3b18f48ec23c1563ae1a71461563c29e9602bb5502bebc39cedabc288997d194

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2010-Nov-08 13:12:00

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Info The PE's resources present abnormal characteristics. Resource B is possibly compressed or encrypted.
Malicious VirusTotal score: 5/71 (Scanned on 2025-04-28 10:54:57) APEX: Malicious
Cylance: Unsafe
DrWeb: Trojan.MulDrop2.41490
Jiangmin: HackTool.KMSAuto.en
SentinelOne: Static AI - Suspicious PE

Hashes

MD5 1ef8f18c6d7a255720276dc6eff2f9f6
SHA1 fc378fb3816e42b8c8b4861cbe9bbb3351571475
SHA256 3b18f48ec23c1563ae1a71461563c29e9602bb5502bebc39cedabc288997d194
SHA3 75b2e3604914824e334c61a0f0d7a02d24a7f5bfbf6db4fb2d53adc30a42da3d
SSDeep 384:gQkZbV8i+fIZFQyZpz0q7bYKkxRjK36ct14yvXbB75zKMmaNJawcudoD7UoOv:DGcAPQIpz0Mb18Kdt14yvLhlHHnbcuy
Imports Hash 1d88d597200c0081784c27940d743ec5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2010-Nov-08 13:12:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x5000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x9000
AddressOfEntryPoint 0x0000E400 (Section: UPX1)
BaseOfCode 0xa000
BaseOfData 0xf000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x10000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 344c1d563be7f2e0f77dccc3a656634b
SHA1 d6ba8cc295d08919bb4ca1ed62806e5e6cdca1bf
SHA256 37fb18b1681336eed0008af67d028b526407e3286e9022cdfa4f51ff2a2761a1
SHA3 b35105999b05996692bee01bebb024fda81c866a8655a1025c8a58697e80d792
VirtualSize 0x5000
VirtualAddress 0xa000
SizeOfRawData 0x5000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.90571

.rsrc

MD5 b74f7e65fbc654b807738e013739977a
SHA1 c5d1eee3093bdb53439f4d44c156a0c074a743af
SHA256 92de1253e6cd0f29057ed991973c49a186fb60a6432e65b235e03a4bf1992ce6
SHA3 c0532c601bb7bd62f599f1acf1dcfd300f8e2102fa14818f02931204b90fed6c
VirtualSize 0x1000
VirtualAddress 0xf000
SizeOfRawData 0x600
PointerToRawData 0x5200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.58085

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
COMCTL32.dll InitCommonControls
GDI32.dll SetBkColor
MSVCRT.dll memset
OLE32.dll CoInitialize
SHELL32.dll ShellExecuteExA
SHLWAPI.dll PathQuoteSpacesA
USER32.dll IsChild

Delayed Imports

B

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x288
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.69769
MD5 56ec9a47eda5d6be58fe4fbf8b646b03
SHA1 5f4bdfdf129672442900a13518e6728cf3dbdffa
SHA256 902a26eba690e31337415279e07392ec7363cba8c2056fe45a9cebc91f318fe1
SHA3 2de70c59589845cb2fbeeac7ee77aa81690d6f209066fa0560b0968ae95bbfff

N

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x17
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.43661
MD5 5c392ed68c5dbce9b2975aecc34ffb9e
SHA1 01e9038328f3d0ecd178db0e0df54e73d0c38e3a
SHA256 44e2865f199186d94da9988cf0719c7eac1791c7e6b2e53aec379e39782dc39a
SHA3 c98db26ed0d6e9bb0293d1d43511810c74ec639cbe7b44ef5a79033e07c0ac29

O

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.58496
MD5 39d0eb67c837b6d965de7d1ad8f42ef4
SHA1 d320fc129e4a125100c47763a6a2aed435a8380f
SHA256 ea0eaaaf547becd999d64f1fd61e77f679458c3d5060ab966d82e305c2aa40cd
SHA3 c39e376cddd37ba8c08a65edf964e2d5166e6d3d4ea1d9dc38de50ad13222f79

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x263
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.92322
MD5 841795bb3b61ebd511249778aa26af77
SHA1 59f426938522ef9906b0740821e8cc270d1ca897
SHA256 be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7
SHA3 5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.