522adc8aec9ce16adc333ef1b75fcf63

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Nov-14 10:50:47
Detected languages English - United States
Debug artifacts c:\Road\discuss\Than\Make\neighbor\Earlyrock.pdb
CompanyName SportsSignup Radio
FileDescription Togetherpound
InternalName typematerial.exe
LegalCopyright Copyright© 2015 - 2017 SportsSignup Radio, Inc.
OriginalFilename typematerial.exe
ProductName Togetherpound
ProductVersion 9.3.57.92

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
  • CreateFileW
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Enumerates local disk drives:
  • GetVolumeInformationA
 Manipulates other processes:
  • OpenProcess
Malicious VirusTotal score: 39/67 (Scanned on 2018-11-21 22:16:12) MicroWorld-eScan: Trojan.Ranapama.ABT
McAfee: RDN/Generic.grp
Cylance: Unsafe
BitDefender: Trojan.Ranapama.ABT
TrendMicro: TROJ_GEN.R00AC0PKH18
F-Prot: W32/S-a328b1bd!Eldorado
Symantec: Trojan.Gen.MBT
ESET-NOD32: a variant of Win32/Kryptik.GMTU
TrendMicro-HouseCall: TROJ_GEN.R00AC0PKH18
Paloalto: generic.ml
NANO-Antivirus: Trojan.Win32.Kryptik.fkjjlm
Avast: Win32:Malware-gen
Ad-Aware: Trojan.Ranapama.ABT
Sophos: Mal/Generic-S
F-Secure: Trojan.Ranapama.ABT
Invincea: heuristic
McAfee-GW-Edition: RDN/Generic.grp
Emsisoft: Trojan.Ranapama.ABT (B)
SentinelOne: static engine - malicious
Cyren: W32/Trojan.SVJS-2048
Webroot: W32.Trojan.Gen
Avira: TR/AD.Ursnif.tje
Antiy-AVL: Trojan/Win32.GenKryptik
Microsoft: Trojan:Win32/Emotet!rfn
Endgame: malicious (high confidence)
Arcabit: Trojan.Ranapama.ABT
AegisLab: Trojan.Win32.Ranapama.4!c
GData: Trojan.Ranapama.ABT
TACHYON: Trojan/W32.Agent.500224.DW
AhnLab-V3: Trojan/Win32.Ursnif.R244864
ALYac: Spyware.Ursnif
MAX: malware (ai score=81)
Malwarebytes: Trojan.Ursnif
Rising: Trojan.Kryptik!1.B4E9 (CLASSIC)
Ikarus: Trojan-Banker.IcedID
Fortinet: W32/GenKryptij.CRRJ!tr
AVG: Win32:Malware-gen
Panda: Trj/GdSda.A
CrowdStrike: malicious_confidence_90% (W)

Hashes

MD5 522adc8aec9ce16adc333ef1b75fcf63
SHA1 198858d5b8e34772dc6fbced45af4a03f97cd0d1
SHA256 5f0da2f13e61703e9101af3aa1de524aea62561fbb3c52a75cceb797c478704e
SHA3 4da3636b1b3f5edc7b3f460cacc6150174a072713cfd8c931f68ff26a04680f2
SSDeep 6144:0oiGIdbEAVa6tGfeRcgzNfNOkXcnii8rmCikLdXPT:0oiZdAAgKzNlxsii8HPT
Imports Hash 5792e47dd70d029a67ac6962269dcad3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2016-Nov-14 10:50:47
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x34000
SizeOfInitializedData 0x4fc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00008AF1 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x35000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x88000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f9accb8df02d16900cabcbd3d8186c8d
SHA1 e7fc19953bde195dd96cc0a0967fac920d8a5623
SHA256 b1d71a23d86b1ce7e78eb1b5abbc7cd5b36c3187e493d572109423a7bfac1ab2
SHA3 206b3f2073b0127e20a198073b9121909ec1ca9bbde0df7631dd23c24d92ac54
VirtualSize 0x33fd1
VirtualAddress 0x1000
SizeOfRawData 0x34000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.80383

.rdata

MD5 127346a3cc853fcf51fb7893cb8d40de
SHA1 84766cc8e5c0736588f39e5628e80c2676a96828
SHA256 6596585017bb3ddc1f852a90465c69888fd0c7d8f9ad387c42aafb0e4ff1f06c
SHA3 abafd860871c6621c6b79ab4d9787d74b50e54909543f07c2472993ed3884438
VirtualSize 0x1649c
VirtualAddress 0x35000
SizeOfRawData 0x16600
PointerToRawData 0x34400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.59195

.data

MD5 2dd91196a46d222d045d6025151e830a
SHA1 1ce3f56d5018a08515aa1d16c8777f123bb4ea94
SHA256 27b786c0ccd64bb108a42da0d0433d516d12f63ec3e5f2a006908b7e0fc13934
SHA3 fea5340993b9d9dd8c7bcda65de5b3297cf7a24aa01356303813fa80978d0b7e
VirtualSize 0xae74
VirtualAddress 0x4c000
SizeOfRawData 0x1200
PointerToRawData 0x4aa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.13428

.gfids

MD5 a5029e6e7ea241a6a7e6d744a402decb
SHA1 3056e8ccb38163a347902484938f15c919e4dcd4
SHA256 d3459447a43b3b80a6ec2acd9fc654f10db88c071167e0bdf815cb06206e6199
SHA3 6db32ed1d67fceffef39a3e094f0056d33fd09cd6bf4731672cf8c518b7669af
VirtualSize 0x33c
VirtualAddress 0x57000
SizeOfRawData 0x400
PointerToRawData 0x4bc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.33149

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x58000
SizeOfRawData 0x200
PointerToRawData 0x4c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 95e6648702f9112eeed29c82fab939f5
SHA1 94ad3ceae221162a2aa2ebf6ffe6fb22d55bfa3c
SHA256 3bf386f13d2db80dac79a82ecdd78feb6c63fa8d090121610205bdeddd771ba4
SHA3 0bdc1f6611f281fd9c3a9d02c3ed53ee4b21fd2373174629c4e7afaaa568d659
VirtualSize 0x2b718
VirtualAddress 0x59000
SizeOfRawData 0x2b800
PointerToRawData 0x4c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.88143

.reloc

MD5 a63caa91bc7fcbdcca23958937324e4a
SHA1 b71320ffba8aca2c533151ea62ae68b929cc4cab
SHA256 7edf9e7f18597741d4974c535566135f51298a9e4d1544225ecaada0b810143a
SHA3 69d75753d55eb500d87fcc28934a104bf7996b05d7e8e2d1950b918bcb0d6a29
VirtualSize 0x2614
VirtualAddress 0x85000
SizeOfRawData 0x2800
PointerToRawData 0x77a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.50796

Imports

KERNEL32.dll GetCurrentDirectoryA
DuplicateHandle
GetModuleHandleA
OpenProcess
Sleep
GetTempPathA
CopyFileA
OpenMutexA
CreateFileA
GetCurrentThread
GetSystemDirectoryA
GetVolumeInformationA
GetVersionExA
LockResource
DeleteFileA
GetDateFormatA
ResetEvent
GetProcAddress
FindFirstChangeNotificationA
CreateDirectoryA
GetSystemTime
QueryPerformanceCounter
GetExitCodeProcess
CreateMutexA
GetEnvironmentVariableA
PeekNamedPipe
VirtualAlloc
DeviceIoControl
VirtualFree
GetCurrentProcess
LoadLibraryA
CreateFileW
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
GetCommandLineW
VirtualProtect
COMCTL32.dll ImageList_Destroy
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Remove
ole32.dll OleInitialize
CoRegisterClassObject
CoUninitialize
OleSetContainedObject
CoInitialize
OleUninitialize
CoRegisterSurrogate
SHLWAPI.dll PathGetDriveNumberA
PathFindFileNameA
wnsprintfA
PathIsUNCA
AssocQueryStringA
ADVAPI32.dll SystemFunction036

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x378f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94928
Detected Filetype PNG graphic file
MD5 61b728ce8b58f26ac067b8f12c588e5a
SHA1 1884ac12e16605fa3ce27b52bf4794841c208e14
SHA256 6d7661bf94e28262ccfd8fcb02a46c350cd62720533e3469af53de5bf1963b9d
SHA3 99134b2786f5d1158f045866f5d09ef6d1b005b0fcb75a7e63fea07fdbc2aa58

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.12071
MD5 922ed71997c43af46a53310da13ce3b6
SHA1 7b8b1068f551f0110516d7424ac0165e82f456c1
SHA256 bba34bf7e424665078d74e90359dea58587601a9421a0d3e8a308e33ff4f7746
SHA3 76b2b3799c9edb026fa354e44476f5e74bde9504ce95e80211935a3b226ab88c

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18416
MD5 63c9e4cb4dd835ddc91428ca235b2c7c
SHA1 05e98203db13534916ffa8555b3589829fea7ceb
SHA256 82230625b49d263c7b19cbb85dc162623bc3c76c727e4d2672541acec5cec786
SHA3 53471d14c5a2e8aca3c51c13263654d12419c2f4a2953e1d2772c47437a45bb5

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5488
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.62634
MD5 b37289a8c3ad1c4c4fd200070543c108
SHA1 679a0a092309b44d4d8e7114e17feb3277e6ad2b
SHA256 e515f52a622a7abc55aa4e09007b611ee183a5c0f48f23481ea508089e81a048
SHA3 d95fefcb4615b84cbe14967f470832781be00782f448973fddbbec33bad0c4e0

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.30807
MD5 2e1d6a2e9e95a9abd65f48863d50e9b3
SHA1 2d2b162814a9f3aa6e7ef42e7dd99e0c1f0328fb
SHA256 99149afa169c722813da5831bc214f52053996dc3d1c2e46913cf08f3f9a1448
SHA3 cda2dd275101cd2841b26cbb8d635b391cfc7dff72a9074749c46e191ad63249

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.54558
MD5 8a9a84874dbc304221886da7303a7eee
SHA1 ecd7129582066556202137f04a38071bad9c2055
SHA256 c36110328337e44175b9fc689afa247f7dc6cbbf70cb81e72034441ff2627c48
SHA3 7f47b319088ea5171d907d09fccf1a369c5669c3f02d967796e89db0c0deb697

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.61296
MD5 6db7cf14384cb844034c5b9777f62755
SHA1 18a4d71a284e5201048bd0df3269e7be4c1e12c1
SHA256 f93dde5cf99ed1116e4936f988fb61ffd3c0ebb206743996216ca68f6e2b7c06
SHA3 9abfa79b9b8a5af247bbed77197433bef2170da9eeaf88bcaee8945475e233ab

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.68063
MD5 6d6bc55ecaf3073e89c4f3ef80ccb960
SHA1 b23291dce2729494b174cf5ff74163f49c15b768
SHA256 4617a44d588762de69f78ccfcd71ef628053550bcab37f0210dc9b14730bad56
SHA3 da2de96456a91069dffdd524e472d8c0ed908e79778280ddb8b6abd6cb72de7d

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.45257
MD5 41c814a189ac088f478417d99c5a115f
SHA1 367081f04641bf7a7d27e54458fa6e27d4383747
SHA256 0f6490db570e5fdcd87bf2203276eddceb6250dd0e34abee6aac957d4fc58b91
SHA3 b1ee66ef5f15d77bfe16297e828cf65ca07eb802bdbc43448c07da18760fb71f

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03466
Detected Filetype Icon file
MD5 8bdd5086853163fd1aecfb4e615c836b
SHA1 2f8ae2ceedd15c90f2e184f26f020068eb930ff1
SHA256 672b1aded97ed8aeab7980445db85af90665edca01522a40b8cbb8ca62374ed4
SHA3 6f3d02c3430b62ba9a94029a89eb525f1255c099948a32d9fc79de03f919993f

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2f0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43351
MD5 f7457e9c310784689b0af9e2c6873e8e
SHA1 1c896db71d15c63f519597818b359f4d6c938a6c
SHA256 148898d7004af3e8378c626a73769eb06d089d1ee8c137cb37452a730954da7d
SHA3 65f66708d62a8ee6bb7502118b34e35d3b92266ec16bbb676414763e2940691a

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 9.3.57.92
ProductVersion 9.3.57.92
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName SportsSignup Radio
FileDescription Togetherpound
InternalName typematerial.exe
LegalCopyright Copyright© 2015 - 2017 SportsSignup Radio, Inc.
OriginalFilename typematerial.exe
ProductName Togetherpound
ProductVersion (#2) 9.3.57.92
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Nov-14 10:50:47
Version 0.0
SizeofData 73
AddressOfRawData 0x4929c
PointerToRawData 0x4869c
Referenced File c:\Road\discuss\Than\Make\neighbor\Earlyrock.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Nov-14 10:50:46
Version 0.0
SizeofData 20
AddressOfRawData 0x492e8
PointerToRawData 0x486e8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Nov-14 10:50:46
Version 0.0
SizeofData 1052
AddressOfRawData 0x492fc
PointerToRawData 0x486fc

TLS Callbacks

StartAddressOfRawData 0x458000
EndAddressOfRawData 0x458008
AddressOfIndex 0x44d730
AddressOfCallbacks 0x435270
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x44c1bc
SEHandlerTable 0x449130
SEHandlerCount 46

RICH Header

XOR Key 0xb0bbd221
Unmarked objects 0
241 (40116) 11
243 (40116) 147
242 (40116) 27
ASM objects (23406) 23
C++ objects (23406) 58
C objects (23406) 64
Imports (VS2008 SP1 build 30729) 11
Total imports 138
265 (VS2015 UPD1 build 23506) 1
Resource objects (VS2015 UPD1 build 23506) 1
Linker (VS2015 UPD1 build 23506) 1

Errors

<-- -->