61f9120a6fc4dea728175f3beffd5c70

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: PeStubOEP v1.x
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • Inf-Inf-and-cmd.bat.cmd.com
  • Inf-and-cmd.bat.cmd.com
  • and-cmd.bat.cmd.com
  • bat.cmd.com
  • cmd.bat.cmd.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Malicious VirusTotal score: 51/72 (Scanned on 2025-01-13 07:02:36) ALYac: Gen:Variant.Ulise.497390
AVG: Win32:MalwareX-gen [Trj]
Alibaba: Ransom:Win64/Ransomhub.daebfd21
Antiy-AVL: Trojan[Ransom]/Win64.Agent
Arcabit: Trojan.Ulise.D796EE
Avast: Win32:MalwareX-gen [Trj]
Avira: TR/Redcap.ygonk
BitDefender: Gen:Variant.Ulise.497390
Bkav: W32.Common.E2556061
CAT-QuickHeal: Trojan.Ghanarava.1730676076fd5c70
CTX: exe.ransomware.generic
CrowdStrike: win/malicious_confidence_60% (W)
Cylance: Unsafe
DeepInstinct: MALICIOUS
ESET-NOD32: a variant of WinGo/Filecoder.RansomHub.A
Elastic: Multi.Ransomware.RansomHub
Emsisoft: Gen:Variant.Ulise.497390 (B)
F-Secure: Trojan.TR/Redcap.ygonk
FireEye: Gen:Variant.Ulise.497390
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Ulise.497390
Google: Detected
Ikarus: Trojan.Crypt
K7AntiVirus: Riskware ( 00584baa1 )
K7GW: Riskware ( 00584baa1 )
Kaspersky: HEUR:Trojan-Ransom.Win64.Generic
Kingsoft: Win64.Trojan-Ransom.Generic.a
Lionic: Trojan.Win32.Agentb.tsE2
Malwarebytes: Malware.AI.1113815213
MaxSecure: Trojan.Malware.313106256.susgen
McAfee: Ransom-Hub.a
McAfeeD: ti!83654C500C68
MicroWorld-eScan: Gen:Variant.Ulise.497390
Microsoft: Ransom:Win64/Ransomhub.B
Paloalto: generic.ml
Panda: Trj/CI.A
Sangfor: Ransom.Win64.Ransomhub.V21y
Skyhigh: Ransom-Hub.a
Sophos: Troj/RnsmHub-A
Symantec: Ransom.Ransomhub!g1
Tencent: Win64.Trojan-Ransom.Generic.Hajl
TrendMicro: Ransom_Ransomhub.R002C0DGS24
TrendMicro-HouseCall: Ransom_Ransomhub.R002C0DGS24
VIPRE: Gen:Variant.Ulise.497390
Varist: W32/Filecoder.JU.gen!Eldorado
VirIT: Trojan.Win32.Genus.WDU
Webroot: W32.Trojan.Gen
Xcitium: Malware@#fim293biv0sk
Zillya: Trojan.Generic.Win64.734
alibabacloud: Ransomware:Multi/RansomHub.A
huorong: HEUR:HackTool/Sliver.a

Hashes

MD5 61f9120a6fc4dea728175f3beffd5c70
SHA1 099d584f68b1d32e3b1cc561732bce0d8c7c28df
SHA256 83654c500c68418142e43b31ebbec040d9d36cfbbe08c7b9b3dc90fabc14801a
SHA3 28c2127b1a303effc60006a901cdb5db1c7fcdffee8d62f18af3d52bfa8ac8d2
SSDeep 98304:CNJI5ZPwIbtiWkpx1+I7q2Ox682uixiqaX7+q31hSPhIR:wJLDlFF7q2QZixAqqa0
Imports Hash 9cbefe68f395e67356e2a5d8d1b285c0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0xa76e00
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x708c00
SizeOfInitializedData 0x1fe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00058790 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xa29000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0xaa7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8cc49aa38cfa40c9a0bc0b2d468babd1
SHA1 c907c77e38e8568d622810953b9e27c301a27832
SHA256 b8996b679cfc70ac69d653c58e634c0b1eb563b093014ab04b793f28e7335159
SHA3 7671c13d1a41bbf229b4750179975d9c782712f9e9ccb162e724e8020a6f2ce1
VirtualSize 0x708bfd
VirtualAddress 0x1000
SizeOfRawData 0x708c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.00695

.rdata

MD5 079555f67d44ed5b6db47d0fbd70a3d8
SHA1 60441fd0b6894234be8ec15f3a0ed72aa46111a1
SHA256 0cdc097407b14e2c43e8493d7713ab32cdb29ab9ab4204ca1ebbaf4a6d2a2a5c
SHA3 92feb317a02b83d9b66cc23c2dc487bbc66a9546406fb111603e45bea943f430
VirtualSize 0x31e74c
VirtualAddress 0x70a000
SizeOfRawData 0x31e800
PointerToRawData 0x709000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.85196

.data

MD5 ac21f88cb770a9fe2235e3787f953094
SHA1 21cc2cb0fcc122baac8837f13919229d406c536d
SHA256 582c64a9b0d547e25caaf995deca91b38f680a7c233cdca034582640c659fe51
SHA3 d6f5300c60882ddd84e9917a0b3cf4c1eb259ed008c226fe173e2a8a2f4103a8
VirtualSize 0x4b788
VirtualAddress 0xa29000
SizeOfRawData 0x1fe00
PointerToRawData 0xa27800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.91579

.idata

MD5 a98f45d550944d08632b98f14eb794f5
SHA1 5452c782690466727714957d24726030fdea0b8d
SHA256 1332e351e317c0768e8d6ff567a3d858cfb33db7fef2aae5b6ffba7e88f6834f
SHA3 68e9e498a13740f16b60885fe5be309663ddd8176a6975bfed8116fdce613dbe
VirtualSize 0x3dc
VirtualAddress 0xa75000
SizeOfRawData 0x400
PointerToRawData 0xa47600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.6148

.reloc

MD5 521d67322a75d8a02390841467c0e0dc
SHA1 c16ea8ddae59defb82f936c4769fd9de2ccde15b
SHA256 df8edb8abe73586b106ae88b5596f62d36e4fac7f56c0d8eb521b271f453bfcd
SHA3 01eaf08badc618d0333e65fc2d04f874b286f1123f123cf80eac0e03a04fcec1
VirtualSize 0x2f320
VirtualAddress 0xa76000
SizeOfRawData 0x2f400
PointerToRawData 0xa47a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.64638

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0xaa6000
SizeOfRawData 0x200
PointerToRawData 0xa76e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->