Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 1970-Jan-01 00:00:00 |
Suspicious | PEiD Signature: | PeStubOEP v1.x |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Suspicious | The PE is possibly packed. | Unusual section name found: .symtab |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 56/71 (Scanned on 2020-01-30 06:43:46) |
MicroWorld-eScan:
Gen:Win32.AV-Killer.ItW@aei5Gqj
CAT-QuickHeal: Worm.vinf McAfee: Trojan-Ransom.b Cylance: Unsafe Zillya: Trojan.AntiAV.Win32.11788 Sangfor: Malware CrowdStrike: win/malicious_confidence_100% (W) Alibaba: Trojan:Win32/Antavmu.2b943168 K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Invincea: heuristic F-Prot: W32/Ransom.AEY Symantec: Downloader ESET-NOD32: a variant of Win32/Filecoder.Snake.A APEX: Malicious Paloalto: generic.ml ClamAV: Win.Ransomware.Snake-7546377-0 Kaspersky: Trojan.Win32.Antavmu.asdd BitDefender: Gen:Win32.AV-Killer.ItW@aei5Gqj ViRobot: Trojan.Win32.S.SnakeRansom.3718656 Avast: Win32:Malware-gen Tencent: Win32.Trojan.Antavmu.Lkee Endgame: malicious (moderate confidence) Sophos: Troj/Ransom-FUJ Comodo: Malware@#3hlbu4qfgaf2f F-Secure: Trojan.TR/Antavmu.tygqh DrWeb: Trojan.Encoder.30786 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Ransom.Win32.EKANS.A McAfee-GW-Edition: BehavesLike.Win32.Downloader.wm FireEye: Gen:Win32.AV-Killer.ItW@aei5Gqj Emsisoft: Gen:Win32.AV-Killer.ItW@aei5Gqj (B) Cyren: W32/Trojan.AQQM-5188 Jiangmin: Trojan.Antavmu.eyp Webroot: W32.Ransom.Snake Avira: TR/Antavmu.tygqh Antiy-AVL: Trojan/Win32.Antavmu Microsoft: Ransom:Win32/Killpror!MSR Arcabit: Gen:Win32.AV-Killer.E64FB6 ZoneAlarm: Trojan.Win32.Antavmu.asdd GData: Gen:Win32.AV-Killer.ItW@aei5Gqj AhnLab-V3: Trojan/Win32.FileCoder.C3866073 Acronis: suspicious VBA32: Trojan.AntiAV ALYac: Trojan.Ransom.Filecoder MAX: malware (ai score=100) Ad-Aware: Gen:Win32.AV-Killer.ItW@aei5Gqj TrendMicro-HouseCall: Ransom.Win32.EKANS.A Rising: Ransom.Killpror!8.115E0 (CLOUD) Ikarus: Trojan-Ransom.Snake MaxSecure: Trojan.Malware.74756041.susgen Fortinet: W32/Filecoder.SNAKE.A!tr.ransom BitDefenderTheta: Gen:NN.ZexaF.34084.ItW@aei5Gqj AVG: Win32:Malware-gen Panda: Trj/CI.A Qihoo-360: Win32/Trojan.07f |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0x4 |
e_cparhdr | 0 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0x8b |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 1970-Jan-01 00:00:00 |
PointerToSymbolTable | 0x38bc00 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 3.0 |
SizeOfCode | 0x375800 |
SizeOfInitializedData | 0x15c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00048E70 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x377000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3a4000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
winmm.dll |
timeEndPeriod
timeBeginPeriod |
---|---|
ws2_32.dll |
WSAGetOverlappedResult
|
kernel32.dll |
WriteFile
WriteConsoleW WaitForSingleObject VirtualFree VirtualAlloc SwitchToThread SetWaitableTimer SetUnhandledExceptionFilter SetProcessPriorityBoost SetEvent SetErrorMode SetConsoleCtrlHandler LoadLibraryA LoadLibraryW GetSystemInfo GetStdHandle GetQueuedCompletionStatus GetProcessAffinityMask GetProcAddress GetEnvironmentStringsW GetConsoleMode FreeEnvironmentStringsW ExitProcess DuplicateHandle CreateThread CreateIoCompletionPort CreateEventA CloseHandle AddVectoredExceptionHandler |