3715f8e2486410afd5e66ca9410e5632

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Apr-14 22:06:53

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .llrz
Section .llrz is both writable and executable.
The PE only has 0 import(s).
Malicious VirusTotal score: 29/56 (Scanned on 2020-04-24 07:24:23) MicroWorld-eScan: Trojan.Metasploit.D
ALYac: Trojan.Metasploit.D
Malwarebytes: Trojan.MalPack
BitDefender: Trojan.Metasploit.D
Cybereason: malicious.248641
Arcabit: Trojan.Metasploit.D
TrendMicro: Trojan.Win64.SHELMA.SMB1
ESET-NOD32: a variant of Win64/Rozena.M
APEX: Malicious
Kaspersky: HEUR:Trojan.Win32.Generic
Rising: Trojan.Kryptik!1.A2F4 (CLASSIC)
Ad-Aware: Trojan.Metasploit.D
MaxSecure: Virus.Nimnul.Crpt
Invincea: heuristic
Trapmine: malicious.high.ml.score
FireEye: Generic.mg.3715f8e2486410af
Emsisoft: Trojan.Metasploit.D (B)
GData: Win64.Trojan.Rozena.A
Jiangmin: Trojan.Generic.auyjj
MAX: malware (ai score=83)
Endgame: malicious (high confidence)
ZoneAlarm: HEUR:Trojan.Win32.Generic
AhnLab-V3: Trojan/Win64.Shelma.R274246
Acronis: suspicious
Cylance: Unsafe
TrendMicro-HouseCall: Trojan.Win64.SHELMA.SMB1
SentinelOne: DFI - Suspicious PE
Fortinet: W64/Rozena.J!tr
CrowdStrike: win/malicious_confidence_100% (D)

Hashes

MD5 3715f8e2486410afd5e66ca9410e5632
SHA1 87d8767e3a6c34af96db7e7dfbb7aeba06d1b85c
SHA256 5359dd03552d58a53f7591428e6f616aef9d5fdffddd4a59da4f417fdef7eae2
SHA3 4d810da13033cbf32c0573a8d45c7e64c3ea11cfbc1e8bb0c5b32c0cae5e80cd
SSDeep 24:eFGStrJ9u0/6VhnZZkBQAVoaYNq9KZqPeNDMSCvOXpmB:is0MlkBQVts9pSD9C2kB
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2010-Apr-14 22:06:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 1.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000004000 (Section: .llrz)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4278
SizeOfHeaders 0x248
Checksum 0xc6e2
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e895e0557c6cff102834714b9094232f
SHA1 216e39dc00c894be6cbce2e377b11c1222b19f78
SHA256 c2aa1f01a2a36387736a7953a890f0f4ac69dc3e51b00b1d6a276edd43994139
SHA3 30045035d7b330f8fc270966251904dc74750c4d85aa87258f6c5fcc3213c442
VirtualSize 0x104e
VirtualAddress 0x1000
SizeOfRawData 0x1200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.207656

.rdata

MD5 9f5aa54cc0ec7daf86d2552df92de19f
SHA1 34b398c566ab5a8d27f3acdd410fa01c4594f4be
SHA256 33214640d77ad2550d24c0191b3de68f998c9ee8d75f761fed7a46e14fa0bbb0
SHA3 cdebf38d8897c20b2792a057db635aa8225c68d1cda5b1ece088aa4c51e40d03
VirtualSize 0x84
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.963087

.llrz

MD5 f7b5b4b72aba1d33ad74e6732f1ec2c6
SHA1 bd5facb2e9168844a7066780094ce456d04e5a83
SHA256 9f78d587ea08d366e78ec7c886f84db459e5949e278adafa5122fe522440a607
SHA3 b73557bc020528a4b70e74d6dd7247619dd99a46d78ace65269656fad9915f0b
VirtualSize 0x278
VirtualAddress 0x4000
SizeOfRawData 0x400
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.29601

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8e7f457d
Unmarked objects 0
Imports (VS2012 build 50727 / VS2005 build 50727) 3
Total imports 2
ASM objects (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

[!] Error: Could not read an import's name. [!] Error: Could not read an IMAGE_BASE_RELOCATION!
<-- -->