Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Aug-01 02:44:18 |
Detected languages |
English - United States
|
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
11815405 bytes of data starting at offset 0x9000.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted. Overlay data amounts for 99.689% of the executable. |
Malicious | VirusTotal score: 30/67 (Scanned on 2021-11-25 08:55:10) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (high confidence) MicroWorld-eScan: Trojan.GenericKDZ.79325 BitDefender: Trojan.GenericKDZ.79325 Cybereason: malicious.13411c Cyren: W32/MSIL_Kryptik.FHF.gen!Eldorado ESET-NOD32: multiple detections APEX: Malicious ClamAV: Win.Packed.Barys-9859531-0 Kaspersky: Trojan.Win32.Agent.xaktij Avast: Win32:CrypterX-gen [Trj] Rising: Dropper.Agent/NSIS!1.D805 (CLASSIC:cmRtazqm+wdvciVImSVHriwQ4RCy) Emsisoft: IL:Trojan.MSILZilla.4736 (B) DrWeb: Trojan.PackedNET.972 TrendMicro: TROJ_GEN.R002C0DKO21 McAfee-GW-Edition: BehavesLike.Win32.AdwareDealPly.wc FireEye: Generic.mg.63732b8527a3adae GData: Trojan.Agent.FPXJ Avira: HEUR/AGEN.1144141 Antiy-AVL: Trojan/Generic.ASMalwS.3454962 Kingsoft: Win32.Troj.Undef.(kcloud) Microsoft: Trojan:Win32/Wacatac.B!ml Cynet: Malicious (score: 99) ALYac: Trojan.Agent.FPXJ MAX: malware (ai score=86) VBA32: CIL.HeapOverride.Heur Malwarebytes: Trojan.Dropper.SFX.Generic TrendMicro-HouseCall: TROJ_GEN.R002C0DKO21 Fortinet: W32/BSE.4Q7Q!tr AVG: Win32:CrypterX-gen [Trj] |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Aug-01 02:44:18 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6600 |
SizeOfInitializedData | 0x22a00 |
SizeOfUninitializedData | 0x800 |
AddressOfEntryPoint | 0x000035D8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3c000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCreateKeyExW
RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW AdjustTokenPrivileges LookupPrivilegeValueW OpenProcessToken SetFileSecurityW RegOpenKeyExW RegEnumValueW |
---|---|
SHELL32.dll |
SHGetSpecialFolderLocation
SHFileOperationW SHBrowseForFolderW SHGetPathFromIDListW ShellExecuteExW SHGetFileInfoW |
ole32.dll |
OleInitialize
OleUninitialize CoCreateInstance IIDFromString CoTaskMemFree |
COMCTL32.dll |
#17
ImageList_Create ImageList_Destroy ImageList_AddMasked |
USER32.dll |
GetClientRect
EndPaint DrawTextW IsWindowEnabled DispatchMessageW wsprintfA CharNextA CharPrevW MessageBoxIndirectW GetDlgItemTextW SetDlgItemTextW GetSystemMetrics FillRect AppendMenuW TrackPopupMenu OpenClipboard SetClipboardData CloseClipboard IsWindowVisible CallWindowProcW GetMessagePos CheckDlgButton LoadCursorW SetCursor GetWindowLongW GetSysColor SetWindowPos PeekMessageW SetClassLongW GetSystemMenu EnableMenuItem GetWindowRect ScreenToClient EndDialog RegisterClassW SystemParametersInfoW CreateWindowExW GetClassInfoW DialogBoxParamW CharNextW ExitWindowsEx DestroyWindow CreateDialogParamW SetTimer SetWindowTextW PostQuitMessage SetForegroundWindow ShowWindow wsprintfW SendMessageTimeoutW FindWindowExW IsWindow GetDlgItem SetWindowLongW LoadImageW GetDC ReleaseDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint EmptyClipboard CreatePopupMenu |
GDI32.dll |
SetBkMode
SetBkColor GetDeviceCaps CreateFontIndirectW CreateBrushIndirect DeleteObject SetTextColor SelectObject |
KERNEL32.dll |
GetExitCodeProcess
WaitForSingleObject GetModuleHandleA GetProcAddress GetSystemDirectoryW lstrcatW Sleep lstrcpyA WriteFile GetTempFileNameW lstrcmpiA RemoveDirectoryW CreateProcessW CreateDirectoryW GetLastError CreateThread GlobalLock GlobalUnlock GetDiskFreeSpaceW WideCharToMultiByte lstrcpynW lstrlenW SetErrorMode GetVersion GetCommandLineW GetTempPathW GetWindowsDirectoryW SetEnvironmentVariableW ExitProcess CopyFileW GetCurrentProcess GetModuleFileNameW GetFileSize CreateFileW GetTickCount MulDiv SetFileAttributesW GetFileAttributesW SetCurrentDirectoryW MoveFileW GetFullPathNameW GetShortPathNameW SearchPathW CompareFileTime SetFileTime CloseHandle lstrcmpiW lstrcmpW ExpandEnvironmentStringsW GlobalFree GlobalAlloc GetModuleHandleW LoadLibraryExW MoveFileExW FreeLibrary WritePrivateProfileStringW GetPrivateProfileStringW lstrlenA MultiByteToWideChar ReadFile SetFilePointer FindClose FindNextFileW FindFirstFileW DeleteFileW |
XOR Key | 0xd26650e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 165 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |