Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Oct-12 03:41:32 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | Ubisoft |
FileDescription | Ubisoft Connect |
FileVersion | 1.0 |
InternalName | Ubisoft Connect |
LegalCopyright | (c) Ubisoft |
LegalTrademarks1 | Ubisoft Connect |
OriginalFilename | UbisoftConnect.exe |
ProductName | Ubisoft Connect |
ProductVersion | 2.0.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE is possibly packed. | Unusual section name found: .12u3uQW |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 101 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 38/69 (Scanned on 2021-10-13 19:07:35) |
Bkav:
W32.AIDetect.malware1
Elastic: malicious (high confidence) McAfee: GenericRXAA-AA!781EE529966B Cylance: Unsafe Sangfor: Suspicious.Win32.Save.a CrowdStrike: win/malicious_confidence_60% (W) BitDefender: Gen:Variant.Razy.952886 K7GW: Trojan ( 00588b5b1 ) K7AntiVirus: Trojan ( 00588b5b1 ) BitDefenderTheta: Gen:NN.ZexaF.34214.wy0@aSKAgFdk Cyren: W32/Kryptik.FLC.gen!Eldorado Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/Kryptik.HMSW APEX: Malicious Cynet: Malicious (score: 100) Kaspersky: HEUR:Trojan-PSW.Win32.Reline.gen MicroWorld-eScan: Gen:Variant.Razy.952886 Avast: Win32:Trojan-gen Ad-Aware: Gen:Variant.Razy.952886 Emsisoft: Gen:Variant.Razy.952886 (B) DrWeb: Trojan.Siggen15.22471 McAfee-GW-Edition: BehavesLike.Win32.Generic.fc FireEye: Generic.mg.781ee529966b0e09 Sophos: Generic ML PUA (PUA) Jiangmin: TrojanSpy.Stealer.fvc Microsoft: Trojan:Win32/Sabsik.FL.B!ml Arcabit: Trojan.Razy.DE8A36 ZoneAlarm: HEUR:Trojan-PSW.Win32.Reline.gen GData: Win32.Trojan.PSE.1IOO1LR AhnLab-V3: Trojan/Win.Generic.C4695927 ALYac: Gen:Variant.Razy.952886 MAX: malware (ai score=80) Malwarebytes: Spyware.PasswordStealer Rising: Trojan.Generic@ML.98 (RDML:d5Cb7x0I+2w18WpZG2CKvg) SentinelOne: Static AI - Suspicious PE Fortinet: W32/Kryptik.HMSW!tr AVG: Win32:Trojan-gen Qihoo-360: HEUR/QVM20.1.95C7.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2021-Oct-12 03:41:32 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x29000 |
SizeOfInitializedData | 0x30400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000704D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x2b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x5c000 |
SizeOfHeaders | 0x400 |
Checksum | 0x628d4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
Sleep
GetSystemInfo GetTickCount GetModuleHandleW FindResourceW GetConsoleWindow CreateFileW HeapSize GetProcessHeap SetStdHandle SetEnvironmentVariableW WideCharToMultiByte EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionEx DeleteCriticalSection EncodePointer DecodePointer MultiByteToWideChar LCMapStringEx GetStringTypeW GetCPInfo QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW IsProcessorFeaturePresent GetCurrentProcess TerminateProcess RaiseException RtlUnwind GetLastError SetLastError InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW GetCommandLineA GetCommandLineW HeapAlloc HeapFree CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetFileType CloseHandle FlushFileBuffers GetConsoleOutputCP GetConsoleMode ReadFile GetFileSizeEx SetFilePointerEx ReadConsoleW HeapReAlloc FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetEnvironmentStringsW FreeEnvironmentStringsW WriteConsoleW |
---|---|
USER32.dll |
ShowWindow
MessageBoxA MessageBeep |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.0.0.0 |
ProductVersion | 2.0.0.0 |
FileFlags |
VS_FF_DEBUG
VS_FF_PRERELEASE
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Ubisoft |
FileDescription | Ubisoft Connect |
FileVersion (#2) | 1.0 |
InternalName | Ubisoft Connect |
LegalCopyright | (c) Ubisoft |
LegalTrademarks1 | Ubisoft Connect |
OriginalFilename | UbisoftConnect.exe |
ProductName | Ubisoft Connect |
ProductVersion (#2) | 2.0.0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Oct-12 03:41:32 |
Version | 0.0 |
SizeofData | 852 |
AddressOfRawData | 0x39100 |
PointerToRawData | 0x37500 |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x43b024 |
SEHandlerTable | 0x438820 |
SEHandlerCount | 37 |
XOR Key | 0xce30c993 |
---|---|
Unmarked objects | 0 |
ASM objects (27412) | 13 |
C++ objects (27412) | 166 |
C objects (27412) | 22 |
C objects (30034) | 17 |
ASM objects (30034) | 21 |
C++ objects (30034) | 74 |
Imports (27412) | 5 |
Total imports | 95 |
C++ objects (30133) | 1 |
Resource objects (30133) | 1 |
151 | 1 |
Linker (30133) | 1 |