualAddress 0x1000
SizeOfRawData 0x19e200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54809

.rdata

MD5 643bacf17645f0e9f87f90dd140d4756
SHA1 cebb6191f3692adb67594a1e2da02eddd32093fb
SHA256 b1cb8cad327a51e348c0827b5f0d047df1762106d2e4e20681cf8ca25bd13bd2
SHA3 26eac2faba01b9a737aa91a0c66638f01d7656ad423bbe67534f13d496176811
VirtualSize 0x7729c
VirtualAddress 0x1a0000
SizeOfRawData 0x77400
PointerToRawData 0x19e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.09633

.data

MD5 90738e85f5625de4c67928cd08aafb0a
SHA1 843fe34616d29d1f4a64b2f4632a6a0ba051df7d
SHA256 65736d677044f00a98c45357f85d389ee0c0b48d87c20223202b4f4a6b0df86b
SHA3 75597c4baa3d4865849621940767b204b90ae9420d199b0f5e0e7d3b73acb942
VirtualSize 0xf5e0
VirtualAddress 0x218000
SizeOfRawData 0x9800
PointerToRawData 0x215a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.00561

.rsrc

MD5 4886d0f6d65f05d6837719d999eae825
SHA1 32b7bd010de8facb251707e21d8ae6a2ac94071a
SHA256 c03617f3d9e7f54f6298480225fdc40df83dd87f017bc4b93ad13bf5859e7c6e
SHA3 0facbda2382aca1fdf7040fd6134d8b04c5b06f0fff587b075b6f20824e1d892
VirtualSize 0x15313c
VirtualAddress 0x228000
SizeOfRawData 0x153200
PointerToRawData 0x21f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.94086

.reloc

MD5 b1f9c1d4c2138f40f88fbe93b5f6bbba
SHA1 ac9e1cfda27ea1c0e295b34b49af6c0f315c4afd
SHA256 7750b6ec5143c47315d465ad773885c4a20fc54168f88c238c742b7beea04b85
SHA3 08a1a54ccf3a524dd8b60c5ad4066e48e2f49037b9e72f28affcba0ae5d68048
VirtualSize 0x1850e
VirtualAddress 0x37c000
SizeOfRawData 0x18600
PointerToRawData 0x372400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.17226

Imports

WS2_32.dll listen
htonl
sendto
recvfrom
accept
__WSAFDIsSet
ioctlsocket
gethostname
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
recv
WSACleanup
WSAGetLastError
select
inet_ntoa
getnameinfo
closesocket
WSAStartup
gethostbyname
send
shutdown
WLDAP32.dll #46
#22
#211
#217
#143
#50
#26
#30
#200
#32
#35
#79
#33
#301
#27
#41
#60
KERNEL32.dll CreateNamedPipeW
SetEvent
ReadFile
ResetEvent
CreateEventW
ConnectNamedPipe
CreateFileW
GetOverlappedResult
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalFree
GlobalHandle
CreateMutexW
SetEndOfFile
SetFilePointer
WideCharToMultiByte
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
GetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetTempPathW
TerminateProcess
CreatePipe
LocalFree
FormatMessageW
CreateDirectoryW
OpenProcess
GetCurrentProcessId
SetErrorMode
GetFileSizeEx
GetDiskFreeSpaceExW
lstrlenA
GetLastError
GetCommandLineW
ReleaseSemaphore
WaitNamedPipeW
WaitForMultipleObjects
TransactNamedPipe
VirtualQuery
SetNamedPipeHandleState
ExitProcess
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryW
CreateSemaphoreW
GetSystemDefaultUILanguage
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
GetEnvironmentVariableA
PeekNamedPipe
GetFileType
GetStdHandle
FormatMessageA
MoveFileExA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTimeAsFileTime
GetVersion
DeleteFiber
SwitchToFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
SystemTimeToFileTime
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetExitCodeProcess
Sleep
GetTickCount
CreateThread
DisconnectNamedPipe
CloseHandle
WriteFile
SetFileAttributesW
FindResourceW
SizeofResource
GetVersionExW
LoadResource
LockResource
TerminateThread
MultiByteToWideChar
IsBadWritePtr
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcpynW
lstrlenW
InterlockedDecrement
GetSystemTime
WaitForSingleObject
GetLocaleInfoW
USER32.dll AllowSetForegroundWindow
SetForegroundWindow
SendMessageW
PeekMessageW
CopyRect
InflateRect
OffsetRect
SetCursor
UnregisterClassA
PostThreadMessageW
ReleaseDC
GetDC
GetCursorPos
GetActiveWindow
GetCapture
WindowFromPoint
DefWindowProcW
ReleaseCapture
IsWindow
FillRect
FrameRect
DrawStateW
DrawFocusRect
DrawTextW
CallWindowProcW
SetWindowLongW
GetWindowLongW
CreateWindowExW
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
RedrawWindow
SetCapture
GetParent
GetDlgCtrlID
DestroyCursor
SetWindowPos
LoadStringW
GetSysColor
GetIconInfo
LoadImageW
GetProcessWindowStation
GetUserObjectInformationW
EnumWindows
GetWindowThreadProcessId
MessageBoxW
SystemParametersInfoW
CreateDialogIndirectParamW
GetMessageW
TranslateMessage
DispatchMessageW
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
GetClassNameW
IsChild
InvalidateRgn
MoveWindow
CharNextW
EndPaint
BeginPaint
TrackPopupMenu
PostQuitMessage
MonitorFromPoint
DestroyMenu
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
AppendMenuW
CreatePopupMenu
GetDlgItem
DestroyWindow
KillTimer
ShowWindow
SetWindowTextW
LoadBitmapW
GDI32.dll GetStockObject
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
SetBkMode
MoveToEx
LineTo
CreateSolidBrush
CreatePen
DeleteObject
ExtTextOutW
CreateCompatibleBitmap
GetObjectW
GetDeviceCaps
CreateFontW
SetPixelFormat
ChoosePixelFormat
DeleteDC
ADVAPI32.dll RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
CryptGenRandom
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegEnumValueW
DeleteService
OpenSCManagerW
RegEnumKeyW
RegQueryValueExW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenProcessToken
RegDeleteKeyW
SHELL32.dll SHBrowseForFolderW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteW
ole32.dll OleRun
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
CoUninitialize
OLEAUT32.dll VarUI4FromStr
OleCreateFontIndirect
LoadTypeLib
LoadRegTypeLib
DispCallFunc
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SHLWAPI.dll AssocQueryStringW
PathCombineW
COMCTL32.dll InitCommonControlsEx
ImageList_GetIcon
OPENGL32.dll wglDeleteContext
wglMakeCurrent
wglCreateContext
glGetString
WININET.dll InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestW
InternetOpenW
InternetConnectW
PSAPI.DLL GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW
EnumProcesses
MSVCR90.dll __crtLCMapStringA
abort
isupper
_stricmp
_strnicmp
raise
_exit
_vsnprintf
_vsnwprintf
_strdup
_wfopen
strerror_s
strcmp
_setmode
isxdigit
getenv
ferror
signal
_stat64i32
_fileno
_fstat64i32
setbuf
_gmtime64
__sys_nerr
fgets
strspn
_lseeki64
_fstat64
_getpid
strpbrk
fflush
setvbuf
_beginthreadex
fputc
fputs
qsort
feof
_stat64
strrchr
strchr
strerror
strncpy
fopen
fseek
ftell
fclose
strstr
_mbspbrk
fwrite
fread
calloc
strncmp
_strtoi64
strtoul
_errno
isdigit
strcat_s
printf
sscanf
atoi
_snwprintf_s
exit
_set_invalid_parameter_handler
_set_purecall_handler
__iob_func
fprintf
memmove
mbstowcs
sprintf
rand
wcsncpy
wcscpy_s
btowc
wctob
tolower
strtol
_controlfp_s
_local_unwind4
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_cexit
__wgetmainargs
wcstombs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_open
_close
_unlink
_write
_read
_access
_free_locale
__uncaught_exception
islower
wcsncpy_s
wcsstr
malloc
swprintf_s
_recalloc
memcpy
isspace
_time64
srand
__RTDynamicCast
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
sprintf_s
strcspn
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0exception@std@@QAE@XZ
memchr
localeconv
memset
setlocale
_calloc_crt
memcpy_s
memmove_s
_purecall
realloc
free
__CxxFrameHandler3
_invalid_parameter_noinfo
??2@YAPAXI@Z
__pctype_func
___lc_codepage_func
___lc_handle_func
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
CRYPT32.dll CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore

Delayed Imports

HTML

Type ARCHIVE_7Z
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0xe6da4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9998
Detected Filetype 7-Zip compressed file
MD5 240bfd0498e92b8b02fb46e5b717f2e9
SHA1 7be04d1f39f00fb8012a8ab16d92cea58a3c24cf
SHA256 b8120e15cddff078777f3d0972e78cd50f4af8cba1c9270b6f9d74895abb37fe
SHA3 0d28888a01866c53a94ba15b219034669febceba1395c0f8a79a019ead6c57c0

PRELOADER

Type ARCHIVE_7Z
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2fc9f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99902
Detected Filetype 7-Zip compressed file
MD5 8c5651b299b7bf2a5af4ee82626023f6
SHA1 d88f7dae997eda6b69535de7b441ffeb8b6568a5
SHA256 b8defe5db37438af2a8582ecfaec09148156912225e461f90836d26e5f5781cd
SHA3 821043afdc4df263796eaf5c775b30f51f14ba6f41c6a63aaab1a3f7cffdea21

CABUNDLE

Type CRT
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x37751
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.0253
MD5 be2b0736ea029fff398559fa7df4e646
SHA1 70fc16edf57e15567cd70f4d919c93dbbb072dbc
SHA256 c05a79296d61e3b2a2ebaf5af476839b976d69a5acb6f581a667e60e681049a2
SHA3 7671268234bdd8e97394b338386e7294c99cc70153e6f3471bce640e6c2e6ea3

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.95548
MD5 0391899fff52c23cbf226ea473cfb620
SHA1 c230baaf0c35dc6d546e021edbb5a5b13e6fe290
SHA256 663ba2a76dd6bd107e20f87a3d0d04c85b2cebcd5324e1acb30df201be1c9f29
SHA3 19fe466f8230f3540a770d557edee8a91f0df583ea77ecd97fafb4f6a092ddcb

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18073
MD5 38ee163b193d8b3dbaed29c3edd9332e
SHA1 9a525f5792bf2f01088ced0c4fb346ca820af546
SHA256 b48c12b91b9f2a2371f3c5602b6e531dbce77662068bd737415de2f0931fa8c7
SHA3 d870e4cb414c3e405e1d76b87a6650a5c9c3141eda1eda207034bb6304404fe6

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05232
MD5 efd7367e0c935fff330ce2b27e4e10a0
SHA1 e41f3a6aa937efc73ae0e30c6751f5e09c661d52
SHA256 b6c6f66305362100c89d129d32b2d5fa069fd0da7ed5725197444ffa23566cbe
SHA3 56bb969b6526793710f7b3b18cc4862d34240f8b633730ba6b7e191e97baae5c

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.75162
MD5 f68a43230d48bb24badeb9062cb73f48
SHA1 68fdb46a34869ea1f58283262958782cbc637181
SHA256 2b4fd6d5f97086f9963fe9f6fb51085979a0cea3767f76ef5396b221d5a4ae9e
SHA3 e7f49be1d3176a745a5ae53558a096486ef1beaafac1cf82247a1aea2867c4d7

129

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x110
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01562
MD5 c41825d2b553ffcd715506cc596465e1
SHA1 a539b1aa751b67b9cc11311e3cc5a1c6c43fb993
SHA256 9f2ef1b5c936189c6d778503006d47492f179f24f3941a280c7494e3992df274
SHA3 d3124e5a4c77aba5fd398400c84aa65177d44f765c8e0b9e76215c4f56634781

128

Type RT_ACCELERATOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x70
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.94747
MD5 0b4f5e6c2b2423486088a8e08e184edb
SHA1 2cec5761667eb71ef78d1ab3704fe09235ee54f4
SHA256 6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a
SHA3 a6cbca1b1b0d1a4d4c7a97a099b6a7fc381f4e432d441296e7930a70dd816dba

128 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62308
Detected Filetype Icon file
MD5 5c84b5099ac46312565be1aa2e21eff0
SHA1 25f00759b0e6641f9b423e6a52556c2e4e2796c3
SHA256 816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620
SHA3 17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x21c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.133
MD5 16c047b76e45f4f2c8e505c4abdcd619
SHA1 b677169b8a95f7866ef1b323a16cddf1bd582989
SHA256 5e6b7827b23282de572a977ab462f4fcc90bb391fb5d7c0284bcb271f4f19817
SHA3 34f34b09b8953a75959d99cedbb25a924a3401d74357f84e4f5de0efaddb979a

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x334
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.22706
MD5 488b6239c27ec4e3bbd65eadf63fc206
SHA1 11ac1c387036c7e683744f68f92554928c5ad2f4
SHA256 8190180016163570e8aaaee0a5fef947a318ef7791c09059cdfe10e0e66c94e8
SHA3 92604f2340f14963083bf7498518ead9800dbcf345c3c0e98537c98a250c7a08

129 (#2)

Type UNKNOWN
Language English - United States
Codepage Latin 1 / Western European
Size 0xaa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.67172
MD5 52bf0e8c43148f3df010e95a494bd97a
SHA1 76582ed3417324ca07b9db939f5e2904874ad495
SHA256 1b6edcd57618eb02e4745bf15bfce478d2d421c0ef7f69224604bad50bc204d8
SHA3 c5d2859e77d36edd2ff61bb9355b885e89eb8e21a1712f76fdaa75b072fb2b71

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileVersion (#2) 1.0
ProductVersion (#2) 1.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x6214e0
SEHandlerTable 0x609210
SEHandlerCount 516

RICH Header

XOR Key 0x44402ed4
Unmarked objects 0
Imports (VS2008 build 21022) 2
ASM objects (VS2008 build 21022) 15
150 (20413) 10
C objects (VS2012 build 50727 / VS2005 build 50727) 8
Total imports 564
Imports (VS2012 build 50727 / VS2005 build 50727) 31
C objects (VS2008 build 21022) 653
137 (VS2008 build 21022) 14
C objects (VS2008 SP1 build 30729) 9
C++ objects (VS2008 SP1 build 30729) 1
C++ objects (VS2008 build 21022) 63
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors

<-- -->