| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2020-Jan-27 20:40:50
|
| Detected languages |
English - United States
|
| CompanyName |
|
| FileVersion |
|
| FileDescription |
Paranoid Fish is paranoid
|
| InternalName |
|
| LegalCopyright |
|
| LegalTrademarks |
|
| OriginalFilename |
|
| ProductName |
Paranoid Fish
|
| ProductVersion |
|
| Info |
Matching compiler(s): |
Microsoft Visual C++ 8.0
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
Tries to detect virtualized environments:
- HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
- HARDWARE\Description\System
Looks for VMWare presence:
- VMWARE
- VMWare
- VMware
- hgfs.sys
- mhgfs.sys
- vmmouse
Looks for VirtualBox presence:
- VBoxTray
- VBoxTrayToolWnd
- VBoxTrayToolWndClass
- VEN_80EE
- \\.\pipe\VBoxMiniRdDN
- \\.\pipe\VBoxTrayIPC
- vboxservice
- vboxtray
Looks for Qemu presence:
Accesses the WMI:
Miscellaneous malware strings:
|
| Suspicious |
The PE is packed with UPX |
Unusual section name found: UPF0
Unusual section name found: UPX1
The PE only has 0 import(s).
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
58e8d48d2a28c666ba2a4a794106195b
|
| SHA1 |
969a8a177fe4aefda8ff06add28c631e4330f3b1
|
| SHA256 |
90b9cba6b0e6701d8108d69161365ebf7bea3092490e567f015b7814ee9f4beb
|
| SHA3 |
9ba154e15967c68f6d9dfe8cf1d712231caf7f83262f8c08c3298ddabe9a7291
|
| SSDeep |
768:T0E5hKIoU9IutbT7bMjBcf6Ysssssssssssssssssssssssss4NA0cq4kgEJJiM:LIkIuSfEGkpJEi
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2020-Jan-27 20:40:50
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x4000
|
| SizeOfInitializedData |
0xa000
|
| SizeOfUninitializedData |
0x16000
|
| AddressOfEntryPoint |
0x0001A580 (Section: UPX1)
|
| BaseOfCode |
0x17000
|
| BaseOfData |
0x1b000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x25000
|
| SizeOfHeaders |
0x1000
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d9817215683adc1f94c11e2af48b9649
|
| SHA1 |
fc256767472d5a9e0996b9f9a18a2be5522174a8
|
| SHA256 |
5aaea3de34a879d28445d3e5c28d5e0ae0cdc88e0aa7af6dd654989d233820f9
|
| SHA3 |
daef16bd2c6c2ac7ca5afbfa29eb38f32bfe28b6bfa15e5ffd10501c6b4f5dcb
|
| VirtualSize |
0x16000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x16000
|
| PointerToRawData |
0x1000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.25953
|
| MD5 |
e4c613ada5ea8a90b6af79230dc970aa
|
| SHA1 |
862fa2e07ab5d16115b1d105b49a1bd73bb9fb45
|
| SHA256 |
4d4eabbdb5ea4387506464141e7c316b1a63484373a7a48359879cf9c4824e49
|
| SHA3 |
2580df99d7bf8da9b6d8f2fcea42ec45a295fc26195e016ec33e71333364a1fd
|
| VirtualSize |
0x4000
|
| VirtualAddress |
0x17000
|
| SizeOfRawData |
0x4000
|
| PointerToRawData |
0x17000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
2.26079
|
| MD5 |
396df97a8d559df12ac9d8423a3198df
|
| SHA1 |
fdf659cff8e38607dd5b3385eb8bc3840f26389b
|
| SHA256 |
2238aa202b91efc5c4dd6683872525049b328059656e954d558cd705a9d39593
|
| SHA3 |
5bf734a4764427034ec46a8c334669adce271577b5814f8a2e5e1b4ac20898ee
|
| VirtualSize |
0xa000
|
| VirtualAddress |
0x1b000
|
| SizeOfRawData |
0xa000
|
| PointerToRawData |
0x1b000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.02796
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a6c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.48362
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
46d526fa655330534b5aa427f2e89dca
|
| SHA1 |
17487f934ad39910d52f3340247bd14b378c7e65
|
| SHA256 |
6f1a5473bf101091f8cc2c7cc0b1c79a114868a6625c151863c00afebd6c7a3e
|
| SHA3 |
c50f3433f5be58fa450f2f8faaf287f8b977a106e90f0313b13eb4ce7790d94e
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1e12
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
0
|
| MD5 |
e2ddd784a9ee425e3a760ab4abb915c8
|
| SHA1 |
7a10658b3ac2b70ff92b5806d2d0fcf13474445a
|
| SHA256 |
6c43b4adcf4edb98e0634bfb793e9c2c2645705a56d6d11351b3cc4998b46184
|
| SHA3 |
0a23a28286f61c9785af799b637e97657368f5a569ec5f0eef7016245ab33295
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x79e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.13251
|
| MD5 |
9615ebc90c0e3aff5a2351354006a42b
|
| SHA1 |
f84ffd2313d1c7c8875a5b640cb5c3f89e6d1318
|
| SHA256 |
06a83d3f3359b0dc364abd1f0e64172982a241f0180119d80bb7f530ee123ba5
|
| SHA3 |
d7df4c30a35bfb2ad611b449461057d531285d4124bc31b77f9ac67eafa28db4
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4ac
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.78717
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
6413fac6c5a51dbd6a5f532074fd2389
|
| SHA1 |
adb70b9e80073999494028287b99ee53a8548ac5
|
| SHA256 |
686ea3b73c6520c38a8c399aec063391b5ed15dfc1c95442931a07b492b0a7aa
|
| SHA3 |
0e75ac2bdb864dee729bf99512f5465c534633092b43a37e324e977d54b22ab8
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x354
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.68879
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
ff6846f06399f549e6443052c3db7dcd
|
| SHA1 |
3fd9fe91c888150509eb8155eecc5d583a63beb0
|
| SHA256 |
9596025745330d9d9b63be666ed7ed2db55c71ab6be0da76d6f0bf57249bfbdb
|
| SHA3 |
6a53b15907a5511405d38acc267e1116abac43532d852a03348f8bdd6aa61b21
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1f1
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.41808
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
87c735a12a02cfea200e24fdbb0cc9f9
|
| SHA1 |
adebe77ca865630338bb9919e00b6d61597456a5
|
| SHA256 |
520ca0f0f2bc979bde1cf0944da37aa5ef4fb2cd493a94d98506aa56c1f98553
|
| SHA3 |
7830efdd7bf3b2f6408dae8daf3c932e9e7a18ae980d2245a8cc7c7e7056e360
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.99178
|
| Detected Filetype |
Icon file
|
| MD5 |
60ae129a955f853471899e9f7ac97fbf
|
| SHA1 |
f918b7a57887c4dbc9e1f5a6628c222c4627fec2
|
| SHA256 |
d124b8c6d80c0d4bf86bc6ee14cb849d21efe510534e659239f7e6b8e3bb9f63
|
| SHA3 |
93476e8f2cc02abedcd98ad8eb3f1af18d1236fcdc8d916ac306280e25c7e722
|
| Type |
RT_VERSION
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x288
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.13852
|
| MD5 |
6b306dd7205d605fd85323c77bb8d508
|
| SHA1 |
c15f6b5a93fbcfa0cbbac7f483ca57d649c31e42
|
| SHA256 |
a31244099abcf866e9178d19745c1da61158028570bc84b3ec87dd5a52a84543
|
| SHA3 |
4ba6ecdb95c9a84a1a458b415bb78290131e4e7b3d37ad7ee6a0ec86f7b0f628
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x48f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.43644
|
| MD5 |
f832f7f9c186e38950c430bab8f4908a
|
| SHA1 |
adfada4cd4cdc673d59558d71196308737e0da66
|
| SHA256 |
3749d6ab58a9f0bbbad4417dbe524af5527ab3ef91bc3cdc4634b5dcad30225c
|
| SHA3 |
417ee59ae3d7e5e9d079319177e1a71ff0b35e2a12f86edfa2ebb7899e4fa598
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
0.5.8.1
|
| ProductVersion |
0.5.8.1
|
| FileFlags |
(EMPTY)
|
| FileOs |
(EMPTY)
|
| FileType |
VFT_APP
|
| Language |
English - United States
|
| CompanyName |
|
| FileVersion (#2) |
|
| FileDescription |
Paranoid Fish is paranoid
|
| InternalName |
|
| LegalCopyright |
|
| LegalTrademarks |
|
| OriginalFilename |
|
| ProductName |
Paranoid Fish
|
| ProductVersion (#2) |
|
| Resource LangID |
English - United States
|
[!] Error: Could not reach the TLS callback table.
58e8d48d2a28c666ba2a4a794106195b