66c058437ec794aba3f851cc7e3cf4fa

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jul-30 08:52:21

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • GetProcAddress
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Info The PE's resources present abnormal characteristics. Resource 59671D98D7F1E5DF77F1919DEFB07252 is possibly compressed or encrypted.
Malicious VirusTotal score: 37/72 (Scanned on 2024-11-28 22:10:40) Alibaba: Trojan:Win64/Coinmin.43ed5e6b
Antiy-AVL: Trojan/Win32.SchoolGirl
Bkav: W64.AIDetectMalware
CTX: exe.trojan.generic
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
FireEye: Generic.mg.66c058437ec794ab
Fortinet: W64/CoinMiner.526230!tr
GData: Win64.Trojan.Agent.N5BCPD
Google: Detected
Gridinsoft: Trojan.Win64.CoinMiner.ca
Ikarus: Trojan.PowerShell.Agent
K7AntiVirus: Riskware ( 00584baa1 )
K7GW: Riskware ( 00584baa1 )
Kingsoft: malware.kb.a.876
Lionic: Trojan.Win32.Gen.tqzj
Malwarebytes: Generic.Malware.AI.DDS
MaxSecure: Trojan.Malware.300983.susgen
McAfee: RDN/Generic.grp
McAfeeD: ti!00748D7EA4CC
Paloalto: generic.ml
Rising: Trojan.Agent!1.E32B (CLOUD)
Sangfor: Virus.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Generic.ch
Sophos: Generic Reputation PUA (PUA)
Symantec: ML.Attribute.HighConfidence
Trapmine: suspicious.low.ml.score
TrendMicro: Coinminer.Win64.MALXMR.TIAOODHT
TrendMicro-HouseCall: Coinminer.Win64.MALXMR.TIAOODHT
VBA32: TrojanPSW.Win64.Banker
Varist: W64/Bulz.BB.gen!Eldorado
VirIT: Trojan.Win32.Banker1.BMNA
Zillya: Trojan.Generic.Win32.838255
tehtris: Generic.Malware

Hashes

MD5 66c058437ec794aba3f851cc7e3cf4fa
SHA1 521bad222e4ba40761aae033ee1aba676e1af474
SHA256 00748d7ea4ccfb6fc6ff59e3fe24c46b862ab3dd9c562ff6b13b5dfb31326bc6
SHA3 4e0d1ef857fdf4e92c0358cd0c2d14bcfdfb5727d17ccdbf4dc3338990f493ab
SSDeep 3072:PV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPIkF/OHdHZorDa7Rfk:Ct5hBPi0BW69hd1MMdxPe9N9uA069TBd
Imports Hash 7182b1ea6f92adbf459a2c65d8d4dd9e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2019-Jul-30 08:52:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x16200
SizeOfInitializedData 0x13200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001000 (Section: .code)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x2e000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.code

MD5 bf90681e6a2fc3ae2cafaa536804f308
SHA1 a64a539ccb5ac41a8f594b60f7f567944b712182
SHA256 132b3650e49de953081b6eaa8b89005d1b958b818fb4e58c524ded1c074c9fd0
SHA3 c46f3c39cd402fb274b170b23313415e01241ad8b5af4faead450cc0bbf0136a
VirtualSize 0x5a99
VirtualAddress 0x1000
SizeOfRawData 0x5c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.47081

.text

MD5 8a1a401c4bd106ea802d83f827d2ddd2
SHA1 ba522367b155c12f0cfa2c2bdaf8457fa64f0b96
SHA256 900a0bbdf1e3b6b7fd61e7f84ab9db4406cd1d06ef9e5ad3e73acb6de65f002f
SHA3 12719bcb5fd52d0d8ddc8800fac2a8360fcb8e238624c348c145b384fd68c317
VirtualSize 0x105b5
VirtualAddress 0x7000
SizeOfRawData 0x10600
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.35986

.rdata

MD5 546e073a6443174d5e09f21ab6d487ce
SHA1 c271a82ffeaf7c9a6e210fb0d003ddaaebad2801
SHA256 9cd909a01b354415b1574a76b3dd4bc0dfee6651a287a5206f6e10b62d8ce439
SHA3 fe17b37b529a3e52d747ac8d924466745cd7cdb10288b6417bfeba8bfe27be8d
VirtualSize 0x4b3d
VirtualAddress 0x18000
SizeOfRawData 0x4c00
PointerToRawData 0x16600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.66669

.pdata

MD5 e81bd35fde0f70c926459e823327da76
SHA1 6700166d9cffb7f1003ba9a8c06d2e7fff8724eb
SHA256 0302dab6e83134468a53ac9b21d51375b8d004da94bca07d698e8280464580ee
SHA3 7d3989266acbed4713a2ee66ae389d8c37e56db79d68d3c8bf446664de5b06eb
VirtualSize 0x10d4
VirtualAddress 0x1d000
SizeOfRawData 0x1200
PointerToRawData 0x1b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.88103

.data

MD5 7aab2aec14f0e33c76fa0dd35ab977ae
SHA1 fc41e704722298b3715d7f8b1263bf1526c5e9b7
SHA256 3775cc7a535eb424eb43884bcd1f77a1aff20cc8725c2c6741dda63a5d670ffe
SHA3 3c8ab84a03b69c4172e48f4c5c2d953a428361f79ffe330e7e29b5193945c313
VirtualSize 0x2318
VirtualAddress 0x1f000
SizeOfRawData 0x1600
PointerToRawData 0x1c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.29891

.rsrc

MD5 a24868b3fab581683cb05ded79f7aa2e
SHA1 371dc75ecf995f44abb4d7ad9945eb3cde6dff57
SHA256 62a1b04dec1e622f68387935bd8a1e85226db23658144b011a4d9f785e47e4fd
SHA3 70983144a8cc55e9665c9d3c8e91ad79b7c1f9cd5a2d3084c9feb742c4ffbfe2
VirtualSize 0xbc90
VirtualAddress 0x22000
SizeOfRawData 0xbe00
PointerToRawData 0x1da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.30497

Imports

msvcrt.dll memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
KERNEL32.dll GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
SHELL32.DLL ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
WINMM.DLL timeBeginPeriod
OLE32.DLL CoInitialize
CoTaskMemFree
SHLWAPI.DLL PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
USER32.DLL CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
GDI32.DLL GetStockObject
COMCTL32.DLL InitCommonControlsEx

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.03616
MD5 68d4ccb2e2e5b5a0bcd1eec02bcbd1f6
SHA1 d49dc15e5fa6604266504c63ee1506140a88b2b8
SHA256 53a9274b19ec47518acee84e68c85602de91e875f7990e02d45299992b3b2b0c
SHA3 fdd7f00759095c4be84da293e129f73420282a06222f2b3a85983be5156c35d1

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.32794
MD5 78810171a52f6c1dc0ecc11f857a01d9
SHA1 5237c3194b8056c116b34a3b858ab32a3386879f
SHA256 fa5ae7fddc752427dd8822bb819a91b1737ec45a98612db131d74da97439ffa8
SHA3 eecd6d95b172cd6b6791cc2103653e3e552e7fbf88bea66f789aebdabd9974f6

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.46563
MD5 891e549dc4e3e69955343c0381119887
SHA1 e11aa320c0981937ffaae2e4a1a119aa23ea4a55
SHA256 0669bc2849347eaa423479a3f6752e4a63159acb08b72a9d523da188df87cd4b
SHA3 2cc83878fbc451effaf5d1f724dc48423f1add933ddb1d0afe3f6cd84868b881

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.63078
MD5 5a179c4495d41ba1c4d732ddcf708ed2
SHA1 d8c90b07978436161b98927fd94fbd7332726f93
SHA256 69b9ffb6e5c3e1183d1ecb4c8727e5ce46feed12ad092d3a593cefe2488c2477
SHA3 839ed8d9d8fd2c251c3a3af4ce0d36ef8b497285aa475867d4c683f1e8e07890

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4a88
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.93914
Detected Filetype PNG graphic file
MD5 7e1089f3192e5e6458e49b1adf00831f
SHA1 332accd20841dc7a9f7467fcf2ca9319cf267152
SHA256 2f2095bdf6f632b944062250f983a247a01814576a1746b076bf16bcef8a4fa0
SHA3 0ed847f4929a0b71f1287845e494aa285192dee707f16f58ddd78f6d68fa7752

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.60098
MD5 3ceb81d4ef810aa85c8462926c977f6f
SHA1 efdd87368433e9b86f18c17a312c7b3697255c31
SHA256 c5544e8d6f58b2e95aea77717ecdbfb7049efdbb311bc52e753ec18773caece6
SHA3 406580905ff49d18cefb1c155f11b0f1a23b6b8ac51155c382dde196ade4fc07

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.80743
MD5 20873d83f482d0749ca09f15218067c5
SHA1 6844d02367170a941c18a51a3c0cadd5165fd76a
SHA256 c700b4835ee549fb9cef96bd5afd6701df8e9cf0bec488979747651b611e3853
SHA3 473213924a83474d8d7345f221ca516fbee39a78b43daa1a989825b760e80d19

8

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.00757
MD5 02fb286f31c215e63fde597d8d59c174
SHA1 21f171aea44098bb41fd634af14868f503ac6742
SHA256 b06c1367f8f1447a17eacc05253325fea787f2b1993997b6b0c47ca8fbdf6381
SHA3 0bf8ce2de7e8ee6a9e5f94b751e4dca56c2eb8d2eaa918c3babe31e55a89d338

9

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.16172
MD5 3b12148b172eb8b0ec0e7ff356209875
SHA1 ca3d8f771db2b1f6b8b773f597f97dabab382dbe
SHA256 dcdbbd128df3c2cbb2a6d700196f60a2cf74d753343fc00d01876be2cc0fbc7f
SHA3 f05c5192c750e09631e47792bdca3c3697a1cac6776c2cf2a75d8d940a53e6f5

2320F0D488

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA3 2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7

59671D98D7F1E5DF77F1919DEFB07252

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x309
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.75557
MD5 16715eaf47fb378ffa2b9e39347776d8
SHA1 5c54479194a84f84aa5dc9b9c09342dc0dd25064
SHA256 efe76aa9d09611792c0aaf17ab7a165aa71551162c760c24743e0a66fa174751
SHA3 7b857927b60f036610c27f1dc86c41be9755858bb97298a74790df1e6874ad9f

C514243E77F6D12158BE73D98CDD7945C6406654

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xd
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39275
MD5 b0868726a3236ef2ecc4a7cd05bdea53
SHA1 d155e56a208491e065c01addb51fb9cad6ce4c96
SHA256 4a099cf5b983c9a32708869c8c2c19af10dbff05eba0fc922067fb0812310687
SHA3 707a20cde05807fbf5af103017e9b48b01134b22468e36b1484de915413f4055

DA68B92E4452ECC83845217723B6A06D

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.23593
MD5 7bb55e591962edd967c9a3039407256c
SHA1 e84642313805d66ef70fdada202992d040a1c2cc
SHA256 8fcbd3ba77d0af716d0b3f342b877539512ba665a6c5ad7999a531bff05a6a91
SHA3 116f25e12adcabbb7a50c5223cf85536391d06d1114f226b2e5d018f6907ff91

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.84784
Detected Filetype Icon file
MD5 91ae43283421add942059ac6ecde4b20
SHA1 69250acb9dacd1cb0dbdfcc83266b1e52e1d3ab0
SHA256 c1aa9d09d7bf783cd94379adb5b81122437f203d1838fda86d2ad65681216854
SHA3 e1263290c2dc8f762fa98ff084337df307d1316c4e76b77330b1ef45b8c43c28

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x267
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.90544
MD5 4e2ee33c354e5aff254814592a935dd3
SHA1 059023c6baf2e13e5b77a51b8348b551e92c72d5
SHA256 e740f847bcb93ac2af26fa0b6666dfdf74a32f167cb04608e558b8ea4568cdf7
SHA3 482ae796d6566ab40baace9acd3b17fe3ad863603d351ab89930e4992f9ccae5

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->