497b82f2781b17f9784b9b5976df2d73

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Oct-10 16:49:33

Plugin Output

Suspicious The PE is packed with kkrunchy Unusual section name found: kkrunchy
Section kkrunchy is both writable and executable.
The PE only has 2 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 32/66 (Scanned on 2018-11-10 03:50:17) Bkav: HW32.Packed.
MicroWorld-eScan: Gen:Packer.Krucky.B.deW@aKk7@zp
CAT-QuickHeal: Trojan.IGENERIC
McAfee: Artemis!497B82F2781B
Malwarebytes: Trojan.Agent
Invincea: heuristic
Cyren: W32/Trojan.LWGA-9318
Symantec: Trojan.Gen.2
TrendMicro-HouseCall: TROJ_GEN.R002H09JB18
Paloalto: generic.ml
BitDefender: Gen:Packer.Krucky.B.deW@aKk7@zp
Avast: Win32:Malware-gen
Ad-Aware: Gen:Packer.Krucky.B.deW@aKk7@zp
F-Secure: Gen:Packer.Krucky.B.deW@aKk7@zp
VIPRE: Trojan.Win32.Generic!BT
McAfee-GW-Edition: Artemis
Emsisoft: Gen:Packer.Krucky.B.deW@aKk7@zp (B)
SentinelOne: static engine - malicious
MAX: malware (ai score=100)
Endgame: malicious (high confidence)
Arcabit: Gen:Packer.Krucky.B.E62F04
Microsoft: Trojan:Win32/Occamy.C
ALYac: Gen:Packer.Krucky.B.deW@aKk7@zp
VBA32: Malware-Cryptor.General.3
Cylance: Unsafe
Ikarus: Gen.Packer.Krucky
GData: Gen:Packer.Krucky.B.deW@aKk7@zp
AVG: Win32:Malware-gen
Cybereason: malicious.2781b1
Panda: Trj/CI.A
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: HEUR/QVM19.1.7631.Malware.Gen

Hashes

MD5 497b82f2781b17f9784b9b5976df2d73
SHA1 dda1df894d36e2ac48601a88b17ed7e179a872d3
SHA256 fb7c335debedea3164c66261ce5841a8e0a26934176f936352e28be78ade1622
SHA3 c96ecc3fc20a8a561652455c08e4cdae7d2de92248398a0f56e1c17b8eee66c0
SSDeep 1536:zV35yEz+lDaY5mR10JYpHo1l8rBYci125A:z15yEzIWmmR1rpH08rBYZ125A
Imports Hash 87bed5a7cba00c7e1f4015f1bdae2183

DOS Header

e_magic MZ
e_cblp 0x6166
e_cp 0x6272
e_crlc 0x6172
e_cparhdr 0x7375
e_minalloc 0x6863
e_maxalloc 0x4550
e_ss 0
e_sp 0x14c
e_csum 0x1
e_ip 0x2d9d
e_cs 0x5bbe
e_ovno 0
e_oemid 0x10b
e_oeminfo 0x6
e_lfanew 0xc

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 1
TimeDateStamp 2018-Oct-10 16:49:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0x88
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x5000
SizeOfInitializedData 0x57000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000CC2C (Section: kkrunchy)
BaseOfCode 0x1000
BaseOfData 0xc
ImageBase 0x3e0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xba2000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 5

kkrunchy

MD5 9c547d558a01246f2e2dd15b9ee165ba
SHA1 abcb9862ec30774881747aeaa49c41e568e97495
SHA256 6c48a76e3aa0243b2d70f707f30ecf6ee9beb86ecf5fdb5d9b38d4da5acc892d
SHA3 a3c905fbcc0117bc88ae9932946cddb529862f3ad3f3c2ef6da4f3fc7bce2baf
VirtualSize 0xba0e89
VirtualAddress 0x1000
SizeOfRawData 0xc200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99255

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->