70157f09f07843dbbe403d283f055e75

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Aug-05 08:24:46

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExW
 Leverages the raw socket API to access the Internet:
  • WSAStartup
Malicious VirusTotal score: 8/70 (Scanned on 2022-08-05 15:21:19) FireEye: Generic.mg.70157f09f07843db
Cybereason: malicious.a582f4
APEX: Malicious
McAfee-GW-Edition: BehavesLike.Win64.PUPXBV.vc
Trapmine: suspicious.low.ml.score
Microsoft: Program:Win32/Wacapew.C!ml
Cynet: Malicious (score: 100)
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 70157f09f07843dbbe403d283f055e75
SHA1 9f7c3f5a582f420f582d4def1bbec194355e8214
SHA256 4525e901717c7f43d3c1756a07311ceba0e80474cf9d712454a72e3cee278c93
SHA3 e724812d40a219756aab086e123d9a776b907b588b2306e82557099833ccf32a
SSDeep 49152:CKhVBhC0C37Sl54eYzn76uWYyu6/1/dUFu9pZCNRbVGXmdqDSZfdDJ:Zb6uHqNAXmeOV1
Imports Hash 427b7dda9088131f1d5b5025b8fa9ace

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2022-Aug-05 08:24:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x5ac00
SizeOfInitializedData 0x1ab600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000040594 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x20a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3054677b7215a21431df62e4166f14f3
SHA1 ae75e614b3862121f3f4c0e65bb0b21e16390b9d
SHA256 37bbef0756aa68d85aa73ea6385c502f62fa95c84c349092f22cb655b6e30422
SHA3 1d4622ec1968d2170a2713ed2af0227e3b15de081cfda267c979697f80aef759
VirtualSize 0x5ab80
VirtualAddress 0x1000
SizeOfRawData 0x5ac00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.52414

.rdata

MD5 8b23057c8ba882b60bb04b8a002f2310
SHA1 0caa251523e4dcadc3c340d0dab56b59b6492ff3
SHA256 5733733733c730ded31871f63eaf2e8da04617d5e478ee769b520d55fc5052ba
SHA3 fbacedd5c2dd5049b65f063927212359f9c74547102416ec3104926441c126be
VirtualSize 0x1a7434
VirtualAddress 0x5c000
SizeOfRawData 0x1a7600
PointerToRawData 0x5b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.40122

.data

MD5 2c33cd7497e6fa61ba133d6a42f47d6f
SHA1 9bf5e9f97d980b5001ea0df7b2b015e3e012b7c9
SHA256 4584b6996f0aecbc24203112702fbfe844a290e9b3e285d013d0bf4a9f0368b7
SHA3 fe333fa65304d04da6ab9d368e3912cf3f2553a44bd86a1eede52cbf53dacb10
VirtualSize 0x1d78
VirtualAddress 0x204000
SizeOfRawData 0xc00
PointerToRawData 0x202600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.33488

.pdata

MD5 05334350070f3e73a007043967e389cb
SHA1 58918fa67be218e10355d9e1e6fb1bb83c87fcd3
SHA256 a3265f65f054fdf8383dd50e763eeb3ec3d5ed93bdf1a0628b1050ed2045ac9c
SHA3 04db6213a416405f861e00e7c1190cca08595656a973f7e2d9fed63b2688a563
VirtualSize 0x17b8
VirtualAddress 0x206000
SizeOfRawData 0x1800
PointerToRawData 0x203200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.43732

_RDATA

MD5 8049125755d6e878a987700bb7ec3954
SHA1 a8f7003ae354717dab6e9e4c24e921a31b612d5d
SHA256 97233816c67801554fad98e94b36f6303b99be2da3ac0ef74f134f00b8ba9c22
SHA3 98fb59fac1393b944e1a72dcf667ecb5ec4d06939be3ea00c17ffdb3800c7b85
VirtualSize 0x15c
VirtualAddress 0x208000
SizeOfRawData 0x200
PointerToRawData 0x204a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.33819

.reloc

MD5 95037388910d3c7b83f08799864be7a4
SHA1 8b0088e27b9b99d93fb4a00bfc1da6926e8e0551
SHA256 394073d2a2678592597549425dd694285174e3ec8471431a7eb9a8e491ffc3da
SHA3 ebbf61e1d682558f723e28e8f1fac5cdfce9ea42a0affd89c30b2c3b590f4b3d
VirtualSize 0x784
VirtualAddress 0x209000
SizeOfRawData 0x800
PointerToRawData 0x204c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.28155

Imports

KERNEL32.dll EnumResourceTypesExW
VirtualAlloc
WaitForSingleObject
CreateFileW
CloseHandle
LoadLibraryW
CreateThread
WriteConsoleW
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileType
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
HeapSize
WS2_32.dll WSAStartup

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Aug-05 08:24:46
Version 0.0
SizeofData 756
AddressOfRawData 0x201184
PointerToRawData 0x200184

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2022-Aug-05 08:24:46
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140204020

RICH Header

XOR Key 0x6a265268
Unmarked objects 0
C objects (27412) 12
ASM objects (27412) 10
C++ objects (27412) 151
C++ objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 44
C objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 16
ASM objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 9
Imports (27412) 5
Total imports 93
C++ objects (LTCG) (VS2022 Update 2 (17.2.5) compiler 31332) 3
Linker (VS2022 Update 2 (17.2.5) compiler 31332) 1

Errors

<-- -->