Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2015-Sep-17 08:24:25 |
Detected languages |
Dutch - Netherlands
English - United States |
Info | Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft |
Malicious | VirusTotal score: 62/71 (Scanned on 2023-05-24 14:42:24) |
Lionic:
Trojan.Win32.Chimera.j!c
Elastic: malicious (high confidence) MicroWorld-eScan: Gen:Variant.Ransom.Chimera.6 FireEye: Generic.mg.60fabd1a2509b598 CAT-QuickHeal: TrojanRansom.Chimera.A3 ALYac: Trojan.Ransom.Chimera Cylance: unsafe Zillya: Trojan.Selltim.Win32.121 Sangfor: Suspicious.Win32.Save.a CrowdStrike: win/malicious_confidence_100% (W) Alibaba: Ransom:Win32/Chimera.66947bc0 K7GW: Trojan ( 700000121 ) K7AntiVirus: Trojan ( 700000121 ) BitDefenderTheta: Gen:NN.ZemsilF.36196.omW@a4sRpxnO VirIT: Trojan.Win32.MSIL9.RN Cyren: W32/MSIL_Troj.BSJ.gen!Eldorado Symantec: Trojan.Gen tehtris: Generic.Malware ESET-NOD32: a variant of MSIL/Injector.VJV APEX: Malicious Cynet: Malicious (score: 99) Kaspersky: Trojan-Ransom.Win32.Chimera.a BitDefender: Gen:Variant.Ransom.Chimera.6 NANO-Antivirus: Trojan.Win32.Selltim.dxbmwd Avast: MSIL:Crypchim-A [Trj] Tencent: Malware.Win32.Gencirc.10be0bde Emsisoft: Gen:Variant.Ransom.Chimera.6 (B) F-Secure: Heuristic.HEUR/AGEN.1314386 DrWeb: Trojan.Encoder.1980 VIPRE: Gen:Variant.Ransom.Chimera.6 TrendMicro: Ransom_CRYPCHIM.B McAfee-GW-Edition: BehavesLike.Win32.Generic.dm Trapmine: malicious.moderate.ml.score Sophos: Mal/Generic-R Ikarus: Trojan.MSIL.Injector GData: Gen:Variant.Ransom.Chimera.6 Jiangmin: TrojanSpy.Selltim.cp Webroot: W32.Gen.BT Avira: HEUR/AGEN.1314386 MAX: malware (ai score=100) Antiy-AVL: Trojan[Spy]/Win32.Selltim Gridinsoft: Ransom.Win32.Chimera.ns Xcitium: Malware@#2agyupyzxc55r Arcabit: Trojan.Ransom.Chimera.6 ZoneAlarm: Trojan-Ransom.Win32.Chimera.a Microsoft: Ransom:Win32/Chicrypt Google: Detected AhnLab-V3: Trojan/Win32.Inject.C1230586 Acronis: suspicious McAfee: GenericRXFI-SM!60FABD1A2509 TACHYON: Trojan/W32.DN-Chimera.237568 VBA32: TScope.Trojan.MSIL Malwarebytes: Injector.Trojan.MSIL.DDS Panda: Trj/CI.A TrendMicro-HouseCall: Ransom_CRYPCHIM.B Rising: Ransom.Chimera!8.32AF (CLOUD) SentinelOne: Static AI - Malicious PE MaxSecure: Trojan.Malware.8951244.susgen Fortinet: MSIL/Injector.LXY!tr AVG: MSIL:Crypchim-A [Trj] Cybereason: malicious.a2509b DeepInstinct: MALICIOUS |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2015-Sep-17 08:24:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x35000 |
SizeOfInitializedData | 0x4000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0003644E (Section: .text) |
BaseOfCode | 0x2000 |
BaseOfData | 0x38000 |
ImageBase | 0x400000 |
SectionAlignment | 0x2000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3e000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
mscoree.dll |
_CorExeMain
|
---|