740db825ceed7b49538024a506e2bb1a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-May-16 17:10:12
Detected languages English - United States

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to AES
Info The PE contains common functions which appear in legitimate applications. Can create temporary files:
  • GetTempPathW
  • CreateFileW
Suspicious VirusTotal score: 2/65 (Scanned on 2018-05-23 11:40:00) ESET-NOD32: a variant of Win64/Kryptik.BJT
Paloalto: generic.ml

Hashes

MD5 740db825ceed7b49538024a506e2bb1a
SHA1 f4c52e920d351e60cf4abc0a9d29d1b53e2cf9d5
SHA256 393567d3193d6f2f1872306b464f1f77bf33a12064e283c30f3a8135783cf33d
SHA3 805c7006f6a330c8394ad43f69dc4d1b58a60c5d30750b9bed00e6b2555089ae
SSDeep 98304:2zPU2UrZYieTkoEmHst7W39x375H4uGc01DDBSzybulPiiom4+wGB3b8n7attZw:2zilWkoEmHO6j75Y2t4O3bwGB367avZ
Imports Hash 07d4c6f3c0804e07e6843c7005c4c7a0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2018-May-16 17:10:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x37400
SizeOfInitializedData 0x54ce00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000037048 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x589000
SizeOfHeaders 0x400
Checksum 0x589c3c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3351c9b685858a86585dd8cc6085c2a8
SHA1 89ec352ca87708253c28033a41d511e8278fba65
SHA256 8d330f584d31b448f30821eaf3de7c0f3be8663b9cec9597c5a49180019fb177
SHA3 1af7d8dd240135159e1374256256a282dc95b7cc9c245d1dfb990d57aed9d9e3
VirtualSize 0x373fa
VirtualAddress 0x1000
SizeOfRawData 0x37400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.32803

.rdata

MD5 714b8b4a248c1369a341da421ce97682
SHA1 dad2a7b5b83c99b0779a95c7c612609f5df66265
SHA256 e6fb7fc7a5343ae65958f5185b0ca0eb44ef0266698aea6d37a2c973b2def729
SHA3 42efddae3d5c17b1d1888719ebe8e1c4849ca7020e0a7fc9adffea07f03968c3
VirtualSize 0x53f6
VirtualAddress 0x39000
SizeOfRawData 0x5400
PointerToRawData 0x37800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.61649

.data

MD5 e8568bb8b611e1d9cd69c0968c71890d
SHA1 0b586ff2749e45092d7364e95e9a18d4e1c4f853
SHA256 0561738667903bbe97d727cf4574f258f27b3c6bdbcbb3ab04955344dae68811
SHA3 72994a8bacac9fd41192b56769c1d225c840ad0a436ea4c90fd2ced6fed91779
VirtualSize 0x52dd58
VirtualAddress 0x3f000
SizeOfRawData 0x52d200
PointerToRawData 0x3cc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99793

.pdata

MD5 f23c62450d45076b77aca7ff037b201d
SHA1 971d40d4d10802d7ae66538ad98471a431dde250
SHA256 a900126638f1d6a6636c42d80f210200ffce4cfe74a11a9f60dec0e71a235845
SHA3 9da7b492dfdd93a1c820d385f84e4dec8652307c67ef2b3d4da5128366eda498
VirtualSize 0x5dc
VirtualAddress 0x56d000
SizeOfRawData 0x600
PointerToRawData 0x569e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.80821

.rsrc

MD5 0ca395a90558061bd3f044909eeb6788
SHA1 721c609ddff283200b6a6afbc7f424131a0a6814
SHA256 438c39bf675e9fe185edb2950155b501ac951155989aec05355c0c62b62cf040
SHA3 c4de87dbd4540cd5198bbfb3e35c4769ef3257def862a126670ab8b9a6606e71
VirtualSize 0x18974
VirtualAddress 0x56e000
SizeOfRawData 0x18a00
PointerToRawData 0x56a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.14189

.reloc

MD5 6aaac9e61073ca19704acc891002daaf
SHA1 0b39628f4a871db3a1c82a08792c86ee9173de1e
SHA256 7b88e92b1cde6e8e38de121c3f2b2ca03f5be8b1807c37b56394047c6aae8eab
SHA3 5a7f3e437ecb6d974b2361bfb98a075fa9961d511e0799f6d1caf9534329f94d
VirtualSize 0x17c4
VirtualAddress 0x587000
SizeOfRawData 0x1800
PointerToRawData 0x582e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.818412

Imports

KERNEL32.dll TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
CreateMutexW
GetProcAddress
GetModuleHandleW
CloseHandle
GetTempPathW
CreateFileW
GetFileAttributesW
Sleep
WaitForSingleObject
GetStartupInfoW
GetSystemTimeAsFileTime
SHELL32.dll ShellExecuteExW
MSVCP90.dll ?deallocate@?$allocator@D@std@@QEAAXPEAD_K@Z
MSVCR90.dll __crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
free
_errno
_wremove
_beginthreadex
rand
srand
??3@YAXPEAX@Z
wcscat_s
realloc
wcscpy_s
_time64
malloc
__wgetmainargs
memset
__CxxFrameHandler3
vswprintf_s
??2@YAPEAX_K@Z
memcpy
__C_specific_handler
_amsg_exit

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11772
MD5 4b22be9ccbaa792a63fe88198416fb5d
SHA1 50b8df12b1322600d9aa8487670cb58c9c2a7586
SHA256 048938c16d9bb88eff46a3f093d10763ed1fceaba17174a0c8a749d17eaa300a
SHA3 3dac45e4413976b96d4fbc0158f4e97a5e89217455e21e6b8c7ccc30a842ee1e

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.12031
MD5 d57efa796e9b603db2a673f5dbad68f7
SHA1 bc230929a3cd9df9b44fedf4dd89aa3cf073adbd
SHA256 cef5d43b3ac7c96a03011c27b011089be1a81a6395edf73068dba0ce522fd528
SHA3 4c8a0739a4bc2ac17830c8f6a31f04d0d99b3026e4d40784da844a7546cead3c

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07444
MD5 b5d2f1a4262f42d6286c6dffbb356b22
SHA1 f6adf717f27aeaf5075f3438dfbae8f838e3ac37
SHA256 1a3e3d07a72e3132c92233306a2d127233b270a46d65fd24ca1c8c2f0587b38a
SHA3 da867884b2f1f0814dd807ddccae4d8a13f747cdaa2bf3e8a541de4c30c1a337

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05267
MD5 93b69f61cdfc5486f8863cd9a2ff9736
SHA1 d6acb1f170cfd3303e3df31c47fe9a982b0fa3ea
SHA256 21777c4c37ab04229fab5a102e94fd04043660867b89cc92be43d98f87601614
SHA3 1fee613fe249fedff8420847829c6c72a99bca79d7d8a3e5e12868a138614fac

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.72397
MD5 43c2e7139d7b29cb10ea4e5e03160f27
SHA1 664a78c1430d85f501de07f7a15212e478c9087a
SHA256 396bf06965d57ef09504012ebd718de46d14f6372f341180748db58aa532eb9f
SHA3 b944dd48ec64919438bbc062dcdf8e1722f619958f992937270c9ee77ed17b8b

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80283
Detected Filetype Icon file
MD5 bb11c33e1e7c18c93b1daebf917db10a
SHA1 a02231aec32333fb1310fd97c4e526fef629c484
SHA256 fa7f68bdca34eab3f91938ab3bd14c6d88eac0830b2e2436dcfc5e6b90824157
SHA3 56991989e1c08a34e3a26292c919258176e47d071e4e7e9f51b072bf8e39aa4b

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x263
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.01316
MD5 9758a0b6310d07bc7ac001de4e150f64
SHA1 baf4ab78cca64d1a26d3c039596e9fa069c2df83
SHA256 a941978cb58a6ecbbc0e813c5a4188738471f48eed6224bc3595e4c0c426cfb4
SHA3 e039b1e374ca5004012f5821e1331ed92a530672b43ed57a03e93cdd2af2e530

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9b4ad896
Unmarked objects 0
150 (20413) 1
ASM objects (VS2008 SP1 build 30729) 2
Imports (VS2008 SP1 build 30729) 4
Imports (VS2012 build 50727 / VS2005 build 50727) 19
Total imports 235
C objects (VS2008 SP1 build 30729) 20
C++ objects (VS2008 SP1 build 30729) 59
138 (VS2008 SP1 build 30729) 2
Linker (VS2008 build 21022) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->