5d0904228cc50d50cb6739a8e9e20e5a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2052-Aug-06 16:20:07
Comments
CompanyName
FileDescription Unicorn net
FileVersion 1.0.0.0
InternalName Unicorn net.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename Unicorn net.exe
ProductName Unicorn net
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Malicious VirusTotal score: 52/70 (Scanned on 2020-10-17 07:02:29) Elastic: malicious (high confidence)
MicroWorld-eScan: Gen:Variant.Ursu.907440
CAT-QuickHeal: Trojan.Generic
McAfee: GenericRXLB-AB!5D0904228CC5
Sangfor: Malware
K7AntiVirus: Trojan ( 005589eb1 )
Alibaba: Trojan:MSIL/Kryptik.2021e5ba
K7GW: Trojan ( 005589eb1 )
CrowdStrike: win/malicious_confidence_90% (W)
Invincea: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of MSIL/Kryptik.SYY
APEX: Malicious
Avast: Win32:TrojanX-gen [Trj]
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Gen:Variant.Ursu.907440
NANO-Antivirus: Trojan.Win32.Kryptik.hvzcqt
Paloalto: generic.ml
Tencent: Win32.Trojan.Generic.Svrl
Ad-Aware: Gen:Variant.Ursu.907440
Sophos: Mal/Generic-S
F-Secure: Heuristic.HEUR/AGEN.1136112
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R01FC0PI720
McAfee-GW-Edition: BehavesLike.Win32.Generic.jc
FireEye: Generic.mg.5d0904228cc50d50
Emsisoft: Gen:Variant.Ursu.907440 (B)
SentinelOne: DFI - Malicious PE
Jiangmin: Trojan.Generic.elofl
eGambit: Unsafe.AI_Score_99%
Avira: HEUR/AGEN.1136112
Antiy-AVL: Trojan/MSIL.Kryptik
Microsoft: Trojan:Win32/Ymacco.AA9A
Arcabit: Trojan.Ursu.DDD8B0
AegisLab: Trojan.Win32.Generic.4!c
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: Gen:Variant.Ursu.907440
Cynet: Malicious (score: 100)
AhnLab-V3: Trojan/Win32.RL_Agent.C3506513
Acronis: suspicious
BitDefenderTheta: Gen:NN.ZemsilF.34570.Nm0@amJikzo
ALYac: Gen:Variant.Ursu.907440
MAX: malware (ai score=80)
Cylance: Unsafe
TrendMicro-HouseCall: TROJ_GEN.R01FC0PI720
Ikarus: Trojan.MSIL.Crypt
MaxSecure: Trojan.Malware.300983.susgen
Fortinet: MSIL/Kryptik.SYY!tr
AVG: Win32:TrojanX-gen [Trj]
Cybereason: malicious.45d925
Panda: Trj/GdSda.A
Qihoo-360: Generic/Trojan.24c

Hashes

MD5 5d0904228cc50d50cb6739a8e9e20e5a
SHA1 06c92d745d925c647c8b44f3cbfcca04d2440fac
SHA256 9a05ecccd0e6dec127f7f11dcfa7ceb669021a849b3d0142f6d267c5f449044a
SHA3 ba2eceb960a108a093b4a3a3288ab5e676156606a53db78dc96d43c539e6ead1
SSDeep 12288:Tk8i40EN+K7uGphycrbX3kdnoaosGOvA6ZZpiKOOhM8hOEabT2tkX495:SEwyhUGj3koaoslvX7f5t4nkko95
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2052-Aug-06 16:20:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x9b000
SizeOfInitializedData 0x1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0009CE0E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x9e000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xa2000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9c67809869524f63190ef45c2851fbb4
SHA1 16245c68e12063e1d2097c97bf22e49c3192c0a3
SHA256 5b691b3e4d9b1cad8bfddffb770d8f4d7f771bf10e79c22b6d312472a69fbbee
SHA3 f04deb85bf18a39f495665a67cadacfa852a66c972fdf5d7e021bcfa3a021d97
VirtualSize 0x9ae14
VirtualAddress 0x2000
SizeOfRawData 0x9b000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99512

.rsrc

MD5 f643fd88b29143cc750d17f5a95204c8
SHA1 5784e9c95f076735580ae0c0d77aad5e245cf75e
SHA256 ae78a669d654d8eac58b402e747783e9223e1bf59d6bfcc090b9eb42e9d22a9d
SHA3 98217c111fc73d19fb2bd7f925dd4ccf0f92e09e4deb4ae794417046244a5c91
VirtualSize 0x1168
VirtualAddress 0x9e000
SizeOfRawData 0x1200
PointerToRawData 0x9b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.02202

.reloc

MD5 13488aebf506e4a3e66c655eb7ec2966
SHA1 929e94c872ff43c8dc733b0dc4ae532ec6db25da
SHA256 e7e53b845f9a54f043efcc5adea20a11b47de289d22e455cacce5a2666a41292
SHA3 43b47e4228aad195a5f6a345cee37b261296eff112e65fd9eba308ce075232ce
VirtualSize 0xc
VirtualAddress 0xa0000
SizeOfRawData 0x200
PointerToRawData 0x9c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x32c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25713
MD5 a05951e7944d896b543e7a6337007e73
SHA1 99dd9599100746e55add2b25dbf2b5ad15e82126
SHA256 31b6b25e9067e15a1d8fcf00b273d668cded2dc988cce2b216b9fc5492dd3945
SHA3 0d88fde9761d48a5a115373c805a5ef1acccc73f403575d97d7348578d586d06

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xd99
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05727
MD5 3741928fb21115b43bf9238e2672a2dc
SHA1 16e390952c8d2870f6396b6528833e10b9c534c3
SHA256 e70ae3a69c0af278546f748f5e4732806867a02d17d846d09c1975d5adc99a0a
SHA3 2f0e8cf0706cfab56f454794b9e7992195d3171858a86225c75a75ffdb148580

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription Unicorn net
FileVersion (#2) 1.0.0.0
InternalName Unicorn net.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename Unicorn net.exe
ProductName Unicorn net
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors