Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jul-09 14:23:33 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
12227433 bytes of data starting at offset 0x42a00.
The overlay data has an entropy of 7.99833 and is possibly compressed or encrypted. Overlay data amounts for 97.8169% of the executable. |
Malicious | VirusTotal score: 46/73 (Scanned on 2020-01-02 00:50:01) |
MicroWorld-eScan:
Trojan.GenericKD.32833226
FireEye: Trojan.GenericKD.32833226 CAT-QuickHeal: Trojanransom.Gen McAfee: Artemis!59FE74C68BBC Cylance: Unsafe Sangfor: Malware K7AntiVirus: Riskware ( 0040eff71 ) Alibaba: Ransom:Win32/Generic.950198ba K7GW: Riskware ( 0040eff71 ) Arcabit: Trojan.Generic.D1F4FECA Invincea: heuristic Symantec: Ransom.Wannacry APEX: Malicious Avast: Win32:Malware-gen Kaspersky: Trojan-Ransom.Win32.Gen.ueu BitDefender: Trojan.GenericKD.32833226 NANO-Antivirus: Trojan.Win32.Encoder.gmkabu Ad-Aware: Trojan.GenericKD.32833226 Emsisoft: Trojan.GenericKD.32833226 (B) F-Secure: Trojan.TR/Ransom.Gen DrWeb: Trojan.Encoder.30403 TrendMicro: Ransom_Gen.R032C0WLN19 McAfee-GW-Edition: BehavesLike.Win32.Generic.wc Fortinet: W32/Gen.UEU!tr Sophos: Mal/Generic-S Cyren: W32/Trojan.MZSK-2343 Avira: TR/Ransom.Gen MAX: malware (ai score=100) Microsoft: Ransom:Win32/Genasom AegisLab: Trojan.Win32.Blocker.tq1S ZoneAlarm: Trojan-Ransom.Win32.Gen.ueu AhnLab-V3: Malware/Win32.RL_Generic.R304981 VBA32: TrojanRansom.Gen ALYac: Trojan.Ransom.FileCryptor Malwarebytes: Ransom.ChernoLocker ESET-NOD32: a variant of Generik.FANDZXC TrendMicro-HouseCall: Ransom_Gen.R032C0WLN19 Rising: Trojan.Generic@ML.95 (RDMK:hHLhK02MfBJhiqphYC2u/w) Ikarus: Trojan-Ransom eGambit: Trojan.Generic GData: Trojan.GenericKD.32833226 MaxSecure: Trojan.Malware.74741109.susgen AVG: Win32:Malware-gen Panda: Trj/CI.A CrowdStrike: win/malicious_confidence_60% (W) Qihoo-360: Win32/Trojan.Ransom.d13 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2019-Jul-09 14:23:33 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1ee00 |
SizeOfInitializedData | 0x23800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00007B43 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x20000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x55000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
MessageBoxW
MessageBoxA |
---|---|
KERNEL32.dll |
SystemTimeToTzSpecificLocalTime
DecodePointer GetLastError SetDllDirectoryW GetModuleFileNameW GetProcAddress GetCommandLineW GetEnvironmentVariableW SetEnvironmentVariableW ExpandEnvironmentStringsW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW LoadLibraryExW GetShortPathNameW FormatMessageW LoadLibraryA MultiByteToWideChar WideCharToMultiByte SetEndOfFile HeapReAlloc UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetModuleHandleW RtlUnwind SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetCommandLineA ReadFile CreateFileW GetDriveTypeW GetFileType CloseHandle PeekNamedPipe RaiseException FileTimeToSystemTime GetFullPathNameW GetFullPathNameA CreateDirectoryW RemoveDirectoryW FindClose FindFirstFileExW FindNextFileW SetStdHandle SetConsoleCtrlHandler DeleteFileW GetStdHandle WriteFile ExitProcess GetModuleHandleExW GetACP HeapFree HeapAlloc GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleCP CompareStringW LCMapStringW GetCurrentDirectoryW FlushFileBuffers SetEnvironmentVariableA GetFileAttributesExW IsValidCodePage GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW GetStringTypeW GetProcessHeap WriteConsoleW GetTimeZoneInformation HeapSize |
WS2_32.dll |
#14
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-09 14:23:33 |
Version | 0.0 |
SizeofData | 696 |
AddressOfRawData | 0x29f3c |
PointerToRawData | 0x2913c |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x42c008 |
SEHandlerTable | 0x429f30 |
SEHandlerCount | 3 |
XOR Key | 0x906c598 |
---|---|
Unmarked objects | 0 |
241 (40116) | 12 |
243 (40116) | 172 |
242 (40116) | 24 |
ASM objects (VS2015 UPD3 build 24123) | 18 |
C++ objects (VS2015 UPD3 build 24123) | 29 |
C objects (VS2015 UPD3 build 24123) | 18 |
Imports (65501) | 7 |
Total imports | 115 |
C objects (VS2015 UPD3 build 24210) | 17 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3 build 24210) | 1 |