Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Jan-02 17:30:13 |
Detected languages |
English - United States
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: B\xC4\xB0L\xC4\xB0\xC5\x9E\xC4\xB0M VE B\xC4\xB0LG\xC4\xB0 G\xC3\x9CVENL\xC4\xB0\xC4\x9E\xC4\xB0 \xC4\xB0LER\xC4\xB0 TEKNOLOJ\xC4\xB0LER AR\xC5\x9E.MRK.B\xC5\x9EK.LI\xC4\x9EI
Issuer: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3 |
Suspicious | VirusTotal score: 1/69 (Scanned on 2021-02-15 08:42:44) | Zillya: Exploit.Generic.JS.327 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2020-Jan-02 17:30:13 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x30e00 |
SizeOfInitializedData | 0x37e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000001AE00 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x6d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x64658 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
SetForegroundWindow
MessageBoxA ExitWindowsEx EnumWindows IsIconic ShowWindow MessageBoxW GetLastActivePopup IsWindowVisible GetWindowThreadProcessId MonitorFromPoint |
---|---|
ADVAPI32.dll |
LookupPrivilegeValueA
AdjustTokenPrivileges RegEnumKeyExA RegOpenKeyExA RegQueryValueExA RegCreateKeyExA RegSetValueExA RegCloseKey OpenProcessToken |
ole32.dll |
CreateStreamOnHGlobal
CoCreateInstance CoInitializeEx GetHGlobalFromStream CoUninitialize |
KERNEL32.dll |
GetStringTypeW
GetStringTypeA LCMapStringA SetStdHandle InitializeCriticalSectionAndSpinCount HeapReAlloc QueryPerformanceCounter GetTimeZoneInformation GetLocaleInfoA CompareStringA CompareStringW SetEndOfFile WriteConsoleA CreateProcessA LCMapStringW HeapCreate HeapSetInformation IsValidCodePage GetLastError CreateFileW SetFilePointer WriteFile ReadFile GetProcAddress LoadLibraryA GetUserDefaultLCID CloseHandle CreateFileA CreateDirectoryA FlushFileBuffers WriteConsoleW GetFileType GetStdHandle GetLongPathNameW ExitProcess RemoveDirectoryA FindClose FindNextFileA DeleteFileA FindFirstFileA MultiByteToWideChar AreFileApisANSI FindFirstFileW TerminateProcess GetExitCodeProcess CreateProcessW GetWindowsDirectoryW SetHandleInformation CreatePipe GetShortPathNameA GetModuleFileNameA GetShortPathNameW GetModuleFileNameW GetCurrentProcessId GetLongPathNameA GetWindowsDirectoryA GetEnvironmentVariableA GetTempPathA GetEnvironmentVariableW GetTempPathW GetTempFileNameA GetFullPathNameW GetFullPathNameA LoadLibraryW FreeEnvironmentStringsW GetEnvironmentStringsW FreeEnvironmentStringsA GetEnvironmentStrings GetExitCodeThread WaitForSingleObject CreateThread GetConsoleOutputCP DuplicateHandle GetCurrentProcess SetEnvironmentVariableA GetProcessHeap SetCurrentDirectoryA GetCurrentDirectoryA GetVersionExA SearchPathA GetSystemTimeAsFileTime EnterCriticalSection InitializeCriticalSection LeaveCriticalSection Sleep GetMailslotInfo CreateMailslotA GetCommandLineW CreateSemaphoreA SizeofResource LockResource LoadResource FindResourceA GlobalUnlock GlobalSize GlobalLock GetTickCount AllocConsole GetModuleHandleA LoadLibraryExA SetEnvironmentVariableW SetCurrentDirectoryW WideCharToMultiByte UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext RaiseException RtlPcToFileHeader RtlUnwindEx CreateDirectoryW RemoveDirectoryW HeapAlloc HeapFree DebugBreak GetCommandLineA GetStartupInfoA EncodePointer DecodePointer FlsGetValue FlsSetValue FlsFree SetLastError GetCurrentThreadId FlsAlloc HeapSize GetModuleHandleW GetConsoleCP GetConsoleMode DeleteCriticalSection SetHandleCount GetCPInfo GetACP GetOEMCP |
XOR Key | 0xf34f603b |
---|---|
Unmarked objects | 0 |
150 (20413) | 4 |
C objects (VS2008 build 21022) | 172 |
ASM objects (VS2008 build 21022) | 13 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 9 |
Total imports | 183 |
C++ objects (VS2008 build 21022) | 86 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 build 21022) | 1 |