4b6c0a24c94af5718792290afd24d1ad

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Jun-21 06:06:32
Comments desc
CompanyName comp
FileDescription
FileVersion 1.2.3.4
InternalName kUenkPut.exe
LegalCopyright
OriginalFilename kUenkPut.exe
ProductName Prod
ProductVersion 1.2.3.4
Assembly Version 1.2.3.4

Plugin Output

Suspicious The PE is possibly packed. The PE only has 0 import(s).
Malicious VirusTotal score: 19/69 (Scanned on 2021-06-21 19:29:16) Elastic: malicious (high confidence)
McAfee: Artemis!4B6C0A24C94A
Malwarebytes: Trojan.Crypt.MSIL.Generic
Sangfor: Trojan.Win32.Save.a
Alibaba: Backdoor:MSIL/GenKryptik.668e6b76
Symantec: Trojan.Gen.2
ESET-NOD32: a variant of MSIL/GenKryptik.FFJK
APEX: Malicious
Kaspersky: HEUR:Backdoor.MSIL.Mokes.gen
Avast: FileRepMalware
McAfee-GW-Edition: BehavesLike.Win64.Trojan.cc
Ikarus: Trojan-Spy.Agent
Microsoft: Backdoor:Win32/Bladabindi!ml
AegisLab: Trojan.MSIL.Mokes.m!c
ZoneAlarm: HEUR:Backdoor.MSIL.Mokes.gen
Cylance: Unsafe
SentinelOne: Static AI - Suspicious PE
eGambit: Unsafe.AI_Score_98%
AVG: FileRepMalware

Hashes

MD5 4b6c0a24c94af5718792290afd24d1ad
SHA1 63d3a2548c742ebc8860529dc1553ac947a38cf5
SHA256 b68ce9941d8b791752de72afd7f50817c12e50d5b6d42a621a65370dae67676e
SHA3 9f3b51b61cea075098b1c4a8508895dce5f10d1477390d06d00c251ec92d6832
SSDeep 3072:9tRGPdigqnrvixg9mXIc2T/E5uRsdiuSI87AFH2GKF3x:3RIAfrEgo4D/E5uRsguSI87AFH2GKF3
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2021-Jun-21 06:06:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x24a00
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2a000
SizeOfHeaders 0x200
Checksum 0x302ea
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 204337aac76248b9b578b7be05260bd0
SHA1 8d59545bc23adc8eff0a920bc4a5245a7e078dcf
SHA256 dd181ac525c201bdd5c810dfac5b450e1a6895b30dd8cbc208a1ca9ccee36ac8
SHA3 647fb66ad1af3d706309a98cd0ae049ac54417c9ec26788aa66fdb73201e578c
VirtualSize 0x24844
VirtualAddress 0x2000
SizeOfRawData 0x24a00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.05318

.rsrc

MD5 979afd12bf6f05cbcf3b39f07bae586e
SHA1 67c158286f3eb751d03a0230879adfb7f806116f
SHA256 8a9ec450957e6087412c4e029a77ad74509b3600440d32133e72e062ef918acf
SHA3 577b47941e3942926fc43d1df741440f0d8b0526e6b3767835205f8a2a1e4246
VirtualSize 0xd66
VirtualAddress 0x28000
SizeOfRawData 0xe00
PointerToRawData 0x24c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.58999

Imports

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x760
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.28185
MD5 3a2629979b76ea33828f3dc0f0d793bb
SHA1 131bfdc8cfcfabe17523d0ad512932c231053603
SHA256 3afd5aa06923b1bdca61df96f571553e3023529d33ec35ad83515c2b59393073
SHA3 12db49403601fbf2186933a49908eafa8631e28cea64b34885b3c8da5871e00f

AAAAAA

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 521451e89491d3a6a9553ea8af16297c
SHA1 807dd622013e554c3ceecb09752cb359466ea165
SHA256 7961753390913fce384b7a677276ba69c295a4ab41a41c2e3ef36fb6b0e05f68
SHA3 13372c0433b3d6ffec6c8af65e36d7a113bbda5c33967fbbc94d80773b33b60b

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31895
MD5 987f4b19bcfa241de6c9d2a733ed18a6
SHA1 432480bcefc09f7dbcde01c09890458b01fad4e4
SHA256 8788f93332898c872bc36509833eaf6fa67bf1192ca5ba4ad150868447535e56
SHA3 db834dd5f57862f71963b332aad4c137c3a891e9b2d2b8f99ea4da7bfc76d815

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.2.3.4
ProductVersion 1.2.3.4
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments desc
CompanyName comp
FileDescription
FileVersion (#2) 1.2.3.4
InternalName kUenkPut.exe
LegalCopyright
OriginalFilename kUenkPut.exe
ProductName Prod
ProductVersion (#2) 1.2.3.4
Assembly Version 1.2.3.4
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->