55387f33b8f3f1d921336163f0de3f61ba8bf4a45f917dd7b36f14e386e338c6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2000-Aug-31 14:38:41
Detected languages German - Germany

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Info Interesting strings found in the binary: Contains domain names:
  • http://upx.tsx.org
  • upx.tsx.org
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: yoda
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 13/51 (Scanned on 2024-12-15 13:00:02) APEX: Malicious
Antiy-AVL: GrayWare/Win32.Kryptik.pe
Bkav: W32.AIDetectMalware
Cylance: Unsafe
Cynet: Malicious (score: 100)
FireEye: Generic.mg.7a7ed03ac71b6e88
Gridinsoft: Trojan.Heur!.032120A9
Jiangmin: Packed.Multi.fll
Malwarebytes: Malware.AI.2466173565
MaxSecure: Trojan.Malware.300983.susgen
SentinelOne: Static AI - Malicious PE
ViRobot: Trojan.Win32.A.Llac.302637[UPX]
Webroot: W32.Heuristic.Gen

Hashes

MD5 7a7ed03ac71b6e88f5b84d7b6506083f
SHA1 d943dfbead477e197ca1b466c0ef320b7113f07b
SHA256 55387f33b8f3f1d921336163f0de3f61ba8bf4a45f917dd7b36f14e386e338c6
SHA3 a4e461b82dadb292fc1f63e05e07c8b76e8c1d0df70eb83bcb4a46455fe68f5f
SSDeep 192:AgA6FOtFBfNP5NGZOAepgN0tJrPK7Cx/U5LelK3Vh5elDvaLn89c8qs6KiF:AgiFNl5wOAe44jn/UFFteinkc8qs6l
Imports Hash c9fe4607c427c0eeb6be6fe167a77737

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0x4550
e_ss 0
e_sp 0x14c
e_csum 0x4
e_ip 0x6df1
e_cs 0x39ae
e_ovno 0
e_oemid 0x10b
e_oeminfo 0x6
e_lfanew 0xc

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2000-Aug-31 14:38:41
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x6000
AddressOfEntryPoint 0x00009440 (Section: UPX1)
BaseOfCode 0x7000
BaseOfData 0xc
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 5afd69db612ecd2731a7b8e65ea539f3
SHA1 f23a665c984b17d2273dcfc5b82120fd518ac494
SHA256 30116a38c1e9b4d567576bb611f4c807015e38929121bbaf53a2095f352881a5
SHA3 10ee9c0debe014cf10ab7c33a5d29b95998974ac654254970724ced0315ed853
VirtualSize 0x3000
VirtualAddress 0x7000
SizeOfRawData 0x2600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.82419

.rsrc

MD5 7e37dd8f9e02692eed60737ed5bfd806
SHA1 6811bbbe44c00fcd0e9e0155f2b742367863366c
SHA256 2381f0e0721b39f4bb41db197909a941ec557250fd1a6d2c4f321ac61007950d
SHA3 0c4d9a117d0fdb326a9fa3570fbd7110cac1dd1533d7de96c1bb5e1c06eee5fb
VirtualSize 0x1000
VirtualAddress 0xa000
SizeOfRawData 0x450
PointerToRawData 0x2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.79393

yoda

MD5 340d1dd5f92613b143f9bab5ae98eca7
SHA1 52b5a4261f8be38c02e8325046a0d55453db5bb9
SHA256 42e64381d37c4b02e31d911da20041601fb3a32aa04ded968f8da84039df70d2
SHA3 a65bff75c2cd735a7e2dbd1f4338103997d42ba39d3df332ca6a7d4194d1c3d9
VirtualSize 0x1000
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.16672

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
ExitProcess
USER32.dll MessageBoxA

Delayed Imports

1

Type RT_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.17933
MD5 280fc85fbf0a5148f63e0992f0a5205f
SHA1 f92332bf1cfcdb022f42202644cb37f365480fa1
SHA256 bbc194c0a967e8edf6b5ade89b788e8af8c68b9c4965e6bc8f0a55ccc06b3521
SHA3 0ce6f4820482ca07dcce09427a8d127776b090b0f9e76872b56b502f96f79505

101

Type RT_GROUP_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.