| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2075-Aug-05 12:37:31
|
| Detected languages |
English - United States
|
| Comments |
|
| CompanyName |
|
| FileDescription |
AX
|
| FileVersion |
1.0.0.0
|
| InternalName |
AX.exe
|
| LegalCopyright |
Copyright © 2021
|
| LegalTrademarks |
|
| OriginalFilename |
AX.exe
|
| ProductName |
AX
|
| ProductVersion |
1.0.0.0
|
| Assembly Version |
1.0.0.0
|
| Suspicious |
This PE is packed with Themida |
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found: .imports
Unusual section name found: .themida
Section .themida is both writable and executable.
Unusual section name found: .boot
The PE only has 2 import(s).
|
| Malicious |
VirusTotal score: 29/67 (Scanned on 2021-10-16 03:18:23) |
Bkav:
W32.AIDetect.malware2
Elastic:
malicious (high confidence)
MicroWorld-eScan:
Gen:Variant.Zusy.394638
ALYac:
Gen:Variant.Zusy.394638
Cylance:
Unsafe
Sangfor:
Trojan.Win32.Save.a
CrowdStrike:
win/malicious_confidence_60% (D)
Symantec:
ML.Attribute.HighConfidence
APEX:
Malicious
BitDefender:
Gen:Variant.Zusy.394638
NANO-Antivirus:
Virus.Win32.Gen-Crypt.ccnc
Ad-Aware:
Gen:Variant.Zusy.394638
Emsisoft:
Gen:Variant.Zusy.394638 (B)
McAfee-GW-Edition:
BehavesLike.Win32.Generic.rc
MaxSecure:
Trojan.Malware.300983.susgen
FireEye:
Generic.mg.780c64adafac76b2
Sophos:
Generic ML PUA (PUA)
SentinelOne:
Static AI - Malicious PE
GData:
Gen:Variant.Zusy.394638
Avira:
HEUR/AGEN.1144635
Gridinsoft:
Trojan.Heur!.032104A1
Arcabit:
Trojan.Zusy.D6058E
Microsoft:
Trojan:Win32/Sabsik.FL.B!ml
Cynet:
Malicious (score: 100)
MAX:
malware (ai score=84)
VBA32:
BScope.TrojanDownloader.MSIL.Pasta
Rising:
Trojan.Generic@ML.98 (RDML:Hy9so8iDo6FPWCO5bIJEuQ)
BitDefenderTheta:
Gen:NN.ZexaF.34218.@F0@a8I!6sli
Qihoo-360:
HEUR/QVM19.1.A2B3.Malware.Gen
|
| MD5 |
780c64adafac76b2663aa8ca25ad41b0
|
| SHA1 |
6c673a2ba8b83f1fcd9a6577bc5f32d12668dc68
|
| SHA256 |
89a153619f4c4bb59ff2bea09042489de9e5208cee611a99fb7f52bddcb69693
|
| SHA3 |
6f82550f4dcef26b8e3187f41890b74a432dbaef1a43c6de1f2caaa7ce91c85c
|
| SSDeep |
98304:uttGIpmwqhlCmnpgTiZ0lko2JK4WfPW0SLeEdrKshtTWUdSM8T:OtG0mwYlC+uTiIko2Jr4ceCrK6htQHT
|
| Imports Hash |
4328f7206db519cd4e82283211d98e83
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
7
|
| TimeDateStamp |
2075-Aug-05 12:37:31
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32
|
| LinkerVersion |
48.0
|
| SizeOfCode |
0x7400
|
| SizeOfInitializedData |
0x1a800
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0074E058 (Section: .boot)
|
| BaseOfCode |
0x2000
|
| BaseOfData |
0xa000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x2000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0xbe4000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x4b9b0b
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
a6d405a187ef987f40ae308bd9735a58
|
| SHA1 |
adee0ad06e7ce60b944781881804376ac582ec78
|
| SHA256 |
e12d7162e3fa13ca0c206ef6fd6913acf6278c9fba627273bed77888b8e72f61
|
| SHA3 |
4fb399a4d63e0beb24067d8df6087206c9258c2f6c7186b0a13985944c706a92
|
| VirtualSize |
0x8000
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0x2ee8
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.932
|
| MD5 |
a71053ebe60c41e15d4c337e4dfcb446
|
| SHA1 |
b3fd99dae1bf505824a7cccdad0e7fd8572ac5ac
|
| SHA256 |
40093ee6bd5758a0907cafde10bb6ecd3d7fb29cb044069f359f9a323bce11d9
|
| SHA3 |
19d76936c5ba8f75ae1484291c50ac9e5d5e35e7b9cd1043877ec2da70588a8c
|
| VirtualSize |
0x1a550
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x2c0d
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.92973
|
| MD5 |
e6e108ed26fa11fa5eb9bd0ba8bd487f
|
| SHA1 |
216059e7f8ce77dda15876d62ab56fb537793548
|
| SHA256 |
9c689b144d653ac8f96c9429fc962b09022cce739ce3c33287a4fd442f0cd27b
|
| SHA3 |
679fd569aeb79d68454736f1ab520bbf564b00974596b52f027d434d28266d44
|
| VirtualSize |
0xc
|
| VirtualAddress |
0x26000
|
| SizeOfRawData |
0x10
|
| PointerToRawData |
0x6200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
4
|
| MD5 |
83d5cbc2b9753e75d2d94ec0a6838f7f
|
| SHA1 |
107bb2a2345f04a40fcfa5907472f41f257a1aef
|
| SHA256 |
caf30607444d783bd6fb90f219850e1c4a4db19fc190566bb77d6143af8b9782
|
| SHA3 |
724da9fc8a84040cbfbfa8f1d88e08486d738ea452937b1b30b6320d933f7e1a
|
| VirtualSize |
0x2000
|
| VirtualAddress |
0x28000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x6400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
1.14055
|
| MD5 |
0a43ce01b36cde31ea2e89977d0c7fbd
|
| SHA1 |
4a934b7d7ed0ed4c174bbee729b8290866d763a7
|
| SHA256 |
dd195df2672bce46ccd73da7255433c9907d6a47d578225f8e5ddce27ed4b14d
|
| SHA3 |
7d5e2ebf31ae890999e53410652296862a7dd8a7d9c2bd10a94b58c44c7495ac
|
| VirtualSize |
0x1a600
|
| VirtualAddress |
0x2a000
|
| SizeOfRawData |
0x1a600
|
| PointerToRawData |
0x6600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
1.95392
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x708000
|
| VirtualAddress |
0x46000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x20c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
ff0fa185996874adba436e8ab08e59f2
|
| SHA1 |
01d9b4239157b358af75f4ba48221000ad3f5fc2
|
| SHA256 |
d1b15437495affca8a0d2f6168d655349e66672c0d5c7ae986695045315af6c2
|
| SHA3 |
0796a241738093a00f866947a2685f76d2c1e6f7916d9a62f53324500a57dd8e
|
| VirtualSize |
0x496000
|
| VirtualAddress |
0x74e000
|
| SizeOfRawData |
0x495f24
|
| PointerToRawData |
0x20c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.95386
|
| kernel32.dll |
GetModuleHandleA
|
| mscoree.dll |
_CorExeMain
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0xe80
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.73809
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
9d4ede7c4519ecc0fb9bf39304e02598
|
| SHA1 |
622d58d3e06040b10c61a7ef110e6cc027af92b2
|
| SHA256 |
ca61bca8633099239820f103b32720584f5d5f1afeb3beeeca3d89156a425b89
|
| SHA3 |
82a98dd06b23d0e802212243e817cc19885b3c4df17aa25087e3e0070fe19731
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.06703
|
| MD5 |
6b947603bb5187c076d1f9ef63aa33b6
|
| SHA1 |
be7768b1072bb1429435bb3f3a3ab65875dfb43f
|
| SHA256 |
3927bc85d74f6f666301bb1deabdfa9e5f91b042f1f267975b239d7ad8057f45
|
| SHA3 |
9057317e356ef7c5530528e8b3affd2ceb85686ff8828426ca19e3fcd124ed4f
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.36557
|
| MD5 |
7e85be5956cc70b0990b85683bd8f3e4
|
| SHA1 |
65cf3114269c6fa2c6e8eaf5a586141e37f79821
|
| SHA256 |
bedfd3c6bb70bff0b220f3d74e6e8ec3f537ebdbad5aa9fbde8a1a6d84e6f496
|
| SHA3 |
60bbc2e1b4940ff38d772e24b8249ea969e790163b4e506b70e4a40caccfadd3
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.71933
|
| MD5 |
c86b0a1eb24b8dbe58b95eac452e11ed
|
| SHA1 |
6cfc926308a2eb26ff4dea3e1cb254e882fef5fe
|
| SHA256 |
6dc67090ea85fcf443afe0fbdedf212cbc2a9c7acfe593fdd04240906a90af59
|
| SHA3 |
7b0d5e65e2eaa974fbfe85e770b4593863fd7c0ac620f1213f25fc088bdef01e
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.75441
|
| MD5 |
ddc8f9edc5e4020b0f33327f14442f75
|
| SHA1 |
f0e0f3ae01b7f65b74f4b6781b1a229cbb654f2a
|
| SHA256 |
1284dbc7fb1acbbbdc0d5641f7c5b2d69a6bdabca51d7dcee9e47dc740b3c90a
|
| SHA3 |
36d05d5781280e34f746bcd9119f4028722abf9abd4eeb6bdcf693ef4a01563a
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.54621
|
| MD5 |
0a5ccee55dd7a3fe05450e25b203903d
|
| SHA1 |
c2996de00be9dd6df1f86a607a8e5b487d12f529
|
| SHA256 |
659731a1eeefda901a7abde91ab5290628964f15c39b85233d9a68f6b9f93c7e
|
| SHA3 |
1d46584f0ef8b3f917c011b6d3496a373de16ae94d2e97d4c776f288361aba7a
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.76847
|
| Detected Filetype |
Icon file
|
| MD5 |
391988bc2dc9f8a551e9852ad9ee31fe
|
| SHA1 |
4d4ab5ad4bdfb596d05190e3b5306854b8613a7a
|
| SHA256 |
dd821befdac1a3a4dbb99634bcf6061cc72f977fc38ae5b5d846bbd3fc555c04
|
| SHA3 |
c7eba625a34700b79eac25b734698aef0f8cd461adddab64adf26ae6495e3493
|
| Type |
RT_VERSION
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x2ec
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.23401
|
| MD5 |
033d09741c68b5ba8f47f9b939d83461
|
| SHA1 |
21651b8eccfde75b0c436f0da361cb3013817d06
|
| SHA256 |
62727571effaf74d586e966fc76a2f0030c0ef5184deac412f6b45d5432a8f37
|
| SHA3 |
eac5bb3bb857637baed5111746395fe49a90034e252e04a0906cccb73c49f5ae
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xc59
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.01754
|
| MD5 |
3eecffaa6da77e053e6898ae832540f2
|
| SHA1 |
1afc668f2ee8241073a9046aaa0216bfa2fa38d9
|
| SHA256 |
85c41bb23dbb569b6cec2ffadecc8399b799d5c606c489480877a48b3e11cfc9
|
| SHA3 |
d4d3e1449af20e9c355141708dbb231adc619f5abd6287f1bb5fdcd61f19d370
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.0.0.0
|
| ProductVersion |
1.0.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
UNKNOWN
|
| Comments |
|
| CompanyName |
|
| FileDescription |
AX
|
| FileVersion (#2) |
1.0.0.0
|
| InternalName |
AX.exe
|
| LegalCopyright |
Copyright © 2021
|
| LegalTrademarks |
|
| OriginalFilename |
AX.exe
|
| ProductName |
AX
|
| ProductVersion (#2) |
1.0.0.0
|
| Assembly Version |
1.0.0.0
|
[*] Warning: Section .themida has a size of 0!
780c64adafac76b2663aa8ca25ad41b0