| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2019-Mar-26 02:56:17
|
| Detected languages |
Chinese - PRC
English - United States
|
| FileVersion |
1.4.1009.0
|
| ProductVersion |
1.4.1009.0
|
| Suspicious |
This PE is packed with VMProtect |
Unusual section name found: .vmp0
Unusual section name found: .vmp1
|
| Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Possibly launches other programs:
Has Internet access capabilities:
Leverages the raw socket API to access the Internet:
Functions related to the privilege level:
|
| Info |
The PE is digitally signed. |
Signer: Tencent Technology(Shenzhen) Company Limited
Issuer: DigiCert Assured ID Code Signing CA-1
|
| Suspicious |
VirusTotal score: 1/70 (Scanned on 2024-04-14 04:27:20) |
tehtris:
Generic.Malware
|
| MD5 |
546e1311d591db07aa34b454f023aeba
|
| SHA1 |
f3f41117ad2068c4a5023c60702b08a48bcae2cc
|
| SHA256 |
09eb21431f1074cf5ceff8fc54ba036ac99ede37953daf3f7df3ff0eb4e06676
|
| SHA3 |
fc6613785612a8f985e3fedc00acb3c4df4738f6606d77fad17cfeb4525b853c
|
| SSDeep |
98304:2wKaO/uo1kkmOjs8alLyuo3KJojZk+I12eyHSCjfr4GD4IWLFA524FfyLA:LXO/3/KlGuo3KJodQ1eT8LW2ZL
|
| Imports Hash |
3efcf8ad2411f257137acc3b5c9adbba
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
6
|
| TimeDateStamp |
2019-Mar-26 02:56:17
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
10.0
|
| SizeOfCode |
0x122800
|
| SizeOfInitializedData |
0x7b600
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x005DC81C (Section: .vmp1)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x124000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.1
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.1
|
| Win32VersionValue |
0
|
| SizeOfImage |
0xa04000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x5980a7
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0xf4240
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x12273b
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x42f8b
|
| VirtualAddress |
0x124000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xfad8
|
| VirtualAddress |
0x167000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x2fbb23
|
| VirtualAddress |
0x177000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
7283b5ca5d6bc5462a83b679d4a077ed
|
| SHA1 |
95a2146fd16c7dc0bc780ddbe7ced178661f2601
|
| SHA256 |
b75fb95ea8e4cf9557f848b1282c74e8d1cee59be2c46e19cec8771df33d8d5e
|
| SHA3 |
6f754ed5eb104648c989a395ab865ed994b4fdbfc4f812f9d5a6c3351683ac85
|
| VirtualSize |
0x55e330
|
| VirtualAddress |
0x473000
|
| SizeOfRawData |
0x55e400
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.95838
|
| MD5 |
0507b001c60761c7d2daf311902bf6a5
|
| SHA1 |
a1b148237dc234c2d40241f15e2c0ca3467c81c5
|
| SHA256 |
539f1e454cd643f88a9d3745084587b05093bcafedcce59891dcc374a59b8d22
|
| SHA3 |
09797497e6027c41c0503d7320ba8a1f3a61226e16d2be034184466e7006ace7
|
| VirtualSize |
0x31ae2
|
| VirtualAddress |
0x9d2000
|
| SizeOfRawData |
0x31c00
|
| PointerToRawData |
0x55e800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.71677
|
| KERNEL32.dll |
GetVersionExA
|
| ole32.dll |
IIDFromString
|
| OLEAUT32.dll |
VariantClear
|
| ADVAPI32.dll |
DuplicateTokenEx
|
| MSVCP100.dll |
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
|
| MSVCR100.dll |
strncpy
|
| PSAPI.DLL |
GetProcessImageFileNameA
|
| IPHLPAPI.DLL |
GetExtendedTcpTable
|
| SETUPAPI.dll |
SetupDiEnumDeviceInfo
|
| WS2_32.dll |
ntohs
|
| SHLWAPI.dll |
PathFileExistsA
|
| WININET.dll |
InternetCrackUrlA
|
| WLDAP32.dll |
#41
|
| USERENV.dll |
CreateEnvironmentBlock
|
| WTSAPI32.dll |
WTSEnumerateSessionsA
|
| VERSION.dll |
GetFileVersionInfoSizeA
|
| USER32.dll |
MsgWaitForMultipleObjects
|
| GDI32.dll |
GetDeviceCaps
|
| SHELL32.dll |
ShellExecuteW
|
| COMDLG32.dll |
GetOpenFileNameW
|
| WTSAPI32.dll (#2) |
WTSEnumerateSessionsA
|
| KERNEL32.dll (#2) |
GetVersionExA
|
| USER32.dll (#2) |
MsgWaitForMultipleObjects
|
| KERNEL32.dll (#3) |
GetVersionExA
|
| USER32.dll (#3) |
MsgWaitForMultipleObjects
|
| Ordinal |
1
|
| Address |
0xc5bcf
|
| Ordinal |
2
|
| Address |
0xc5bcf
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x351a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.95174
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
f0e2146ca49204276290b205f7f6ef03
|
| SHA1 |
48277ec8610edce40edb4fd918f2cb46f0ecde44
|
| SHA256 |
4cba0e3bbbdcb5b5753b1a86c358219f8ad0687a94ad91d720752f10f057e1f4
|
| SHA3 |
3b6fe2488af1d07e9e370b09c90acad7bbb3ad5cd3ee9cc284cff08ef4766974
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.89612
|
| MD5 |
3b820541f7e7b5f822fb69651bc09a87
|
| SHA1 |
dfb2a062bfc862c6fad9b4381c4650f7f8b831c5
|
| SHA256 |
6df551bba2cebbe5108931e4a06c8a292dce6c52338e14192603c3872e6571ae
|
| SHA3 |
527f571c5297d3504819a667c51ffa594e4f56110fd12dc5db4f52f80c7b2e50
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x94a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.0254
|
| MD5 |
9c0e19aafa49b833c8a9322f04201456
|
| SHA1 |
800c7988169d178f12a81acb5cfd43b175fbf13c
|
| SHA256 |
2ffd7515a3afa1c7b77deb9964a42140df5245ae5f725459227e6f89e79a41e0
|
| SHA3 |
c087ea4bde51dd9bf396402911daa218bf4ec8684d188040a7b573d519a9f3b6
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x67e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.79887
|
| MD5 |
42528f3bd3532e88799767e9ec6b08ad
|
| SHA1 |
171c19929b028613f392c775b6695434e861f056
|
| SHA256 |
a8a17c5036b6f9767c9bf008c4c393600c5e066d2a567bd8b14af73ec919104b
|
| SHA3 |
9de614e1de81c34a369ce80cf84b3fc238a9e3c946f07106fbeef09cad3410f5
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x5488
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.09144
|
| MD5 |
ea66e119fd95c60d36d4150d795561c6
|
| SHA1 |
2663cadbe4727966e68a04adbc9c82a5c8fef9ec
|
| SHA256 |
d93ed8be378e1b60c5d1577b45d21916392b529a9904939ac9e6e392a0f73dd2
|
| SHA3 |
76d4d2521c585921274c5fdc0e770123de98e924aeca0052d328a27d8f5bb9e2
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.93929
|
| MD5 |
a90c5c3257fb963d0eee4b14994481c4
|
| SHA1 |
f2994ba708a7b586d6576a0742f7b56215242c18
|
| SHA256 |
a815919ca247a420e8c0efdea27e6ed669732789d0d59d42d72e13341ae7dd1d
|
| SHA3 |
19214ca90c956e262baf8e31d818c869108c62680d81370130170eb657d65489
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.28722
|
| MD5 |
93e49b93e77757deb5a3d7f1d0a0b42c
|
| SHA1 |
3457eedf3128de803858e26634e45d40861b036e
|
| SHA256 |
8a01bae879acdd9ec5f22e5f554585af2a27d2e16b710d8ffcc00dc5a335c98b
|
| SHA3 |
884df7fa3c6a918bced808a4d0c32b590bb5654d047caad9570538a6f4b7b850
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.37411
|
| MD5 |
694d2418bd0c5a5df1ad3549a5799476
|
| SHA1 |
73fb3aba5bde637cae4f14546340689363362dd3
|
| SHA256 |
1e85372ff51ccce1cb2930566772ed433b7ad5a080d8526dee24fb6f473efc9e
|
| SHA3 |
8cf664202d9484a787c7feae36e3c3240caa16ac0eabeaaf754bb65f7ab2f884
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x988
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.682
|
| MD5 |
04c365427eaa4cec1a688c603363594e
|
| SHA1 |
e7acb4502f1ac6c92e080851070b41159b632cda
|
| SHA256 |
0d1ffad732a85f6623431883dea739ae5c6dff800093e357b074ecf6bf4cbdf1
|
| SHA3 |
f0a9132139b49ebf3f734ae6a9ab3102decc8ee450a096722ecafa41aa5d013c
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.10302
|
| MD5 |
30db60d24cc4f0c82898955b85e784e6
|
| SHA1 |
d81a0c4e7a0ed98e61f8ee2bd1d2b79c0f6235ba
|
| SHA256 |
e32fea6592b495ff581743dd9e5790df74068770b947f9bf4d1571c109322bd0
|
| SHA3 |
8fa3827bde8bec08658f65464f2b7d81d43bb6225a89060658968f68ed86175f
|
| Type |
RT_GROUP_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x92
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.12273
|
| Detected Filetype |
Icon file
|
| MD5 |
eadc2fec49a4cdcd85ced48b55e83298
|
| SHA1 |
0aace7f6fd584d0da7af6abe297284332889da56
|
| SHA256 |
d25ba5f3a00433f199b3e6ed52a1d0406f8396de1227529fe489b12ecaa77023
|
| SHA3 |
14eda2319dcd18475c9f01ffcbd5d9d1febf5b8ec18da7aea36a35ad3720d8be
|
| Type |
RT_VERSION
|
| Language |
Chinese - PRC
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x150
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.18454
|
| MD5 |
78a0d2bb3efa01441f81b5afc9c52225
|
| SHA1 |
ace4c82dc81bace5e5158ff303159def222829f9
|
| SHA256 |
93e67ab97c4ceb75873dde61bb3ebdf848d22e24e9cb861945f070a02a1f31a2
|
| SHA3 |
e226c589b0b78663755b9815946240e4cac2d66795e4305832bdea0c44e26315
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x15a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.79597
|
| MD5 |
24d3b502e1846356b0263f945ddd5529
|
| SHA1 |
bac45b86a9c48fc3756a46809c101570d349737d
|
| SHA256 |
49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
|
| SHA3 |
1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.4.1009.0
|
| ProductVersion |
1.4.1009.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language |
Chinese - PRC
|
| FileVersion (#2) |
1.4.1009.0
|
| ProductVersion (#2) |
1.4.1009.0
|
| Resource LangID |
Chinese - PRC
|
| Size |
0x48
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x56a550
|
| SEHandlerTable |
0xdd0180
|
| SEHandlerCount |
1129
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!
546e1311d591db07aa34b454f023aeba