6a60f6fbd451bfb11d0c943706ceda0a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Jul-25 22:57:13
Detected languages Swedish - Sweden

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Malicious VirusTotal score: 24/75 (Scanned on 2024-07-26 22:32:57) APEX: Malicious
Avira: HEUR/AGEN.1374952
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
F-Secure: Heuristic.HEUR/AGEN.1374952
FireEye: Generic.mg.6a60f6fbd451bfb1
Fortinet: Malicious_Behavior.SB
GData: Win64.Trojan.Agent.8HNBSP
Kingsoft: malware.kb.a.984
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Generic.Malware/Suspicious
MaxSecure: Trojan.Malware.300983.susgen
McAfeeD: ti!82C2F0AF2F59
Paloalto: generic.ml
Sangfor: Trojan.Win32.Agent.V2md
SentinelOne: Static AI - Suspicious PE
Sophos: Generic ML PUA (PUA)
Symantec: ML.Attribute.HighConfidence
Trapmine: suspicious.low.ml.score
tehtris: Generic.Malware

Hashes

MD5 6a60f6fbd451bfb11d0c943706ceda0a
SHA1 15afe57c61dc29db351b04f64fd494796ef07e37
SHA256 82c2f0af2f595ff2656f3c418246ffd7f8daa22d0cc38605977def4e42fd32bd
SHA3 83f51b4adb3cf5c1607efa79a2a54991183c650f933b7cbc1251f63f6206397c
SSDeep 49152:BYdvcy8kcu0RxBU+89fH341MhWCDlRA6BXuhb4cFxcuUo:BYdcl/3RxeH3dhV4LhUcFxcuUo
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2024-Jul-25 22:57:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x10400
SizeOfInitializedData 0x27fa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000005800 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x294000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 157b5d0ddb69c2ed5d881e0a3feaa2cd
SHA1 652a4b2f8ee9c9b7bd7791e2c6f9e554175eca38
SHA256 9898745e1b3504f66aa3357d11a7c1673ee30cdeb58dd73b594e9ce1d41e1740
SHA3 c117802673c849ea5b8cbf5c8b6a3803bbb2d38154ee493193b17d0d802879b8
VirtualSize 0x10255
VirtualAddress 0x1000
SizeOfRawData 0x10400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.53703

.data

MD5 89c8fddafaed1c6f393ec378d7e1314d
SHA1 40b83795f68405ef98a0e0fac738cc1afce77907
SHA256 73b3bcf921d7811ac9afa0915b264ff868bc85befc1617939f816e1e3cb892f3
SHA3 f454bdb838b2642cba369ebbbd45c58aa76e2430f1a8eaf871b05c6b6177f001
VirtualSize 0x27c120
VirtualAddress 0x12000
SizeOfRawData 0x279600
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9998

.rsrc

MD5 98b6d157d4a5155730c0b81fbf81e9e9
SHA1 c37f551b4d51c185f795e0528b575b5841cc38f8
SHA256 2522845c05d5d49ef654389864e6f40d6eb7cc9f95ddd99054adeba4216f1978
SHA3 dc8a68bf4086cbd5bd11249898e13787232fe8da4452066a8ceda5427f143854
VirtualSize 0x3548
VirtualAddress 0x28f000
SizeOfRawData 0x3600
PointerToRawData 0x289e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.89843

.reloc

MD5 78ffc4ff6efa05f690d37255200f56f9
SHA1 398557d641c9fab08add72054d3c387249c96a92
SHA256 5db367200811ae780783fff6759960229041bdecd3b6d56cdf406ec85075b41d
SHA3 7cded9ba6f4551774e1f7194297c6ba0eec0bbe6fffd41e24737038ef522e0b0
VirtualSize 0x34
VirtualAddress 0x293000
SizeOfRawData 0x200
PointerToRawData 0x28d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.692454

Imports

Delayed Imports

1

Type RT_ICON
Language Swedish - Sweden
Codepage UNKNOWN
Size 0x3489
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96068
Detected Filetype PNG graphic file
MD5 7e4bf06f423d4dda41205b7815414c6b
SHA1 49c662d098180372ffc927d7e39a765888dd46a8
SHA256 2a980cb20bda456af035085f81041b3fc09b73ea1326154d05a87cf1d7656786
SHA3 b7d09f60ed3a1c8948e877f07e6b50f376b9bfd2eb602358ba8bdb8b6e4b9c4b

10000

Type RT_GROUP_ICON
Language Swedish - Sweden
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.7815
Detected Filetype Icon file
MD5 9ec2ab0e186fea2067c2b04defe134fc
SHA1 f9c8dcd25e69d4ec2ddfb754a78d59d5c93da332
SHA256 bdd1f13783d64291c0d582ebd254e89fd69a47d48060f700aa703a7d46b3f6cc
SHA3 abe2d778b8ae0129c29391b519619eef630d885ba795de75febc628735f0ca99

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xb65c5da1
Unmarked objects 0
C objects (LTCG) (33812) 25
ASM objects (33812) 1
Resource objects (33812) 1
Linker (33812) 1

Errors

<-- -->