3d1cc4ef33bad0e39c757fce317ef82a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: PeStubOEP v1.x
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Leverages the raw socket API to access the Internet:
  • WSAGetOverlappedResult
Malicious VirusTotal score: 54/71 (Scanned on 2020-01-13 06:51:12) MicroWorld-eScan: Gen:Win32.AV-Killer.ItW@aei5Gqj
CAT-QuickHeal: Worm.vinf
McAfee: Trojan-Ransom.b
Cylance: Unsafe
Zillya: Trojan.AntiAV.Win32.11788
Sangfor: Malware
CrowdStrike: win/malicious_confidence_100% (W)
Alibaba: Trojan:Win32/Antavmu.2b943168
K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
Invincea: heuristic
F-Prot: W32/Ransom.AEY
Symantec: Downloader
ESET-NOD32: a variant of Win32/Filecoder.Snake.A
Avast: Win32:Malware-gen
Kaspersky: Trojan.Win32.Antavmu.asdd
BitDefender: Gen:Win32.AV-Killer.ItW@aei5Gqj
Paloalto: generic.ml
ViRobot: Trojan.Win32.S.SnakeRansom.3718656
Rising: Ransom.Killpror!8.115E0 (CLOUD)
Endgame: malicious (moderate confidence)
Sophos: Troj/Ransom-FUJ
Comodo: Malware@#3hlbu4qfgaf2f
F-Secure: Trojan.TR/Antavmu.tygqh
DrWeb: Trojan.PWS.Siggen2.41204
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: Ransom.Win32.EKANS.A
McAfee-GW-Edition: BehavesLike.Win32.Downloader.wm
FireEye: Gen:Win32.AV-Killer.ItW@aei5Gqj
Emsisoft: Gen:Win32.AV-Killer.ItW@aei5Gqj (B)
Cyren: W32/Trojan.AQQM-5188
Jiangmin: Trojan.Antavmu.eyp
Webroot: W32.Ransom.Snake
Avira: TR/Antavmu.tygqh
Antiy-AVL: Trojan/Win32.Antavmu
Microsoft: Ransom:Win32/Killpror!MSR
Arcabit: Gen:Win32.AV-Killer.E64FB6
AegisLab: Trojan.Win32.Antavmu.4!c
ZoneAlarm: Trojan.Win32.Antavmu.asdd
GData: Gen:Win32.AV-Killer.ItW@aei5Gqj
AhnLab-V3: Trojan/Win32.FileCoder.C3866073
VBA32: Trojan.AntiAV
ALYac: Trojan.Ransom.Filecoder
MAX: malware (ai score=100)
Ad-Aware: Gen:Win32.AV-Killer.ItW@aei5Gqj
TrendMicro-HouseCall: Ransom.Win32.EKANS.A
Tencent: Win32.Trojan.Filecoder.Lkee
Ikarus: Trojan-Ransom.Snake
MaxSecure: Trojan.Malware.74756041.susgen
Fortinet: W32/Antavmu.ASDD!tr.ransom
BitDefenderTheta: Gen:NN.ZexaF.34080.ItW@aei5Gqj
AVG: Win32:Malware-gen
Panda: Trj/CI.A
Qihoo-360: Win32/Trojan.07f

Hashes

MD5 3d1cc4ef33bad0e39c757fce317ef82a
SHA1 f34e4b7080aa2ee5cfee2dac38ec0c306203b4ac
SHA256 e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60
SHA3 d72475d8306eeb6657444216cfb3627cbb0904e318f546768a90f54da2284785
SSDeep 49152:QAdGB73ejP3+EMfRdASVaAvrC5Xh602+:QAgR3epMjASHch
Imports Hash 96c44fa1eee2c4e9b9e77d7bf42d59e6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x38bc00
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x375800
SizeOfInitializedData 0x15c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00048E70 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x377000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3a4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e2fb2d843f5fff39c8f7a5285456e7bb
SHA1 d903b8c142988759d28568f148f589719e012428
SHA256 e81175a78a645989dcd5956de1d5af54b25065d4067cb1e09629d832fc3da157
SHA3 2ff140ddbbbf6e7187a08737417fb84acf0c58abe21d30cdff6abc84292c0496
VirtualSize 0x375708
VirtualAddress 0x1000
SizeOfRawData 0x375800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.75708

.data

MD5 3392592e512a8b3eca9c020bcda01fa6
SHA1 7cca7eb42533eb57a2070d5e21936a1de8a14d2d
SHA256 9b050557592ca5c65759716bd46de81c85f2a4cc95a0485163ac8aff67a0fa48
SHA3 8ee77918a8a463d55164b2cd71c818d1cea84ca3a84e13cd8862be7873dfa333
VirtualSize 0x2a688
VirtualAddress 0x377000
SizeOfRawData 0x15c00
PointerToRawData 0x375c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.48209

.idata

MD5 1d0ced8b2d7ad9f05b7c986fb63c6026
SHA1 1581e944723e8486e14d42f2e09082b94fa3c372
SHA256 e42a5f5e5873fbfe4df0749f3d4904eb5f524c2c038baf46b48a119aacf5a78c
SHA3 5d8869b0246912032adc6c95b53e092a3f11f8dff638577b76a875b07d610895
VirtualSize 0x372
VirtualAddress 0x3a2000
SizeOfRawData 0x400
PointerToRawData 0x38b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.30838

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x3a3000
SizeOfRawData 0x200
PointerToRawData 0x38bc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

winmm.dll timeEndPeriod
timeBeginPeriod
ws2_32.dll WSAGetOverlappedResult
kernel32.dll WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors