7a3d3c9014f1ced410338fbbc5dda493

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States
Comments
CompanyName
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 7/72 (Scanned on 2024-04-02 11:48:14) Bkav: W64.AIDetectMalware
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
FireEye: Generic.mg.7a3d3c9014f1ced4
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Trapmine: malicious.high.ml.score

Hashes

MD5 7a3d3c9014f1ced410338fbbc5dda493
SHA1 282314fa5107c0c194e93c4dfb12332f67a3d82d
SHA256 1e1b76801f694183c1f5129d66c11aad705d86405202694c554047622e546333
SHA3 f38663f7748f5c13cefad6065cd189c4eda5ea638aaffd0a02940419eb7b63c5
SSDeep 49152:IR4ylYzcs9nKUodppdRGhZhCnwpwwazDK5K:IJgcskUo7pqhZhswOlDqK
Imports Hash 6ed4f5f04d62b18d96b26d6db7c18840

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x4b7800
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x1f9000
SizeOfInitializedData 0x7000
SizeOfUninitializedData 0x35e000
AddressOfEntryPoint 0x00000000005578B0 (Section: UPX1)
BaseOfCode 0x35f000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x55f000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x35e000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 9b15f0742ca978178387f05e0c62c416
SHA1 993bd0be61d2fd538216cd16b8e2eeccd11e3046
SHA256 62ede388998fc4fdb2ea0c49dc53b5d210f68c989ca62adbead4b071b0d57513
SHA3 dae711f2028b80a67b9a76e27aebbed02a2417d0af6fd2d3430bdcc47ea6f36f
VirtualSize 0x1f9000
VirtualAddress 0x35f000
SizeOfRawData 0x1f8c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.88828

.rsrc

MD5 ee2fd1085bd099cc9749d664a79425b7
SHA1 f54a41202b0e139a4db10bfc20d19f6a5f5f87bb
SHA256 3e5fd9fd1288ede187f6c4c8becbab4a8b2d65af9cf4c29724facaba78f7d8f5
SHA3 e159d7089a077fafa22690af3ef1d569e68aa8ee1b9f356710c029683ccf2098
VirtualSize 0x7000
VirtualAddress 0x558000
SizeOfRawData 0x6a00
PointerToRawData 0x1f8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87723

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x612c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94805
Detected Filetype PNG graphic file
MD5 0a90dce0d1e261bd802c41b0ef1b8a32
SHA1 632cd7c596310f81d305bfe5ca60cc92197aeca4
SHA256 f697748268d5bb816971d7d517510c7a422d8e06e87594c943e6c702a8ef8544
SHA3 a777cc0cc7957d145e3d7877f4398be20021629c4cb507727fc3e61a8f89733e

APP

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.51664
Detected Filetype Icon file
MD5 56ea8120d543d75df2e77ca45cb7558a
SHA1 371952575f0bf28161088a99f5a3f4d649e42aca
SHA256 b26b908dbda632c2818abc9703dbe7f009ab5ee748d23be0994ae64ad07efc0e
SHA3 b93b675dcad8fa87dea6a3f1c76dd546a3fed1a12d59e355308363113f09eeb4

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01803
MD5 6fe6395c0fbcdb35bc54fccc81e8a222
SHA1 c0f753f85a2f95b026a6005dcd538d3c6bb0a9cf
SHA256 86a89d6ab84d2f2c327fce8ff2ce1e85cc05ef6cdc45e93f34b6e67dc07c99fc
SHA3 b12eec51f6f1d6ff978f2cd8e56ac9ff3378883ec13180653cf95096c23ef8e5

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x434
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.2293
MD5 2119262f8a5b5f640e6ee70120dbd205
SHA1 8f4ff2b61a1f5545ef8ff60154bc50b0634d6223
SHA256 f192f2417d232eb6dc73806c1d6d70cb0136fa55e9e12a180b6bad0988ef5064
SHA3 8ab95a533d9dad03ed682ee873cbf7bdf885ecb929c6c572db3e8434dd27a422

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments
CompanyName
FileDescription
FileVersion (#2)
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion (#2)
SpecialBuild
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->