Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Sep-11 09:03:34 |
Detected languages |
English - United States
|
CompanyName | SanSoft |
FileDescription | idchadvn^%$R^%%$CFCVFHG^&%hgvcjdb)!~%tJHGtyxtsx|ihb',>.//?b`bjhbs@ |
FileVersion | 2.0.0.0 |
InternalName | CrackME_v2.0 |
LegalCopyright | Copyright (C)By HN 2022 |
OriginalFilename | CrackME_v2.0 |
ProductName | CrackME v2.0 |
ProductVersion | 2.0.0.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is possibly packed. |
Unusual section name found:
Section is both writable and executable. Unusual section name found: Section is both writable and executable. Unusual section name found: Section is both writable and executable. Unusual section name found: Section is both writable and executable. Unusual section name found: Section is both writable and executable. Section .rsrc is both writable and executable. Unusual section name found: Section is both writable and executable. Section .data is both writable and executable. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource MYLOGO is possibly compressed or encrypted. |
Malicious | VirusTotal score: 39/72 (Scanned on 2022-12-13 12:38:55) |
Bkav:
W32.AIDetect.malware1
tehtris: Generic.Malware MicroWorld-eScan: Gen:Variant.Application.Graftor.737496 FireEye: Generic.mg.6a21bee2b2c2a299 McAfee: Artemis!6A21BEE2B2C2 Sangfor: Trojan.Win32.Packed.Vski K7AntiVirus: Trojan ( 0052ab361 ) Alibaba: Packed:Win32/EnigmaProtector.206d5968 K7GW: Trojan ( 0052ab361 ) Cybereason: malicious.2b2c2a Elastic: malicious (high confidence) ESET-NOD32: a variant of Win32/Packed.EnigmaProtector.M suspicious Cynet: Malicious (score: 100) APEX: Malicious BitDefender: Gen:Variant.Application.Graftor.737496 Tencent: Win32.Trojan.Malware.Ikjl Ad-Aware: Gen:Variant.Application.Graftor.737496 Emsisoft: Gen:Variant.Application.Graftor.737496 (B) VIPRE: Gen:Variant.Application.Graftor.737496 McAfee-GW-Edition: BehavesLike.Win32.PUP.vc Trapmine: malicious.high.ml.score Sophos: Mal/Generic-S SentinelOne: Static AI - Suspicious PE GData: Gen:Variant.Application.Graftor.737496 Webroot: W32.Adware.Gen MAX: malware (ai score=99) Antiy-AVL: Trojan[Packed]/Win32.EnigmaProtector Kingsoft: Win32.Troj.Generic.jm.(kcloud) Arcabit: Trojan.Application.Graftor.DB40D8 Microsoft: Program:Win32/Uwamson.A!ml Google: Detected ALYac: Gen:Variant.Application.Graftor.737496 VBA32: Trojan.Wacatac Malwarebytes: Malware.AI.4258679026 Ikarus: Trojan.Win32.Enigma MaxSecure: Trojan.Malware.300983.susgen Fortinet: Riskware/Application Zoner: Probably Heur.ExeHeaderL CrowdStrike: win/malicious_confidence_70% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 2022-Sep-11 09:03:34 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x281600 |
SizeOfInitializedData | 0x1d2e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x008071C8 (Section: .data) |
BaseOfCode | 0x1000 |
BaseOfData | 0x283000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x80a000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x200000 |
SizeofHeapCommit | 0x2000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
GetModuleHandleA
GetProcAddress ExitProcess LoadLibraryA |
---|---|
user32.dll |
MessageBoxA
|
advapi32.dll |
RegCloseKey
|
oleaut32.dll |
SysFreeString
|
gdi32.dll |
CreateFontA
|
shell32.dll |
ShellExecuteA
|
version.dll |
GetFileVersionInfoA
|
COMCTL32.dll |
#17
|
RPCRT4.dll |
UuidToStringW
|
OLEACC.dll |
LresultFromObject
|
UxTheme.dll |
SetWindowTheme
|
MSVCP140.dll |
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
|
SHLWAPI.dll |
SHAutoComplete
|
MSIMG32.dll |
GradientFill
|
VCRUNTIME140.dll |
_except_handler4_common
|
api-ms-win-crt-heap-l1-1-0.dll |
malloc
|
api-ms-win-crt-runtime-l1-1-0.dll |
exit
|
api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vsscanf
|
api-ms-win-crt-string-l1-1-0.dll |
wcsncpy
|
api-ms-win-crt-convert-l1-1-0.dll |
wcstod
|
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
api-ms-win-crt-time-l1-1-0.dll |
_gmtime64
|
api-ms-win-crt-environment-l1-1-0.dll |
_wgetcwd
|
api-ms-win-crt-filesystem-l1-1-0.dll |
_wremove
|
api-ms-win-crt-math-l1-1-0.dll |
_libm_sse2_sin_precise
|
WINSPOOL.DRV |
DocumentPropertiesW
|
COMDLG32.dll |
CommDlgExtendedError
|
ole32.dll |
ReleaseStgMedium
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.0.0.0 |
ProductVersion | 2.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | SanSoft |
FileDescription | idchadvn^%$R^%%$CFCVFHG^&%hgvcjdb)!~%tJHGtyxtsx|ihb',>.//?b`bjhbs@ |
FileVersion (#2) | 2.0.0.0 |
InternalName | CrackME_v2.0 |
LegalCopyright | Copyright (C)By HN 2022 |
OriginalFilename | CrackME_v2.0 |
ProductName | CrackME v2.0 |
ProductVersion (#2) | 2.0.0.0 |
Resource LangID | English - United States |
---|
StartAddressOfRawData | 0xafc028 |
---|---|
EndAddressOfRawData | 0xafc1a0 |
AddressOfIndex | 0xafc018 |
AddressOfCallbacks | 0xafc020 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks | (EMPTY) |
XOR Key | 0x8e1f943 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 22 |
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616) | 34 |
C objects (VS2022 Update 3 (17.3.0) compiler 31616) | 12 |
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616) | 11 |
Imports (VS2022 Update 3 (17.3.0) compiler 31616) | 4 |
C objects (VS2022 Update 3 (17.3.0-3) compiler 31629) | 25 |
C++ objects (VS2022 Update 3 (17.3.0-3) compiler 31629) | 268 |
C objects (30795) | 9 |
C objects (CVTCIL) (30795) | 1 |
Imports (30795) | 31 |
Total imports | 761 |
C++ objects (LTCG) (VS2022 Update 3 (17.3.0-3) compiler 31629) | 2 |
Resource objects (VS2022 Update 3 (17.3.0-3) compiler 31629) | 1 |
151 | 1 |
Linker (VS2022 Update 3 (17.3.0-3) compiler 31629) | 1 |