Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-Aug-24 08:05:55 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\User\Desktop\Silence AltV\x64\Release\BitcoinMiner.pdb
|
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 29/74 (Scanned on 2024-09-01 09:52:20) |
ALYac:
Trojan.GenericKD.73945790
APEX: Malicious Arcabit: Trojan.Generic.D46852BE BitDefender: Trojan.GenericKD.73945790 Bkav: W64.AIDetectMalware CrowdStrike: win/malicious_confidence_70% (D) Cylance: Unsafe DeepInstinct: MALICIOUS ESET-NOD32: a variant of Win64/GameHack.KE potentially unsafe Elastic: malicious (high confidence) Emsisoft: Trojan.GenericKD.73945790 (B) FireEye: Trojan.GenericKD.73945790 Fortinet: Adware/GameHack GData: Trojan.GenericKD.73945790 Google: Detected Ikarus: Trojan.Win64.Krypt Lionic: Trojan.Win32.Generic.4!c MAX: malware (ai score=89) Malwarebytes: Malware.AI.4158044661 MaxSecure: Trojan.Malware.300983.susgen McAfee: Artemis!6EBBD95E47A5 McAfeeD: ti!0F6711578249 MicroWorld-eScan: Trojan.GenericKD.73945790 Microsoft: Trojan:Win32/Wacatac.B!ml Paloalto: generic.ml Panda: Trj/Chgt.AD Skyhigh: BehavesLike.Win64.Downloader.fh Symantec: ML.Attribute.HighConfidence VIPRE: Trojan.GenericKD.73945790 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2024-Aug-24 08:05:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x4e800 |
SizeOfInitializedData | 0x13400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000004E6C0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x66000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LoadLibraryA
QueryPerformanceFrequency GetProcAddress FreeLibrary QueryPerformanceCounter CloseHandle Module32Next OpenProcess CreateToolhelp32Snapshot K32GetModuleBaseNameA AcquireSRWLockExclusive WakeAllConditionVariable SleepConditionVariableSRW GlobalAlloc RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetModuleHandleW GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead MultiByteToWideChar ReadProcessMemory GetLocaleInfoA GlobalUnlock WideCharToMultiByte GlobalLock RtlLookupFunctionEntry GlobalFree Sleep RtlCaptureContext WriteProcessMemory ReleaseSRWLockExclusive |
---|---|
USER32.dll |
SetWindowDisplayAffinity
SetProcessDpiAwarenessContext SetWindowLongA ShowWindow SetWindowPos DestroyWindow DefWindowProcA MessageBoxA GetWindowThreadProcessId GetWindowDisplayAffinity DispatchMessageA TranslateMessage PeekMessageA GetKeyState SetLayeredWindowAttributes CreateWindowExA UnregisterClassA PostQuitMessage FindWindowA RegisterClassExA GetAsyncKeyState UpdateWindow SetClipboardData GetClipboardData GetMessageExtraInfo LoadCursorA ScreenToClient GetCapture ClientToScreen EmptyClipboard CloseClipboard TrackMouseEvent GetKeyboardLayout GetForegroundWindow SetCapture OpenClipboard GetCursorPos SetCursorPos ReleaseCapture IsWindowUnicode GetClientRect SetCursor GetWindowLongA |
SHELL32.dll |
ShellExecuteA
|
MSVCP140.dll |
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z _Cnd_do_broadcast_at_thread_exit _Thrd_detach |
d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
IMM32.dll |
ImmSetCompositionWindow
ImmReleaseContext ImmGetContext ImmSetCandidateWindow |
D3DCOMPILER_47.dll |
D3DCompile
|
dwmapi.dll |
DwmExtendFrameIntoClientArea
|
VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
VCRUNTIME140.dll |
_CxxThrowException
__C_specific_handler __current_exception_context __current_exception strstr __std_exception_copy __std_exception_destroy memchr memcmp memcpy memmove __std_terminate memset |
api-ms-win-crt-runtime-l1-1-0.dll |
_exit
_configure_narrow_argv _c_exit _register_thread_local_exe_atexit_callback _initterm_e terminate _initialize_narrow_environment _initialize_onexit_table _initterm _get_narrow_winmain_command_line _set_app_type _seh_filter_exe _register_onexit_function exit _cexit _beginthreadex _invalid_parameter_noinfo_noreturn _crt_atexit |
api-ms-win-crt-stdio-l1-1-0.dll |
fseek
fclose fflush __acrt_iob_func ftell fwrite __stdio_common_vsprintf fread __stdio_common_vsscanf __stdio_common_vfprintf __p__commode _set_fmode _wfopen |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
api-ms-win-crt-string-l1-1-0.dll |
strncmp
strncpy strcmp |
api-ms-win-crt-heap-l1-1-0.dll |
malloc
free _set_new_mode _callnewh |
api-ms-win-crt-convert-l1-1-0.dll |
atof
|
api-ms-win-crt-math-l1-1-0.dll |
sqrtf
atan2f fmodf cosf sinf ceilf __setusermatherr acosf powf |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Aug-24 08:05:55 |
Version | 0.0 |
SizeofData | 88 |
AddressOfRawData | 0x57da0 |
PointerToRawData | 0x569a0 |
Referenced File | C:\Users\User\Desktop\Silence AltV\x64\Release\BitcoinMiner.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Aug-24 08:05:55 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x57df8 |
PointerToRawData | 0x569f8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Aug-24 08:05:55 |
Version | 0.0 |
SizeofData | 892 |
AddressOfRawData | 0x57e0c |
PointerToRawData | 0x56a0c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Aug-24 08:05:55 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x1400581a8 |
---|---|
EndAddressOfRawData | 0x1400581b0 |
AddressOfIndex | 0x14005f810 |
AddressOfCallbacks | 0x140050618 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14005f040 |
XOR Key | 0xac714270 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 16 |
ASM objects (33731) | 4 |
C objects (33731) | 10 |
C++ objects (33731) | 31 |
Imports (33731) | 6 |
Imports (33136) | 17 |
Total imports | 180 |
C++ objects (LTCG) (33812) | 15 |
Resource objects (33812) | 1 |
Linker (33812) | 1 |