Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Mar-30 21:11:41 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. The PE only has 9 import(s). |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource 102 is possibly compressed or encrypted.
Resource 105 is possibly compressed or encrypted. Resource 106 is possibly compressed or encrypted. Resource 107 is possibly compressed or encrypted. Resource 108 is possibly compressed or encrypted. Resource 111 is possibly compressed or encrypted. Resource 112 is possibly compressed or encrypted. Resource 113 is possibly compressed or encrypted. Resource 115 is possibly compressed or encrypted. Resource 101 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 49/71 (Scanned on 2024-04-26 21:14:37) |
ALYac:
Misc.Keygen
APEX: Malicious AVG: Win32:MiscX-gen [PUP] AhnLab-V3: Unwanted/Win32.KeyGen.R280659 Antiy-AVL: GrayWare/Win32.Presenoker Arcabit: Trojan.Application.Keygen.22 Avast: Win32:MiscX-gen [PUP] BitDefender: Gen:Variant.Application.Keygen.22 BitDefenderTheta: Gen:NN.ZexaF.36804.ImGfaW4oWWoG Bkav: W32.Common.57A60A11 CAT-QuickHeal: Trojan.Fuerboos Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS ESET-NOD32: a variant of Win32/Keygen.ADF potentially unsafe Elastic: malicious (moderate confidence) Emsisoft: Gen:Variant.Application.Keygen.22 (B) FireEye: Generic.mg.45051225e4e19832 Fortinet: Riskware/KeyGen GData: Gen:Variant.Application.Keygen.22 Google: Detected Gridinsoft: Trojan.Win32.Agent.dg Ikarus: Trojan.Win32.Agent Jiangmin: Trojan.PE.er K7AntiVirus: Unwanted-Program ( 005329e01 ) K7GW: Unwanted-Program ( 005329e01 ) Lionic: Trojan.Win32.Generic.4!c MAX: malware (ai score=100) Malwarebytes: Generic.Malware.AI.DDS MaxSecure: Trojan.Malware.241378900.susgen McAfee: RDN/Generic PUP.z MicroWorld-eScan: Gen:Variant.Application.Keygen.22 Microsoft: HackTool:Win32/Keygen NANO-Antivirus: Trojan.Win32.Kryptik.htfnpi Paloalto: generic.ml Panda: PUP/Hacktool Rising: Trojan.Tiggre!8.ED98 (CLOUD) SUPERAntiSpyware: Hack.Tool/Gen-KeyGen Skyhigh: BehavesLike.Win32.Generic.hc Sophos: Generic Reputation PUA (PUA) Symantec: PUA.Keygen TrendMicro: PUA.Win32.KeyGen.CRRM TrendMicro-HouseCall: PUA.Win32.KeyGen.CRRM VIPRE: Gen:Variant.Application.Keygen.22 Varist: W32/ABTrojan.GQWI-4961 Webroot: W32.Trojan.Gen Xcitium: Malware@#15oxy75hbjv7n Yandex: Trojan.Igent.bRVtlK.1 Zillya: Trojan.Keygen.Win32.110 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2019-Mar-30 21:11:41 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x89000 |
SizeOfInitializedData | 0x3000 |
SizeOfUninitializedData | 0x1a6000 |
AddressOfEntryPoint | 0x0022F020 (Section: UPX1) |
BaseOfCode | 0x1a7000 |
BaseOfData | 0x230000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x233000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
CryptGenRandom
|
---|---|
GDI32.dll |
BitBlt
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess GetProcAddress VirtualProtect |
SHELL32.dll |
SHBrowseForFolderA
|
USER32.dll |
GetDC
|
WINMM.dll |
waveOutOpen
|
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x59fcd8 |
SEHandlerTable | 0x42b3e0 |
SEHandlerCount | 1421 |
XOR Key | 0x1a802e9e |
---|---|
Unmarked objects | 0 |
ASM objects (VS2015/2017 runtime 25711) | 23 |
C++ objects (VS2015/2017 runtime 25711) | 164 |
C objects (VS2015/2017 runtime 25711) | 24 |
ASM objects (VS2017 v15.6.6 compiler 26131) | 24 |
C++ objects (VS2017 v15.6.6 compiler 26131) | 123 |
C objects (VS2017 v15.6.6 compiler 26131) | 34 |
19 (8034) | 2 |
C++ objects (LTCG) (VS2017 v15.7.4 compiler 26431) | 27 |
C++ objects (VS2017 v15.7 compiler 26428) | 34 |
Imports (VS2015/2017 runtime 25711) | 11 |
Total imports | 186 |
C++ objects (VS2017 v15.7.4 compiler 26431) | 5 |
Resource objects (VS2017 v15.7.4 compiler 26431) | 1 |
Linker (VS2017 v15.7.4 compiler 26431) | 1 |