5fc43867a9f300ac1a436816a01cac96

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Oct-05 18:43:37
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Can take screenshots:
  • BitBlt
  • GetDC
Info The PE's resources present abnormal characteristics. Resource 750 is possibly compressed or encrypted.
Resource MAINDLG is possibly compressed or encrypted.
Malicious VirusTotal score: 26/67 (Scanned on 2022-05-13 13:39:19) Cylance: Unsafe
Sangfor: Hacktool.Win32.Keygen.mt
CrowdStrike: win/grayware_confidence_70% (W)
BitDefenderTheta: Gen:NN.ZexaE.34666.jmGfaevvP0hi
Symantec: ML.Attribute.HighConfidence
Elastic: malicious (moderate confidence)
ESET-NOD32: a variant of Win32/Keygen.AAZ.gen potentially unsafe
Sophos: Keygen (PUA)
Zillya: Trojan.Kryptik.Win32.807491
McAfee-GW-Edition: GenericRXEN-HO!29E2185D8C97
SentinelOne: Static AI - Suspicious PE
Ikarus: PUA.HackTool
GData: Win32.Application.Agent.E0N3DW
Webroot: W32.Hack.Tool
Gridinsoft: Malware.Win32.GenericMC.cc
Microsoft: HackTool:Win32/Keygen
Cynet: Malicious (score: 100)
McAfee: GenericRXAA-AA!5FC43867A9F3
VBA32: BScope.Trojan.Winlock
APEX: Malicious
Rising: Malware.Undefined!8.C (CLOUD)
Yandex: Trojan.GenAsa!2LBECfYzQQE
MAX: malware (ai score=99)
MaxSecure: Trojan.Malware.300983.susgen
Fortinet: Riskware/KeyGen
Panda: Trj/GdSda.A

Hashes

MD5 5fc43867a9f300ac1a436816a01cac96
SHA1 a8f62e97349d312c2d035d06414791649b9e7e58
SHA256 cb8c79a789c44223f13c5934e2f71a9111b9941e7fd8376339557703ffdf5254
SHA3 a3eed2724be5c38ce4f01c137428ef9e246b4c2563e4bfb3076b95e33ce663ca
SSDeep 3072:2geEAdjQTf0Rdef2wZ3LphrztBSCbnWWNaFaVGXXrDDU/4outg:j4nGfvDfPj9NSXXXrDDg4oSg
Imports Hash e10a928c4c8b9dda283a0166027c6f21

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2014-Oct-05 18:43:37
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x22000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0x3d000
AddressOfEntryPoint 0x0005F230 (Section: UPX1)
BaseOfCode 0x3e000
BaseOfData 0x60000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x62000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x3d000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 756125e796355ea34b832c92c1fd425d
SHA1 025e064f3c9587d4de7eae81801447247434c856
SHA256 fc1cf211d58d08e2d3fc5d446a76b1d91b815c9264f9dd8d39e2a0f775c437a2
SHA3 93979256fcfc75ad1e09c6246f4ef7f735a39504dde4f5f23f93e10c75de4d9c
VirtualSize 0x22000
VirtualAddress 0x3e000
SizeOfRawData 0x22000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99275

.rsrc

MD5 294df97cb2ccb6a43ca7264846cb7fba
SHA1 8f62c8c2650f967290c43ad2de58f87b304f9b17
SHA256 47e8524fe74065d2feb100c0d3e0754fa30a37441edb1a653d42258fff833f18
SHA3 fd62a81c8188812b1db7d44ebb7d3c4006138f5f53d40980615b725422ca3b5b
VirtualSize 0x2000
VirtualAddress 0x60000
SizeOfRawData 0x2000
PointerToRawData 0x22400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.87822

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll ReportEventA
GDI32.dll BitBlt
ole32.dll CoTaskMemFree
OLEAUT32.dll OleLoadPicture
USER32.dll GetDC

Delayed Imports

750

Type IMAGE
Language English - United States
Codepage UNKNOWN
Size 0x109d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95804
MD5 aa23d958c3deb5bc4355aa6b0f6c1580
SHA1 e5fe926c159ac1a2608848da3ee092f38a3358c1
SHA256 5092c7aa89ea7e06ce8608589f0ff64703399ee863c69504d19686c518acb9c9
SHA3 78a2e8b9fae3421d11aa32bad2b0a8628e0fe8841ad8353b1f05b289adf893ca

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.14425
MD5 0cec1be58919861cb37ce8471eb65909
SHA1 643fe2aa0484e5e57ab749980b74ec65ae3461d2
SHA256 464e857af0406299c113e23f3499bc065bbc27fa3f57a14422d4a684474577d5
SHA3 846a85ba83d6c34c1b5453754f8abe9332192741369b8d1554c2bbb4f96ec80e

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6428
MD5 559a8b91a741a7622fb4c5485675d287
SHA1 59ef90c0a99cb5fd6a9b289b2fb21d74ea261c1d
SHA256 75215666d7c2788bf8344ffa1842aa67a07fc32f0242dcf66c5c293a007a82dc
SHA3 77291beb9902d42fc50e80c90e7b86515f5562618cfef7daa6256cf542175ccb

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.17568
MD5 2565407888d4e00b14bc360b50f973de
SHA1 ed07d93d481eec5af54838d290261b8ed3e35c02
SHA256 7cc3a303cd7be4a663f08f4ce60094442a6139ed1a8490a9076aabbaa18ac4a0
SHA3 452f3b625d78bbef6385c4d21cf473cdc09221d0a766f3ad9b4e9452a14295dd

MAINDLG

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x190
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.50787
MD5 07dd8cfac3a724ceccd0bc1282a058b5
SHA1 07efba2168b1142ef1475acd0cf0a0c321c76408
SHA256 d175c75078c9cb4b0c4454dc0e064264b6a26ffa3a28abf1c08909a47bf71303
SHA3 782e0a0abebd1a3b2bc2fce369ba62a41624f0a379f8548a796582a03b97b795

500

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.43287
Detected Filetype Icon file
MD5 c518e7bc4eaadeb459f51342b9ebdb91
SHA1 39fcbb8e7dee1c068a9a3ef28db1032df965d63a
SHA256 7fdcda3e0150308f232e88b5ed5229f2aaefbb040915ac9e22ff1f24efe5d422
SHA3 9662c85d0f579b3eb11a39d36e321a76888185378028bcc3c1532ba7a28af908

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xef34ba81
Unmarked objects 0
C++ objects (VS2008 SP1 build 30729) 40
ASM objects (VS2008 SP1 build 30729) 25
C objects (VS2008 SP1 build 30729) 141
Imports (VS2012 build 50727 / VS2005 build 50727) 13
Total imports 129
18 (8444) 3
Unmarked objects (#2) 12
ASM objects (VS2008 build 21022) 3
C objects (VS2008 build 21022) 156
138 (VS2008 SP1 build 30729) 1
Linker (VS2008 build 21022) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

[*] Warning: Section UPX0 has a size of 0!