6aaa41acf2b9d6b7899bbe4e23521f33

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 7/70 (Scanned on 2019-10-07 23:43:43) FireEye: Generic.mg.6aaa41acf2b9d6b7
Invincea: heuristic
Rising: Trojan.Generic@ML.85 (RDML:86frd6c4k0RAZ4jjrI6pTA)
SentinelOne: DFI - Suspicious PE
Endgame: malicious (moderate confidence)
Acronis: suspicious
Cylance: Unsafe

Hashes

MD5 6aaa41acf2b9d6b7899bbe4e23521f33
SHA1 57929220bc5b89f8789484ebcb71066d37a36779
SHA256 83aecb2d81c163f1bce20193e4da5c63c93cc1f802cc15d6dd9210eeeaca4b14
SHA3 4c1bea3fb64f2f249db2e29a702511b980759ac4423737379d069fa673595145
SSDeep 384:nd0YtdCFG+fYU5N7v+sK6PQPOSS21n+65vW:dVtJ+YKN7h21F
Imports Hash 322507b983aeddb89a27811817664b1d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x4317
SizeOfInitializedData 0x36e
SizeOfUninitializedData 0x13df1
AddressOfEntryPoint 0x00004FC2 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x10000
SizeofHeapReserve 0x1000000
SizeofHeapCommit 0x10000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d6e11738e926d5bce435895ce482e49f
SHA1 a41ef629a819fba8479ecbabc4db846ab222b379
SHA256 57ff70ce138cd3cc8997d993025a84e2d6ce5f2118ec9827c812ccefaddd7b4d
SHA3 e722252c982a26a3c21b57595f38c4c2aaf7297eaa3487b733707e729c59ebbf
VirtualSize 0x4317
VirtualAddress 0x1000
SizeOfRawData 0x4400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.8449

.data

MD5 01932fcc1e41507ccb30b839addda7ea
SHA1 42dc93bb7af6e502a77d99416ecd52f1ec177c20
SHA256 2c377f74ad107e454c0f9490602a47b094b5519ba2f1ae0e749dfca5b10bc828
SHA3 bf63cf3ca53d2fa50ed49977c63aa592f6ee7737a6427f95079a33a4464af288
VirtualSize 0x36e
VirtualAddress 0x6000
SizeOfRawData 0x400
PointerToRawData 0x4800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.58326

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13df1
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 1b1db9218708dea47346fde771bdca76
SHA1 36de445c65b17627c089e7b71e82aa8cfa31a18b
SHA256 a5a3cb0d4b55281adaf4f88ec541676ef8a5a71c476df927f46dbb8900df5eef
SHA3 55114af4540b39ea3cb51572179e943760be461ca77e8ac37d8679610f80fc97
VirtualSize 0xc14
VirtualAddress 0x1b000
SizeOfRawData 0xe00
PointerToRawData 0x4c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.45768

Imports

KERNEL32.DLL GetCommandLineA
GetProcessHeap
HeapAlloc
HeapFree
GetStdHandle
SetConsoleMode
CreateFileA
SetFilePointer
GetFileSize
WriteFile
ReadFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
GetTickCount
ExitProcess
GetModuleHandleA
USER32.DLL MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect
GDI32.DLL Ellipse
USER32.DLL (#2) MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->