Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Apr-29 11:28:30 |
Detected languages |
English - United States
German - Germany Spanish - Spain (International sort) |
Suspicious | The PE is possibly packed. |
Unusual section name found: \x00
Section \x00 is both writable and executable. Unusual section name found: .idata Unusual section name found: Section is both writable and executable. Unusual section name found: olikjtyc Section olikjtyc is both writable and executable. Unusual section name found: xxfbkqcq Section xxfbkqcq is both writable and executable. The PE only has 2 import(s). |
Info | The PE's resources present abnormal characteristics. |
Resource 1 is possibly compressed or encrypted.
Resource 2 is possibly compressed or encrypted. Resource 3 is possibly compressed or encrypted. Resource 4 is possibly compressed or encrypted. Resource 5 is possibly compressed or encrypted. Resource 6 is possibly compressed or encrypted. Resource 7 is possibly compressed or encrypted. Resource 8 is possibly compressed or encrypted. Resource 9 is possibly compressed or encrypted. Resource 10 is possibly compressed or encrypted. Resource 11 is possibly compressed or encrypted. Resource 12 is possibly compressed or encrypted. Resource 13 is possibly compressed or encrypted. Resource 14 is possibly compressed or encrypted. Resource 15 is possibly compressed or encrypted. Resource 16 is possibly compressed or encrypted. Resource 17 is possibly compressed or encrypted. Resource 18 is possibly compressed or encrypted. Resource 19 is possibly compressed or encrypted. Resource 20 is possibly compressed or encrypted. Resource 21 is possibly compressed or encrypted. Resource 22 is possibly compressed or encrypted. Resource CLOSEDFOLDER is possibly compressed or encrypted. Resource CURRENTFOLDER is possibly compressed or encrypted. Resource EXECUTABLE is possibly compressed or encrypted. Resource FLOPPY is possibly compressed or encrypted. Resource OPENFOLDER is possibly compressed or encrypted. Resource PREVIEWGLYPH is possibly compressed or encrypted. Resource SBDOWN is possibly compressed or encrypted. Resource SBDOWNDN is possibly compressed or encrypted. Resource SBLEFT is possibly compressed or encrypted. Resource SBLEFTDIS is possibly compressed or encrypted. Resource SBRIGHTDIS is possibly compressed or encrypted. Resource SBRIGHTDN is possibly compressed or encrypted. Resource SBUP is possibly compressed or encrypted. Resource SBUPDIS is possibly compressed or encrypted. Resource SBUPDN is possibly compressed or encrypted. Resource TBUTTONCOLOR is possibly compressed or encrypted. Resource TBUTTONGRADIENT is possibly compressed or encrypted. Resource TBUTTONPEN is possibly compressed or encrypted. Resource TCOMBOFLAT is possibly compressed or encrypted. Resource TEEARROWDOWN is possibly compressed or encrypted. Resource TEEARROWUP is possibly compressed or encrypted. Resource TEETHUMB1 is possibly compressed or encrypted. Resource TEETHUMB2 is possibly compressed or encrypted. Resource TEETHUMB3 is possibly compressed or encrypted. Resource TEETHUMB4 is possibly compressed or encrypted. Resource TIMAGEFILTERED is possibly compressed or encrypted. Resource TTEEINSPECTOR is possibly compressed or encrypted. Resource TTEEPREVIEWPANEL is possibly compressed or encrypted. Resource UNKNOWNFILE is possibly compressed or encrypted. Resource VT_MOVEALL is possibly compressed or encrypted. Resource VT_MOVEEW is possibly compressed or encrypted. Resource VT_MOVENS is possibly compressed or encrypted. Resource VT_XPBUTTONMINUS is possibly compressed or encrypted. Resource VT_XPBUTTONPLUS is possibly compressed or encrypted. Resource 4063 is possibly compressed or encrypted. Resource 4064 is possibly compressed or encrypted. Resource 4065 is possibly compressed or encrypted. Resource 4066 is possibly compressed or encrypted. Resource 4067 is possibly compressed or encrypted. Resource 4068 is possibly compressed or encrypted. Resource 4069 is possibly compressed or encrypted. Resource 4070 is possibly compressed or encrypted. Resource 4071 is possibly compressed or encrypted. Resource 4072 is possibly compressed or encrypted. Resource 4073 is possibly compressed or encrypted. Resource 4074 is possibly compressed or encrypted. Resource 4076 is possibly compressed or encrypted. Resource 4077 is possibly compressed or encrypted. Resource 4078 is possibly compressed or encrypted. Resource 4079 is possibly compressed or encrypted. Resource 4080 is possibly compressed or encrypted. Resource 4081 is possibly compressed or encrypted. Resource 4082 is possibly compressed or encrypted. Resource 4083 is possibly compressed or encrypted. Resource 4084 is possibly compressed or encrypted. Resource 4085 is possibly compressed or encrypted. Resource 4086 is possibly compressed or encrypted. Resource 4087 is possibly compressed or encrypted. Resource 4088 is possibly compressed or encrypted. Resource 4089 is possibly compressed or encrypted. Resource 4090 is possibly compressed or encrypted. Resource 4092 is possibly compressed or encrypted. Resource 4093 is possibly compressed or encrypted. Resource 4094 is possibly compressed or encrypted. Resource 4095 is possibly compressed or encrypted. Resource 4096 is possibly compressed or encrypted. Resource BBABORT is possibly compressed or encrypted. Resource BBABORT_DISABLED is possibly compressed or encrypted. Resource BBALL is possibly compressed or encrypted. Resource BBALL_DISABLED is possibly compressed or encrypted. Resource BBCANCEL is possibly compressed or encrypted. Resource BBCANCEL_DISABLED is possibly compressed or encrypted. Resource BBCLOSE is possibly compressed or encrypted. Resource BBCLOSE_DISABLED is possibly compressed or encrypted. Resource BBHELP is possibly compressed or encrypted. Resource BBHELP_DISABLED is possibly compressed or encrypted. Resource BBIGNORE is possibly compressed or encrypted. Resource BBIGNORE_DISABLED is possibly compressed or encrypted. Resource BBNO is possibly compressed or encrypted. Resource BBNO_DISABLED is possibly compressed or encrypted. Resource BBOK is possibly compressed or encrypted. Resource BBOK_DISABLED is possibly compressed or encrypted. Resource BBRETRY is possibly compressed or encrypted. Resource BBRETRY_DISABLED is possibly compressed or encrypted. Resource BBYES is possibly compressed or encrypted. Resource BBYES_DISABLED is possibly compressed or encrypted. Resource MSG_ERROR is possibly compressed or encrypted. Resource MSG_INFO is possibly compressed or encrypted. Resource MSG_WARNING is possibly compressed or encrypted. Resource PACKAGEINFO is possibly compressed or encrypted. Resource TABOUTBOX is possibly compressed or encrypted. Resource TBMPOPTIONS is possibly compressed or encrypted. Resource TBRUSHDIALOG is possibly compressed or encrypted. Resource TEELCDFONT is possibly compressed or encrypted. Resource TEELEDFONT is possibly compressed or encrypted. Resource TEMFOPTIONS is possibly compressed or encrypted. Resource TEXOPRTFILTERWND is possibly compressed or encrypted. Resource TFILTERGALLERY is possibly compressed or encrypted. Resource TFILTERSEDITOR is possibly compressed or encrypted. Resource TFITPREVIEWWND is possibly compressed or encrypted. Resource TFRMMAIN is possibly compressed or encrypted. Resource TPENDIALOG is possibly compressed or encrypted. Resource TPREFERENCESWND is possibly compressed or encrypted. Resource TRAWPREVIEWWND is possibly compressed or encrypted. Resource TSRCHDIALOG is possibly compressed or encrypted. Resource TSTRINGSEDITOR is possibly compressed or encrypted. Resource TTEEEXCEPTIONFORM is possibly compressed or encrypted. Resource TTEEEXPORTFORMBASE is possibly compressed or encrypted. Resource TTEEGRADIENTEDITOR is possibly compressed or encrypted. Resource TTRENDVIEWWND is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_BLACK_24 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_BLACK_32 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_BLACK_48 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_BLACK_64 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_WHITE_24 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_WHITE_32 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_WHITE_48 is possibly compressed or encrypted. Resource WINXCTRLS_MOMENTUMDOTS_WHITE_64 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_BLACK_24 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_BLACK_32 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_BLACK_48 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_BLACK_64 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_WHITE_24 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_WHITE_32 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_WHITE_48 is possibly compressed or encrypted. Resource WINXCTRLS_ROTATINGSECTOR_WHITE_64 is possibly compressed or encrypted. Resource WINXCTRLS_SEARCHINDICATORS_AUDIO is possibly compressed or encrypted. Resource WINXCTRLS_SEARCHINDICATORS_AUDIO_20X is possibly compressed or encrypted. Resource WINXCTRLS_SEARCHINDICATORS_TEXT is possibly compressed or encrypted. Resource WINXCTRLS_SEARCHINDICATORS_TEXT_20X is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_BLACK_24 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_BLACK_32 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_BLACK_48 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_BLACK_64 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_WHITE_24 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_WHITE_32 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_WHITE_48 is possibly compressed or encrypted. Resource WINXCTRLS_SECTORRING_WHITE_64 is possibly compressed or encrypted. The binary may have been compiled on a machine in the UTC+8 timezone. |
Info | The PE is digitally signed. |
Signer: WMKit Certificate Authority
Issuer: WMKit Root Certificate Authority |
Malicious | VirusTotal score: 4/66 (Scanned on 2023-05-09 00:06:01) |
Bkav:
W32.AIDetectMalware
Trapmine: malicious.high.ml.score Gridinsoft: Trojan.Heur!.018100A1 MaxSecure: Trojan.Malware.121218.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2023-Apr-29 11:28:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x550000 |
SizeOfInitializedData | 0x17b000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x01517000 (Section: xxfbkqcq) |
BaseOfCode | 0x1000 |
BaseOfData | 0x552000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1518000 |
SizeOfHeaders | 0x400 |
Checksum | 0x769a83 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
lstrcpy
|
---|---|
comctl32.dll |
InitCommonControls
|
StartAddressOfRawData | 0x99b000 |
---|---|
EndAddressOfRawData | 0x99b054 |
AddressOfIndex | 0x1908d00 |
AddressOfCallbacks | 0x1908d08 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |