749d47679c4f0c555b920f27bd82fda1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jul-08 16:39:28
Detected languages English - United States
German - Germany

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious PEiD Signature: Crunch/PE v5.0
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to SHA512
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Can access the registry:
  • RegCreateKeyExA
  • RegSetValueExA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
  • ShellExecuteA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
  • CreateFileW
Malicious VirusTotal score: 27/70 (Scanned on 2020-08-01 14:56:44) Bkav: W32.AIDetectVM.malware2
MicroWorld-eScan: Trojan.GenericKD.43569675
FireEye: Generic.mg.749d47679c4f0c55
ALYac: Trojan.GenericKD.43569675
CrowdStrike: win/malicious_confidence_80% (W)
Invincea: heuristic
BitDefenderTheta: Gen:NN.ZexaF.34144.KwW@aG5kbuwi
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Paloalto: generic.ml
BitDefender: Trojan.GenericKD.43569675
Ad-Aware: Trojan.GenericKD.43569675
Trapmine: malicious.moderate.ml.score
Emsisoft: Trojan.GenericKD.43569675 (B)
eGambit: Unsafe.AI_Score_100%
Antiy-AVL: Trojan/Win32.Wacatac
Microsoft: Trojan:Win32/Hynamer.A!ml
Endgame: malicious (high confidence)
Arcabit: Trojan.Generic.D298D20B
AegisLab: Trojan.Win32.Generic.4!c
GData: Trojan.GenericKD.43569675
McAfee: Artemis!749D47679C4F
MAX: malware (ai score=84)
VBA32: BScope.Trojan.CryptInject
Rising: Trojan.Occamy!8.F1CD (C64:YzY0OltAkLC9Zi8B)
SentinelOne: DFI - Suspicious PE
Webroot: W32.Trojan.Gen

Hashes

MD5 749d47679c4f0c555b920f27bd82fda1
SHA1 0fd377f5938658a1d79a0cc03f6a1bd1ad7696f3
SHA256 171a0420a3cec326cc2f981b58e2bd76bc2890f2d547cc0857ef21111cf0ca78
SHA3 4fd2bad4f70a49b09cee57b5db8f56ebae35e91741f016f77eed5912225d36d9
SSDeep 49152:sdBAzDyEVG+NOVYYLnvOGzjGHaMDFucSRS+i0OFybk:sdBAzDyEVd8aYLndzjGbvAtk
Imports Hash 3d29730ba24063f116e7a49c97174d36

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-Jul-08 16:39:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x15400
SizeOfInitializedData 0x285600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005258 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x17000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x29e000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4e0eeee09f6599b2ad888a2858a2b1e9
SHA1 8205f7a0aeb3af415a24e4e5e75203c3bf5ec380
SHA256 d2f6981ad4d959605c107752d1c85336d08496484567ecf3d136096b6ac5c874
SHA3 040af8889c209b99937d0b4bed236be27529f7d893a33a2aad5c1bef66199562
VirtualSize 0x1532f
VirtualAddress 0x1000
SizeOfRawData 0x15400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.68443

.rdata

MD5 bfaad22e48bb9a7376e9d95b727bc087
SHA1 7baad50cf06efe8257d167cafdb8a8e693e27163
SHA256 851cc5609786522de12c46fcad201abb9974ae77b070d3807a0b797f79e94437
SHA3 851c62ba01f2c04d08c81f7e347c0b4637d9cdedb7ec039014c4452f8f7301a2
VirtualSize 0xaa56
VirtualAddress 0x17000
SizeOfRawData 0xac00
PointerToRawData 0x15800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.69526

.data

MD5 5ea39557b86737a8cebd3e7f13ac7255
SHA1 486c67eb87773ef1e7faeba67a50afa9b9cc867b
SHA256 a55d90adc6114fc4639c7db7ed4a2fb29c42e324e41929d2876feeba5d71d4e4
SHA3 548e5a4c7d465e43f76b00ba78d5f89afa2949ee6416692223fdf348d0334e9b
VirtualSize 0x268028
VirtualAddress 0x22000
SizeOfRawData 0x25e400
PointerToRawData 0x20400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.62816

.rsrc

MD5 18daee2185af28b74c35ab814e0d6d7a
SHA1 4fb8050ecc48e2ced4d33835077886e067f23714
SHA256 79195f085e81dc35372aa8232fbe09dc9eb63752fce69f09da13d819e5995223
SHA3 d51b12e6e2e7742dd73f2e9bca2c9aa57c839baa2d4f113ff678d331c0e50311
VirtualSize 0x10ab0
VirtualAddress 0x28b000
SizeOfRawData 0x10c00
PointerToRawData 0x27e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.90157

.reloc

MD5 0c05be3b6ef4d4275ca031a33dc384ef
SHA1 62452f06044bddf6128320b4a7a5d55b2a2af186
SHA256 dc5bca4beca4584ce471b1a558565cbceccd4476c2458e6e3810158de22589d6
SHA3 340ec1bedd05572c4c28d341a967d4b8ddac7a43c10a6db8f2f65179fbbb5fdf
VirtualSize 0x1b28
VirtualAddress 0x29c000
SizeOfRawData 0x1c00
PointerToRawData 0x28f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.64317

Imports

d3d9.dll Direct3DCreate9
KERNEL32.dll CreatePipe
PeekNamedPipe
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
Sleep
GetTempPathA
GetLastError
GetFileAttributesA
CreateFileA
DeleteFileA
CloseHandle
CreateThread
CreateProcessA
CreateDirectoryA
SetThreadPriority
WriteFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
DecodePointer
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
LCMapStringW
ReadFile
CreateFileW
SetFilePointerEx
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
WriteConsoleW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
HeapAlloc
HeapFree
USER32.dll RegisterClassA
CreateWindowExA
GetCursorPos
ShowCursor
UpdateWindow
SendMessageA
DefWindowProcA
PeekMessageA
UnregisterClassA
TranslateMessage
GetWindowRect
MessageBoxA
DispatchMessageA
ShowWindow
LoadCursorA
GetSystemMetrics
wsprintfA
PostQuitMessage
ADVAPI32.dll RegCreateKeyExA
RegSetValueExA
RegCloseKey
SHELL32.dll SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteA
ole32.dll CoCreateInstance
CoUninitialize
CoInitialize
WINMM.dll waveOutWrite
waveOutPrepareHeader
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutGetPosition

Delayed Imports

1

Type RT_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86387
MD5 ed7c3c0e64fa74b811a48be2d872c291
SHA1 73a2bf0967763f944cdc0bf4e147036b60d3f25d
SHA256 1529adb5bc6d97e8f84d15e6a715d1fe24cc1b62b19fca33f59a67fe922a956b
SHA3 c71291a2b7688a559fbadc1544137b82777e1a7bf56b25d660db58a4670e253f

101

Type RT_GROUP_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98048
Detected Filetype Icon file
MD5 38388dda6548693f4d42f2241a4218d7
SHA1 78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256 cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3 9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Jul-08 16:39:28
Version 0.0
SizeofData 744
AddressOfRawData 0x207d0
PointerToRawData 0x1efd0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2020-Jul-08 16:39:28
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xb8
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x42202c
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0xe5a28e31
Unmarked objects 0
ASM objects (26715) 21
C++ objects (26715) 141
C objects (28619) 17
ASM objects (28619) 17
C++ objects (28619) 40
C objects (26715) 22
262 (26715) 1
48 (9044) 6
Imports (26715) 15
Total imports 130
265 (28806) 1
Resource objects (28806) 1
151 1
Linker (28806) 1

Errors