6ebbd95e47a5e92c5b89fd041ecf5f42

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Aug-24 08:05:55
Detected languages English - United States
Debug artifacts C:\Users\User\Desktop\Silence AltV\x64\Release\BitcoinMiner.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • https://discord.gg
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowA
Code injection capabilities (PowerLoader):
  • FindWindowA
  • GetWindowLongA
Possibly launches other programs:
  • ShellExecuteA
Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
Manipulates other processes:
  • OpenProcess
  • ReadProcessMemory
  • WriteProcessMemory
Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 29/74 (Scanned on 2024-09-01 09:52:20) ALYac: Trojan.GenericKD.73945790
APEX: Malicious
Arcabit: Trojan.Generic.D46852BE
BitDefender: Trojan.GenericKD.73945790
Bkav: W64.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (D)
Cylance: Unsafe
DeepInstinct: MALICIOUS
ESET-NOD32: a variant of Win64/GameHack.KE potentially unsafe
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.73945790 (B)
FireEye: Trojan.GenericKD.73945790
Fortinet: Adware/GameHack
GData: Trojan.GenericKD.73945790
Google: Detected
Ikarus: Trojan.Win64.Krypt
Lionic: Trojan.Win32.Generic.4!c
MAX: malware (ai score=89)
Malwarebytes: Malware.AI.4158044661
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!6EBBD95E47A5
McAfeeD: ti!0F6711578249
MicroWorld-eScan: Trojan.GenericKD.73945790
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Skyhigh: BehavesLike.Win64.Downloader.fh
Symantec: ML.Attribute.HighConfidence
VIPRE: Trojan.GenericKD.73945790

Hashes

MD5 6ebbd95e47a5e92c5b89fd041ecf5f42
SHA1 91629731e194794749ceb2e5d38c4aa9fe9f7956
SHA256 0f67115782490a9c9778302684ff877531bd0d3faf55dc1b728e548f54c4ffb6
SHA3 50753a967f2fed5fc494a77857204021bca4d115c940f9f0e4d8948cf23ee0c5
SSDeep 6144:75PMe5tNZ+NvDEgE2edopEnzMkMqHYbzDs2mlvV4Ln+VMq:euXsp2zYXD0liLn
Imports Hash bab498a491909db990a9d7ba04472b79

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Aug-24 08:05:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x4e800
SizeOfInitializedData 0x13400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000004E6C0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x66000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1a2cbf1cc6e15c655f4b3f955ce5f7ff
SHA1 325aba71c26b934c0fe64cac9d5923258e9b4176
SHA256 1bd6d05fbac96c1ca1f022302430f6aea41a7577d50795c7af8c6d2897e998f8
SHA3 3a509fcd02fed018a0e461f8dba9cc7522211a8721a83e913976a4b5ece078cf
VirtualSize 0x4e7da
VirtualAddress 0x1000
SizeOfRawData 0x4e800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50512

.rdata

MD5 d0917465abefcac6ae9689b70c1e7ec5
SHA1 c09175d702a79043216c1df2dd152e7e37f05acb
SHA256 2ba4c5d92b9e892b89753b608182e873b3949810dbf49a3aed6525fb957c1bc8
SHA3 c4e4bb50ac0b1a47346346c24db7c8f9921b34502c088cbbf221d57bee2e8f5c
VirtualSize 0xed0e
VirtualAddress 0x50000
SizeOfRawData 0xee00
PointerToRawData 0x4ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.17695

.data

MD5 003fd0643a5009e092eb58667dbf81a2
SHA1 d9f9e645ae7a46db683f9fd4dcdc12ac8ee47bec
SHA256 aad681f4f8caf99244b39f264af551fe7fcaaae37c976a793a967ef0460650c6
SHA3 0fe6661a96fa8538b928834fa4fd15e4d30fe0ec63fc7fcb9687cdfbaf1964c2
VirtualSize 0x8f8
VirtualAddress 0x5f000
SizeOfRawData 0x400
PointerToRawData 0x5da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.53173

.pdata

MD5 1221582a4a757b2ab52536b0dddc2a64
SHA1 f7ba8481823636bfa83d7a14cd549f14c015cb4f
SHA256 d1791a2e26e31b249e7cf9f200a552470030889436ff30ada7c6dc3df184275b
SHA3 acd1b8d7ca3f923534548945b4f39812da7b98b3d38bedb2a6d3982380dca55a
VirtualSize 0x345c
VirtualAddress 0x60000
SizeOfRawData 0x3600
PointerToRawData 0x5de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.65051

.rsrc

MD5 e331b9e1b1a6d18839f7ba6e089ca0c7
SHA1 4b33cc1a2afca21e37e0571c9946bab1120994fb
SHA256 3ef924ed9f6ddafdc5ee0f0560f7db725808318196506c72bc40c2b5fec6ff63
SHA3 7f83900fcac6e771a9673b544be219a816cd4f72976e9357c28e4b181b9c36ce
VirtualSize 0x1e0
VirtualAddress 0x64000
SizeOfRawData 0x200
PointerToRawData 0x61400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 6cb678caf61ecce80c7399c73b071110
SHA1 7cfb3d278ff40ed1b5a49fbc7229847545ada582
SHA256 cb0793be2f2326ebaef5e317f09fb85c947238ab1d3578554d3d462709301437
SHA3 ba766dab514eb3c1bb8e56bf2689446fb14de97e3062fdacd5160ee7fe2e4268
VirtualSize 0x248
VirtualAddress 0x65000
SizeOfRawData 0x400
PointerToRawData 0x61600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.63931

Imports

KERNEL32.dll LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CloseHandle
Module32Next
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleBaseNameA
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GlobalAlloc
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
ReadProcessMemory
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
RtlLookupFunctionEntry
GlobalFree
Sleep
RtlCaptureContext
WriteProcessMemory
ReleaseSRWLockExclusive
USER32.dll SetWindowDisplayAffinity
SetProcessDpiAwarenessContext
SetWindowLongA
ShowWindow
SetWindowPos
DestroyWindow
DefWindowProcA
MessageBoxA
GetWindowThreadProcessId
GetWindowDisplayAffinity
DispatchMessageA
TranslateMessage
PeekMessageA
GetKeyState
SetLayeredWindowAttributes
CreateWindowExA
UnregisterClassA
PostQuitMessage
FindWindowA
RegisterClassExA
GetAsyncKeyState
UpdateWindow
SetClipboardData
GetClipboardData
GetMessageExtraInfo
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
EmptyClipboard
CloseClipboard
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
GetWindowLongA
SHELL32.dll ShellExecuteA
MSVCP140.dll ?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
d3d11.dll D3D11CreateDeviceAndSwapChain
IMM32.dll ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
D3DCOMPILER_47.dll D3DCompile
dwmapi.dll DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll _CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memcpy
memmove
__std_terminate
memset
api-ms-win-crt-runtime-l1-1-0.dll _exit
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
terminate
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_register_onexit_function
exit
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn
_crt_atexit
api-ms-win-crt-stdio-l1-1-0.dll fseek
fclose
fflush
__acrt_iob_func
ftell
fwrite
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
__p__commode
_set_fmode
_wfopen
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-string-l1-1-0.dll strncmp
strncpy
strcmp
api-ms-win-crt-heap-l1-1-0.dll malloc
free
_set_new_mode
_callnewh
api-ms-win-crt-convert-l1-1-0.dll atof
api-ms-win-crt-math-l1-1-0.dll sqrtf
atan2f
fmodf
cosf
sinf
ceilf
__setusermatherr
acosf
powf
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Aug-24 08:05:55
Version 0.0
SizeofData 88
AddressOfRawData 0x57da0
PointerToRawData 0x569a0
Referenced File C:\Users\User\Desktop\Silence AltV\x64\Release\BitcoinMiner.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-Aug-24 08:05:55
Version 0.0
SizeofData 20
AddressOfRawData 0x57df8
PointerToRawData 0x569f8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Aug-24 08:05:55
Version 0.0
SizeofData 892
AddressOfRawData 0x57e0c
PointerToRawData 0x56a0c

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2024-Aug-24 08:05:55
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1400581a8
EndAddressOfRawData 0x1400581b0
AddressOfIndex 0x14005f810
AddressOfCallbacks 0x140050618
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14005f040

RICH Header

XOR Key 0xac714270
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (33731) 4
C objects (33731) 10
C++ objects (33731) 31
Imports (33731) 6
Imports (33136) 17
Total imports 180
C++ objects (LTCG) (33812) 15
Resource objects (33812) 1
Linker (33812) 1

Errors

<-- -->