78c063581e267910187491a31b761f77

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jan-02 17:30:13
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • www.java.com
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
  • LoadLibraryExA
 Can access the registry:
  • RegEnumKeyExA
  • RegOpenKeyExA
  • RegQueryValueExA
  • RegCreateKeyExA
  • RegSetValueExA
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessA
  • CreateProcessW
 Can create temporary files:
  • CreateFileW
  • CreateFileA
  • GetTempPathA
  • GetTempPathW
 Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
 Can shut the system down or lock the screen:
  • ExitWindowsEx
Info The PE is digitally signed. Signer: B\xC4\xB0L\xC4\xB0\xC5\x9E\xC4\xB0M VE B\xC4\xB0LG\xC4\xB0 G\xC3\x9CVENL\xC4\xB0\xC4\x9E\xC4\xB0 \xC4\xB0LER\xC4\xB0 TEKNOLOJ\xC4\xB0LER AR\xC5\x9E.MRK.B\xC5\x9EK.LI\xC4\x9EI
Issuer: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Suspicious VirusTotal score: 1/69 (Scanned on 2021-02-15 08:42:44) Zillya: Exploit.Generic.JS.327

Hashes

MD5 78c063581e267910187491a31b761f77
SHA1 e2d932533fe11c2dfdbbc657b454ddcb4d71e567
SHA256 6db6ce14a7a932f4594674474dac997bff469ad87b1201c55a6530e9eca5bdf1
SHA3 b3fd82b40c0422ffbeeaf2b4802a28afb66f78206de5cd9356bf5093d6ea425b
SSDeep 6144:VS3wSQgi0pQmklMM/p1NWtOozUpKG/J/7vHGSTz/EVxNLkbAqt3uvkZn9mAdVF5O:VS3pQgpkl/R+OYEKG5blzMy+v0n9ndjI
Imports Hash f52fb9dce02483c8e76c06d79147ac0c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2020-Jan-02 17:30:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x30e00
SizeOfInitializedData 0x37e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001AE00 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x6d000
SizeOfHeaders 0x400
Checksum 0x64658
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6ee59f56f8147e3683ac76b415b06284
SHA1 a3506068fcc01d4ca47c70f2acc90bc4126adf37
SHA256 64fb6e62a6e962fe5260f1dc0dc4cb59c0405321a930b27c605a18c5eb4ee7c4
SHA3 32e6d0a6cb3a357e620f9e18d5e1ec3125d2e979b940b735d99419a1fa228e59
VirtualSize 0x30dfe
VirtualAddress 0x1000
SizeOfRawData 0x30e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.4167

.rdata

MD5 62c2011d32e7da21aac31bb7f7d87328
SHA1 4615bd596b70011b66ea57422ca7f986f0054a5b
SHA256 a87634087ba904bda12f72240410f2c23d52f46ba04a975baa1af3a700b5274f
SHA3 b033e12314aad7fc87a0b42bf8c700c24c5e8d8806a383a7bdc2409d63e8c909
VirtualSize 0xc72e
VirtualAddress 0x32000
SizeOfRawData 0xc800
PointerToRawData 0x31200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.93245

.data

MD5 5869d1c621f5e62dea630eae7f71e4b1
SHA1 d7221d2e3a79b11bedb30bb0d9ee502e20fdc529
SHA256 b5e61100aaa9d56e8b3d2d44191d058038b23ac14e2361053a2efd50b182dcbb
SHA3 6063d62e5b5bc67b4ad90cc612453e48a70b6ed339563b864046c82713373197
VirtualSize 0x11904
VirtualAddress 0x3f000
SizeOfRawData 0x2400
PointerToRawData 0x3da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.42684

.pdata

MD5 aff7136ff197498e424f85e01712d31e
SHA1 e79fe7a61475c53846deee7a38c64f18192df5ef
SHA256 3ce2d92326870a30e1840366d9e1419a57f0e4332d90c89698f57ef5035c3ce6
SHA3 709018b3dedd35e4a7718023ea05de454fc8b65a1b80fb2227281562edf38054
VirtualSize 0x2184
VirtualAddress 0x51000
SizeOfRawData 0x2200
PointerToRawData 0x3fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.45419

.rsrc

MD5 377b5e3f1a2c5b694194b0a89fe8b9b7
SHA1 ab28dd9bd858a098f00057d875b410d9d8017cf0
SHA256 f611419ca2634ff4b566e29f1bf0f6f891c64971dcceefea962e7a489e5f5a67
SHA3 45ae8c46f831fa1b13166e6b0773fb5f8d52e44f89c09f6d80237e0b40b12c3b
VirtualSize 0x17200
VirtualAddress 0x54000
SizeOfRawData 0x17200
PointerToRawData 0x42000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.84444

.reloc

MD5 0d2dc4430beb37fe857f6112214268aa
SHA1 11e1f41e194e79372c637914b99f5adf15b88fcc
SHA256 5e187010a4fda78e25fcea17dae1aa7afece5e8cc15775d0f5d96678aab3eb46
SHA3 aae731b09b4cf077cb50fe469b31095a0e7baa29a6ad50143e964e8ee0351a45
VirtualSize 0x6f4
VirtualAddress 0x6c000
SizeOfRawData 0x800
PointerToRawData 0x59200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.64706

Imports

USER32.dll SetForegroundWindow
MessageBoxA
ExitWindowsEx
EnumWindows
IsIconic
ShowWindow
MessageBoxW
GetLastActivePopup
IsWindowVisible
GetWindowThreadProcessId
MonitorFromPoint
ADVAPI32.dll LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
ole32.dll CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
GetHGlobalFromStream
CoUninitialize
KERNEL32.dll GetStringTypeW
GetStringTypeA
LCMapStringA
SetStdHandle
InitializeCriticalSectionAndSpinCount
HeapReAlloc
QueryPerformanceCounter
GetTimeZoneInformation
GetLocaleInfoA
CompareStringA
CompareStringW
SetEndOfFile
WriteConsoleA
CreateProcessA
LCMapStringW
HeapCreate
HeapSetInformation
IsValidCodePage
GetLastError
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetProcAddress
LoadLibraryA
GetUserDefaultLCID
CloseHandle
CreateFileA
CreateDirectoryA
FlushFileBuffers
WriteConsoleW
GetFileType
GetStdHandle
GetLongPathNameW
ExitProcess
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
MultiByteToWideChar
AreFileApisANSI
FindFirstFileW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
SetHandleInformation
CreatePipe
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GetCurrentProcessId
GetLongPathNameA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetTempPathA
GetEnvironmentVariableW
GetTempPathW
GetTempFileNameA
GetFullPathNameW
GetFullPathNameA
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetExitCodeThread
WaitForSingleObject
CreateThread
GetConsoleOutputCP
DuplicateHandle
GetCurrentProcess
SetEnvironmentVariableA
GetProcessHeap
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersionExA
SearchPathA
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
GetMailslotInfo
CreateMailslotA
GetCommandLineW
CreateSemaphoreA
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalUnlock
GlobalSize
GlobalLock
GetTickCount
AllocConsole
GetModuleHandleA
LoadLibraryExA
SetEnvironmentVariableW
SetCurrentDirectoryW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CreateDirectoryW
RemoveDirectoryW
HeapAlloc
HeapFree
DebugBreak
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
GetModuleHandleW
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
SetHandleCount
GetCPInfo
GetACP
GetOEMCP

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2840
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9005
Detected Filetype PNG graphic file
MD5 4b5cb71b77569a2c69bcf249347f3444
SHA1 90325595a61015422e66d88a53dbbd9ace2c4b98
SHA256 7d87ae76fe120fa3d94e3c5999033f075c17ad4280ccf54075e325d17ffb380a
SHA3 76a27fa58323fda1e241adf073cb505b30ab7f20c07001a56d3c99477b5199e9

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.47406
MD5 138929c54be780abde61064a038dc44c
SHA1 364a23769326d11de139f1529c2185721ccea046
SHA256 fff64839d82beccbe40f7e3b74e2d0a50e8b97a64059a721d54d12e236b0b65f
SHA3 e770a6e6259b116933c3fa695cf282b8c75f164e1e3b33cd30c57619905d5892

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.666
MD5 6fed7f71bf9def0da18ed8e6ec04b90f
SHA1 acf2e08eaa28274b023c1dab7e5a972f69b62504
SHA256 4e744b3685581d573e3ad5b53188061efdbd82a0f6fea670a9140d12dae0ea95
SHA3 96f7f288617c6b9d5372fe038647d150e810ca89c9ef1f092fa42f63ea7f88a5

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.68558
MD5 129b2de3703ce938162186f373950572
SHA1 8a9a9998d935efa43f6fbd6245f3ba8604e96bbc
SHA256 0de7202c707d2a6c72eb55df40ab15d74bef11d6356b6fe01ee3e096f20681f4
SHA3 043cee139104e67aed561a8c254be4e89b2fc620165397c8d1997d9f1081c18b

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.56844
MD5 82acb49aec927c81070c6133b6f6a7e8
SHA1 8f3bc5d5db89802139df86ce639a8014c389c7e8
SHA256 03287026ca83a3e4f48f08432c765010bfa131ef28ea3d9de480d8f58b98c5cc
SHA3 07be35554c6dfe035f0946d809a5e9f3bceadfc50d10a3192a94e94e054558bb

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3d33
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.83811
Detected Filetype PNG graphic file
MD5 b989fec8ce7ac87afbae3cdca69497b3
SHA1 d190df4ae5dbe0a102b3d63af78664b5616f8a97
SHA256 59f59c5d080dcca2fdc719be6585c6a2bfaf02c49b4701e9ff3ce07c423bcc8b
SHA3 434e18c17923fd3c83182b0e270784f20f7f2c8820a57f61218ca5f2f6dea974

7

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.82477
MD5 32672f8e644b1b860c2b0846dcd587ad
SHA1 7b771f2f403f5bf35a0752fbf4c1db3e11d2ab62
SHA256 eba259047c7537b41b922f6ea2b861d3e238da5af99234fc27cf0ca67b007d95
SHA3 bc9db4ff15f94e326308e3f8bf9dda4ae15ef0248a5271790e4b9ecebbb9edf7

8

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.30507
MD5 1af396a75e9e7a06682566926b4b2a8f
SHA1 695eeb7ea11f35124fc27ba053e51a9cf40d6431
SHA256 efbce4099e7a1acab0fad9264be8d215390aeff965e66264c0ba5d0ee3036497
SHA3 fe61c11e4fd0a403f4cb30240ed9857c47d8743c304a7ed2197c92b62d661f66

9

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.28414
MD5 8a18e18a4014618e199103ee3c21902f
SHA1 81900542ccf09ba912900bb49195366b6e22f904
SHA256 7875e2d6125f3ba3d0199708d8ca3a10f3f0860c924ae6ae6248f5b0eb0b4035
SHA3 e9c08343883950c84a7b02a436a7b5bc43d8306f73c5a764c4a269fa22a12950

10

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.21872
MD5 1421c6f5ce9a82aeeb91eba6e00f4cdf
SHA1 6aab1c8eee97043c02550082ee8ce442bcdd8cdd
SHA256 b9ddcc016c7caecbb946ca5a1607f7160c44573632e24d476d7126235b503799
SHA3 ee1084ebf6b97f2c80be66befc1078a7798d6f4e5aeb6a6cf23062a24e3a4e93

11

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5492
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.82266
Detected Filetype PNG graphic file
MD5 a09f4e9b57757b63df69ab9868ab8ced
SHA1 c3129e48566727c32ae4527905871e3392d7a8e5
SHA256 4ec944cd225d7b8ca3561565a0242b060596210935fa1a1a66b87eca7c2d9766
SHA3 36f746211af7eac8584aedcba0245497548be81efdd4b6249a72cd7137cbe519

12

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50793
MD5 88bf3e7e49307f6d97f016d2f6b22de1
SHA1 e5e633f72a82bd9e16f9159dd2b126cd684e50df
SHA256 f6a964e842562485ea8a9765899946a52a22db656a430e5c506c1a8c8c6214dd
SHA3 322e8b82032c5651adee0dfa7174d78cd52d4985978ed1763bc071922fa84729

13

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.75651
MD5 ebd29947ddb51133bae823cced6c286f
SHA1 45c03875ae8ef816498488029ef27c787485c169
SHA256 c5995dda79dc0c7a1bb00f6ed782a3fb0c4f977a7b4a8d537f3ce74fa4073c83
SHA3 cd83b7bca2605f9f298ef7669cc6504eba102ccfcd0893e82da1ab18dda1971f

14

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.98609
MD5 587005374e07f2fa234e31ba4739a71b
SHA1 e3ba9b27416189147852923ad0af62096336f895
SHA256 453f27cf621da072983f7f1aa8d746513d9e58308ad5c2f4f69f000c843f3c5d
SHA3 46047e94e58153dc0f3c7a45df777967b5afb8e84fe1910e4000cc76dbe2494d

15

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.25868
MD5 2da50ef84f6d701ab3d65399082c1355
SHA1 24efa86483222705ded0f6d8f181564f843420e4
SHA256 60f9af0b9e6f4922f1a16de5ba68f1377e7d6bd6195b04c6c198172923c5461a
SHA3 0f1047e073ce8260f6231f4cc7d21fdfabc9914b31a0bcfbb56d0259e418b31f

101

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x12e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19761
MD5 238fdd72acad6b08e164c4f6b3308b6b
SHA1 bbc5c30a0040697cb2c2ae3ac8ef4f96b38fb89d
SHA256 cb7a4a8a66eee064a9fb1451870ce7225bb3672ceb3bda74be73c2c893c623c4
SHA3 e0dcd8f763fb5915fbd818274955346254ff9e082c27642c1e99aa6ce95bd299

10000

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x349f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9007
Detected Filetype PNG graphic file
MD5 812539d4f71d34f865375031bfbe8a91
SHA1 93ae313ac9391fb3083ad707bf7ac64bb346eb55
SHA256 08e1c2aaf69ba400836fd14dc9b16dd424d87f866c74f17ef5c095e3625d068f
SHA3 260dadfa7f9bd085d280afbdf4e87b02c770ffc3360ff03d276258655de59a46

1001

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xd8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08097
Detected Filetype Icon file
MD5 a08f60fd25b1ac70bd7c46078d31faac
SHA1 7980306a7a1f8fc910ac8032976d44044c508294
SHA256 82607f6435d1501c8dda167a3e92b6aab8fc58d642ff7ef3bb8e07c97e352eaf
SHA3 3e5ddc73a0db18931dc1bc7872d4a7bd9de8171c1e25142adae290b7339ad45b

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x4e0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.16882
MD5 56c7a92468a36606955971d49e1011fe
SHA1 fcf6faf0cb1d229bba7e029decff58c0472c886b
SHA256 f3bb536b691776c7ee7489a5a3089862d51a38953a52b18e8f8bdfe237b0bdad
SHA3 e212f8b719d2dd6c4d59fa38c328618db35ef4e241fa7c15225a58f163c8ad88

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xf34f603b
Unmarked objects 0
150 (20413) 4
C objects (VS2008 build 21022) 172
ASM objects (VS2008 build 21022) 13
C++ objects (VS2012 build 50727 / VS2005 build 50727) 1
Imports (VS2012 build 50727 / VS2005 build 50727) 9
Total imports 183
C++ objects (VS2008 build 21022) 86
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 build 21022) 1

Errors

<-- -->