7216f12671a5688ead3432492aca5fd9

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Jul-16 18:56:51
Comments Poseidon.xyz
CompanyName Poseidon.xyz
FileDescription Poseidon.xyz
FileVersion 1.3.5.9
InternalName Poseidon.xyz.exe
LegalCopyright Poseidon.xyz
LegalTrademarks Poseidon.xyz
OriginalFilename Poseidon.xyz.exe
ProductName Poseidon.xyz
ProductVersion 1.3.5.9
Assembly Version 0.0.0.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • Poseidon.xyz
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious The PE is possibly a dropper. Resources amount for 81.0762% of the executable.
Malicious VirusTotal score: 18/68 (Scanned on 2021-07-19 11:51:25) Elastic: malicious (high confidence)
DrWeb: Trojan.PackedNET.87
Cyren: W64/MSIL_Troj.BCG.gen!Eldorado
Symantec: Trojan.Gen.MBT
ESET-NOD32: a variant of MSIL/Kryptik.ABXB
APEX: Malicious
Kaspersky: HEUR:Trojan.Win32.Generic
F-Secure: Heuristic.HEUR/AGEN.1143066
FireEye: Generic.mg.7216f12671a5688e
Avira: HEUR/AGEN.1143066
Microsoft: Backdoor:Win32/Bladabindi!ml
ZoneAlarm: HEUR:Trojan.Win32.Generic
Cynet: Malicious (score: 99)
AhnLab-V3: Trojan/Win.Generic.C4556418
SentinelOne: Static AI - Malicious PE
MaxSecure: Trojan.Malware.300983.susgen
Fortinet: MSIL/Kryptik.ABXB!tr
Cybereason: malicious.49f456

Hashes

MD5 7216f12671a5688ead3432492aca5fd9
SHA1 ca1316d49f4569609320d5017c4a32b7284e51d4
SHA256 5a2eea391b34738bebaebde0ae4189d94c0cfa8357f84bcb3a59abf3dc99084b
SHA3 2c96971312397bdca39f6872046146400d64ccd4a91e8c4d0a19aeb63208d818
SSDeep 1536:FeIa8xZxXB688aaPl0zF92ZSxRHlrLtSXR+NyDWoqPeYgg/HAXsPUuvDWIIIIoI:YIa6ffjggF920xL6hhs8kWIIIIoIJE
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2021-Jul-16 18:56:51
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x6c00
SizeOfInitializedData 0x1e800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2a000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dbb55caeaac2bdd39d8bc3eabc5e86e2
SHA1 c942c8bfcf75c19a7348a20ac8c5554502ec0241
SHA256 f14e1c49a0316ec773cd959d22f49379fecbd4b9dcc8db741a686a06d1b9bc66
SHA3 2fb64bc9a6c1d5df91cd13cf68e4ff2eb873edb5e707b1ff36fce8db05685998
VirtualSize 0x6c00
VirtualAddress 0x2000
SizeOfRawData 0x6c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.81218

.rsrc

MD5 fc07505e4c62ed625f1a0df3d57e4c66
SHA1 b2109616d067ac956f46baad5627e4f3a2f41fc1
SHA256 33ccbc620394467c05772230baa6c097880ad9e8a9f498a83add8b76bc47b13c
SHA3 a913d877b9d241d3e743494591e737c6fa635c23b7ac893d085e7089c465473b
VirtualSize 0x1e708
VirtualAddress 0xa000
SizeOfRawData 0x1e800
PointerToRawData 0x6e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.85306

Imports

Delayed Imports

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a25
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95884
Detected Filetype PNG graphic file
MD5 f8d82d22a8f9465d281b41774d70a2f8
SHA1 4c812bb7495fc7086a545736b983b324b5302e34
SHA256 ea31c2f58172aaabb38fabca860558832edf0abec8af775bbef3c2c1bbc6e800
SHA3 f1ffc8d576e058177235baa233f5cb379ed6d0314e7ab283a7958ab86c5e554d

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.24839
MD5 9fe4f0f23024e5c830510671afa4b3cc
SHA1 9cd2b1787e276cc679710dc22dffedd67e91e4b8
SHA256 14aeddd16f1e53b186135fda6b65f806e2f0357a4ba22d80de3036eea5abda2a
SHA3 3a036b427ffdb1dad6c5a4a1d19a10d005307dbe2e6b6f68a1e6e994b22e1cab

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.59203
MD5 c565f4910d6749085ef7658c3ff970e2
SHA1 639b1779ef4a76e2c3cd1df089f5856db92a37d9
SHA256 bfe57bc054d26ea376bb3e66b53be3930b5b9bc8188849cc2ca537c58f291160
SHA3 4f8e33bd3d676ea32b47562f8fb1b65e5862bf8e6c4216a227c585a9c34b1484

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.81671
MD5 0cf4efad5b4aebc691152b7c468ef8a4
SHA1 f2a1bc11fb9842ecc578a91713115b6342bac38a
SHA256 0953815c736e549c54b58b5ab21079776b86207fd90d9acb28b0666b1b9752ab
SHA3 fe8fb5fa4dbe4f62844cf73783cb63ab2ad9cb309c154ebe1ae60e8eef066278

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03614
MD5 4e968023d6911d2431421821fe238739
SHA1 137b8aa9915622e30469dce482a69383758177b6
SHA256 768686081bf4086ddfc1185a675fd4d123fa2010873a5f38432c5e08c2542dde
SHA3 7588181efe7ea81debd7fce8a4a00372d5d8f5f909d1babde322f3524587f3e6

7

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.61297
MD5 c411f3aa6ca740c294a90757ee73ad96
SHA1 956c6c5942cf019ace733a687074d6c6d6efb150
SHA256 b8f822ae1adb279a58a408a2f99379470a3eedbe344b3ceab117722fed373ba4
SHA3 f92d02c67e5b86a00b5efc4534c52b074649b6cda86c7d87a29a39690cd59330

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.82718
Detected Filetype Icon file
MD5 f482f20d780f409ec74b1ce2c56c526b
SHA1 09a1a56c2cb427e313f9b11adb1979811dcd8f95
SHA256 10668d7c5dcd2a83a02a0a038067570d010bec9be5fdb4a9a4aaaa08da64b27d
SHA3 23a5bd35da0c1540d0fc7f132b05e02c0e685a872eb4327d5c8e666bb1fab911

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x37c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30805
MD5 977ca24380e4723a65177c0a0127f3d8
SHA1 c2ee8e5adfb5961779dc1a338e851df6a299331a
SHA256 25dac4c3dea3437e52ef76158d2b8e44cabe613834acd3873449872faa9a87cd
SHA3 0377f7737280ddadabc385ec48fb82b65e16d2cef5fda2c953052de67c3f649a

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1d3
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89888
MD5 e9ea7a1494fb420a415a29ff3a42b399
SHA1 a277636a2b548b32f7575cb059fb9264405bd04a
SHA256 82b9dbf8573e9731dad6865117571921772484a75850121e2f6503c3ebb48b30
SHA3 a70d84641fbaf19080dcd1de18f02ae5515aded33da4b45f79c16a6a4c52d675

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.3.5.9
ProductVersion 1.3.5.9
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Poseidon.xyz
CompanyName Poseidon.xyz
FileDescription Poseidon.xyz
FileVersion (#2) 1.3.5.9
InternalName Poseidon.xyz.exe
LegalCopyright Poseidon.xyz
LegalTrademarks Poseidon.xyz
OriginalFilename Poseidon.xyz.exe
ProductName Poseidon.xyz
ProductVersion (#2) 1.3.5.9
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->