5d11a622c8fdaed34590d9e27882a977

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Jul-09 14:54:27

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • mshta.exe
May have dropper capabilities:
  • CurrentVersion\Run
Miscellaneous malware strings:
  • cmd.exe
  • virus
Contains domain names:
  • http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
  • https://bigblog.at
  • https://tox.chat
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 5d11a622c8fdaed34590d9e27882a977
SHA1 c0131a5e2a6e6dedee89cf007a416ac68ef2c02f
SHA256 28db593cfb95a857795053e6bb1e4ed12bf3eb321ab5c4bb522e9443bccd6c68
SHA3 412e65d55763c17053d2247e69ed0fdfc27e25ec13421f52f7b2f579273c62c5
SSDeep 24576:DxAf2NuubB6RWspgjuwu7pl4Ha+UmxJH+Q1F:dAfSrWW4g+7Ht+UmxJey
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2021-Jul-09 14:54:27
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xc9000
SizeOfInitializedData 0x16e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000A7DA0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xca000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0xe1000
SizeOfHeaders 0x400
Checksum 0xe3961
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8e1a301fc1c12724bb7b06a226f6ee0b
SHA1 dce343c097de5e270dd057f5aeb57dc3a42008c6
SHA256 e677fbd5e31c032e4c15d8e59f8f2c466e77cf3026e2b2fd135cf6b43d772d00
SHA3 7bd1f3e35dcd6c92600e5f6bfe3218e45ce950d1d15c7d0b678c4b3c5b71f41a
VirtualSize 0xc8ff3
VirtualAddress 0x1000
SizeOfRawData 0xc9000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59832

.data

MD5 5044d00dd7502c6e8622268916374f1c
SHA1 cca68bfa01338e30d0f81be0a65caa367ea225d3
SHA256 616596be75d0df2745760374bf4b9b8205b9e9f0f77f0012a240f5a489aa08d3
SHA3 23923d063a18a49f950a9fcd6da58c1e1b2ae55ed5638ea29bfddc0d5473af65
VirtualSize 0x16d14
VirtualAddress 0xca000
SizeOfRawData 0xe600
PointerToRawData 0xc9400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.77627

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x2e1093b0
Unmarked objects 0
Imports (26126) 3
Total imports 7
Imports (VS2003 (.NET) build 4035) 2
Unmarked objects (#2) 8
265 (27043) 59
ASM objects (27043) 7
Linker (27043) 1

Errors

<-- -->