4346df085c353067ee69667e2e49d9b8

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Oct-09 13:49:44
Detected languages English - United States
Debug artifacts C:\Users\Reply\source\repos\MagicPot\Release\MagicPot.pdb

Plugin Output

Malicious VirusTotal score: 6/67 (Scanned on 2021-10-15 17:36:39) APEX: Malicious
Cynet: Malicious (score: 100)
Microsoft: Trojan:Win32/Sabsik.FL.A!ml
VBA32: BScope.TrojanSpy.Keylogger
Cylance: Unsafe
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 4346df085c353067ee69667e2e49d9b8
SHA1 457d829b0f749353d6e3159cb5b533832b21faa8
SHA256 9337334bc1fbe2791856b9de96ab1c06dd1f96028f00a22257c0a8736c1bebb1
SHA3 772f7268e1daf106221aeff03bedcdef029cdd092d729e27ce52933c459e36ad
SSDeep 192:T2f4RXDJI0MwzCbwnToIMZjOSBzvBb6I81/47E5pz3JoZ5dP7P6:T2fsXDJPzOwnTjMZjrBzvlEg7pDdP7P
Imports Hash 910c129566c7e5b7c52e1b9b37d9d7e8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2021-Oct-09 13:49:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1600
SizeOfInitializedData 0x2200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001A08 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9b28a7c80ddb0e8f39901feb4354ecae
SHA1 8542f698c7c5806fd71fb52ce2545efa38547371
SHA256 29133773490dbc962c9481553b802d7949c90f07bd2bef09b1c504f1d9998529
SHA3 427644f5e5a79ee345ecd9062543b4ddc5d896e313c2f830491fc1193b9757c2
VirtualSize 0x157a
VirtualAddress 0x1000
SizeOfRawData 0x1600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.31167

.rdata

MD5 e4e9abafae1a280c8095fc933bc70f45
SHA1 330a8a64d3706bd2238868daf53bfb7f893411f7
SHA256 4908ec7fb41a16e4dce2eca114de2da38879e5edfd0981a9db504fb8c5646518
SHA3 11fbfa76310e08e926dbf42bad0db946829c36de2114e2c02e44903846829609
VirtualSize 0x1488
VirtualAddress 0x3000
SizeOfRawData 0x1600
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.55191

.data

MD5 97917ba47d992f18d55106666ab604e6
SHA1 eed244e48135ec9e0840d9eca3f0649922762e5a
SHA256 b4885f25bd85205b76f8ca6582f640100851df5ae027d19ea889f0927f1b188e
SHA3 8d6c08da0f8c99f066e79855a857f7d1790b1bf03bc148b9a8f9c435b0ab4dca
VirtualSize 0x498
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.01872

.rsrc

MD5 d223c232889289f7388583adeff234e1
SHA1 c626ea22a142a61f8fae49784e0bf3b394949d93
SHA256 8d0e65473c37914d5f13864b6a4bceff6a94c8ea650ea1df6a5fd1ccd89d3aa3
SHA3 ef5414bed58ea3506d9b5314f7fe1d09d85dd0f20a21c81d881da7659997b852
VirtualSize 0x1e0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6976

.reloc

MD5 878c7790addaa84b5cdea2ec6153e8a5
SHA1 e04d697495445f37a8fd4275187aa148c382d211
SHA256 2b0be0be94b1c1e54422cf43d63b055936ebb5ce491223d95cafb7a1763ae1bc
SHA3 cd6859a4db630ae8d5255a7a34300d6ca757302cf3e7babbe87ae5ea6266f201
VirtualSize 0x314
VirtualAddress 0x7000
SizeOfRawData 0x400
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.51426

Imports

KERNEL32.dll Sleep
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
VCRUNTIME140.dll _except_handler4_common
__std_exception_copy
__std_exception_destroy
memset
__current_exception_context
__current_exception
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll fseek
__stdio_common_vfprintf
__p__commode
_set_fmode
getchar
__stdio_common_vfscanf
fopen_s
__acrt_iob_func
api-ms-win-crt-string-l1-1-0.dll strncpy_s
api-ms-win-crt-heap-l1-1-0.dll malloc
_set_new_mode
_callnewh
free
api-ms-win-crt-runtime-l1-1-0.dll _cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_configure_narrow_argv
_exit
__p___argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
exit
_seh_filter_exe
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_initialize_narrow_environment
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2021-Oct-09 13:49:44
Version 0.0
SizeofData 82
AddressOfRawData 0x39f8
PointerToRawData 0x23f8
Referenced File C:\Users\Reply\source\repos\MagicPot\Release\MagicPot.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2021-Oct-09 13:49:44
Version 0.0
SizeofData 20
AddressOfRawData 0x3a4c
PointerToRawData 0x244c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2021-Oct-09 13:49:44
Version 0.0
SizeofData 676
AddressOfRawData 0x3a60
PointerToRawData 0x2460

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2021-Oct-09 13:49:44
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xbc
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x405004
SEHandlerTable 0x4039dc
SEHandlerCount 1

RICH Header

XOR Key 0x6d550479
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (30034) 2
C++ objects (30034) 24
C objects (30034) 12
ASM objects (30034) 1
Imports (27412) 3
Total imports 62
265 (30133) 1
Resource objects (30133) 1
Linker (30133) 1

Errors

<-- -->