5c6749c56f5850c80ef3b8262a7fd2e6
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2017-Apr-03 08:05:15 |
| Detected languages |
English - United States
Turkish - Turkey |
| Debug artifacts |
C:\Users\YooouHomie\Desktop\AlisInjector\Release\AlisInjector.pdb
|
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
| Malicious | VirusTotal score: 13/72 (Scanned on 2025-03-23 12:13:14) |
APEX:
Malicious
Bkav: W32.AIDetectMalware CrowdStrike: win/grayware_confidence_90% (W) FireEye: Generic.mg.5c6749c56f5850c8 Google: Detected Gridinsoft: Trojan.Win32.Agent.cl Ikarus: Trojan.Graftor Kingsoft: malware.kb.a.800 McAfee: Artemis!5C6749C56F58 McAfeeD: ti!084DDDEBD93F Paloalto: generic.ml Skyhigh: BehavesLike.Win32.Injector.fh Trapmine: malicious.high.ml.score |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 7 |
| TimeDateStamp | 2017-Apr-03 08:05:15 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x24a00 |
| SizeOfInitializedData | 0x34800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0002457A (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x26000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x5f000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.tls
.gfids
.rsrc
.reloc
Imports
| KERNEL32.dll |
Process32First
VirtualFree VirtualAlloc GetModuleHandleA OpenProcess CreateToolhelp32Snapshot CreateFileA Process32Next CloseHandle CreateThread GetProcAddress GetFileSize WriteProcessMemory WaitForSingleObject VirtualAllocEx CreateRemoteThread VirtualFreeEx ReadFile LeaveCriticalSection DeleteCriticalSection SetEvent ResetEvent WaitForSingleObjectEx CreateEventW GetModuleHandleW UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead QueryPerformanceCounter GlobalAlloc ExitProcess QueryPerformanceFrequency GlobalUnlock GlobalLock EnterCriticalSection |
|---|---|
| USER32.dll |
DefWindowProcA
CreateWindowExA GetWindowLongA EmptyClipboard CloseClipboard SetWindowLongA ShowWindow LoadCursorA SetLayeredWindowAttributes DispatchMessageA OpenClipboard GetCursorPos GetClientRect SetCursor SetWindowPos GetKeyState MessageBoxA SetForegroundWindow UpdateWindow RegisterClassExA PostQuitMessage UnregisterClassA GetClipboardData PeekMessageA LoadIconA TranslateMessage SetClipboardData |
| GDI32.dll |
CreateSolidBrush
|
| COMDLG32.dll |
GetOpenFileNameA
|
| IMM32.dll |
ImmSetCompositionWindow
ImmGetContext |
| d3d9.dll |
Direct3DCreate9
|
| MSVCP140.dll |
_Thrd_sleep
?_Xlength_error@std@@YAXPBD@Z ?_Xout_of_range@std@@YAXPBD@Z ?_Xbad_alloc@std@@YAXXZ _Xtime_get_ticks |
| imagehlp.dll |
ImageNtHeader
|
| VCRUNTIME140.dll |
__vcrt_InitializeCriticalSectionEx
memcpy __CxxFrameHandler3 memmove __std_exception_destroy __std_exception_copy _except_handler4_common memset __std_terminate strstr _CxxThrowException memchr strchr |
| api-ms-win-crt-stdio-l1-1-0.dll |
ftell
__acrt_iob_func __p__commode _set_fmode fflush fclose fseek __stdio_common_vsscanf fread __stdio_common_vsprintf _wfopen __stdio_common_vfprintf |
| api-ms-win-crt-string-l1-1-0.dll |
strncpy
strcpy_s isprint |
| api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
| api-ms-win-crt-heap-l1-1-0.dll |
free
_callnewh malloc _set_new_mode |
| api-ms-win-crt-runtime-l1-1-0.dll |
_set_app_type
_get_narrow_winmain_command_line _initterm _initterm_e _exit _invalid_parameter_noinfo_noreturn _c_exit _register_thread_local_exe_atexit_callback _seh_filter_exe _cexit exit _controlfp_s terminate _configure_narrow_argv _crt_atexit _register_onexit_function _initialize_onexit_table _initialize_narrow_environment |
| api-ms-win-crt-math-l1-1-0.dll |
_except1
_libm_sse2_sin_precise _libm_sse2_sqrt_precise ceil floor _libm_sse2_cos_precise _CIfmod __setusermatherr |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Delayed Imports
1
2
3
4
5
101
1 (#2)
Version Info
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2017-Apr-03 08:05:15 |
| Version | 0.0 |
| SizeofData | 90 |
| AddressOfRawData | 0x2aac4 |
| PointerToRawData | 0x298c4 |
| Referenced File | C:\Users\YooouHomie\Desktop\AlisInjector\Release\AlisInjector.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2017-Apr-03 08:05:15 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x2ab20 |
| PointerToRawData | 0x29920 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2017-Apr-03 08:05:15 |
| Version | 0.0 |
| SizeofData | 860 |
| AddressOfRawData | 0x2ab34 |
| PointerToRawData | 0x29934 |
IMAGE_DEBUG_TYPE_ILTCG
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2017-Apr-03 08:05:15 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
TLS Callbacks
| StartAddressOfRawData | 0x44f000 |
|---|---|
| EndAddressOfRawData | 0x44f008 |
| AddressOfIndex | 0x44a738 |
| AddressOfCallbacks | 0x4262a4 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0x5c |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x42d00c |
| SEHandlerTable | 0x42aa70 |
| SEHandlerCount | 21 |
RICH Header
| XOR Key | 0x8bd0d397 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 16 |
| Imports (VS2015 UPD3 build 24123) | 4 |
| Imports (VS2012 build 50727 / VS2005 build 50727) | 2 |
| ASM objects (VS2015 UPD3 build 24123) | 8 |
| C++ objects (VS2015 UPD3 build 24123) | 28 |
| C objects (VS2015 UPD3 build 24123) | 13 |
| Imports (23917) | 13 |
| Total imports | 149 |
| C++ objects (LTCG) (VS2015 UPD3.1 build 24215) | 8 |
| Resource objects (VS2015 UPD3 build 24210) | 1 |
| 151 | 1 |
| Linker (VS2015 UPD3.1 build 24215) | 1 |