7c74fb64715fe86b65d362b024b00443

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Mar-30 10:30:11
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Malicious VirusTotal score: 21/67 (Scanned on 2022-02-02 00:43:08) MicroWorld-eScan: Gen:Variant.Ulise.219029
FireEye: Gen:Variant.Ulise.219029
McAfee: Artemis!7C74FB64715F
Cylance: Unsafe
Sangfor: Riskware.Win32.Uwamson.A
Symantec: ML.Attribute.HighConfidence
TrendMicro-HouseCall: TROJ_GEN.R002H09GI21
BitDefender: Gen:Variant.Ulise.219029
Ad-Aware: Gen:Variant.Ulise.219029
McAfee-GW-Edition: BehavesLike.Win32.Generic.dh
Emsisoft: Gen:Variant.Ulise.219029 (B)
GData: Gen:Variant.Ulise.219029
MAX: malware (ai score=99)
Gridinsoft: Malware.Win32.Uwamson.oa
Microsoft: Program:Win32/Uwamson.A!ml
Cynet: Malicious (score: 100)
ALYac: Gen:Variant.Ulise.219029
APEX: Malicious
Rising: Malware.Heuristic!ET#96% (RDMK:cmRtazqfFgZhfoLaR2oO33aPlv1h)
MaxSecure: Trojan.Malware.138718321.susgen
Fortinet: W32/PossibleThreat

Hashes

MD5 7c74fb64715fe86b65d362b024b00443
SHA1 5819e8dc2c1bd01e5f7b4c5d2c9041753c4d1926
SHA256 56896cac5b9a03f74cf24ae0355512f9fd28ab1d58a268243707ac85c438fd1e
SHA3 0a932a13fe7997ec376d6d34a6505e9ec4d938f0ec87ce6bd94bf2ed976037cb
SSDeep 6144:hYK01IqBkyEbJ4ftWsMzFpEfpzS/pBTy:hYK01vkcWsMzFpuZSBBe
Imports Hash ef7f7ff161f06e4b123191f662d33847

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2021-Mar-30 10:30:11
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x31000
SizeOfInitializedData 0x14600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000016C0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x32000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x49000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7d71b95463dadde8c428ba19e4cdc8bc
SHA1 46e91a8ca73d81f5c8a8bbda4a2454f19fe67963
SHA256 c05977e199d2d82e0bea5137c10e4bb7de148311fb365afeb8a4322eb62ae68e
SHA3 bb3158ab49e382e1f3391652b61482ab2b4b66ff42bf485e40a35f988ca23e6d
VirtualSize 0x30ec0
VirtualAddress 0x1000
SizeOfRawData 0x31000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.20013

.rdata

MD5 c4402bcd559b717353fd27d5952f221c
SHA1 468d411c7649bc86c957796ca3b1f607b75c41b0
SHA256 0378a6e63c072273208854b3c0f72fd265f41f634ad5e7cc110fff05bab75538
SHA3 3e68d3d4604a74edc21c82074873faf8f35150769c9bf3eb5a408e8873d5dc4f
VirtualSize 0x1077a
VirtualAddress 0x32000
SizeOfRawData 0x10800
PointerToRawData 0x31400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.44014

.data

MD5 1f056a17761bbf9c8d0b67874098bfad
SHA1 88a6326d0f760f51c8ff008d5d29f27171cbc054
SHA256 b5e5ead24b8ea59774c8ae9acbd12c8a6c5faa1f35763dea27722597bcd434cb
SHA3 f348b0afc65e3fcdf349de7f662efbd2d9245013a7b18025633d99fd3e990056
VirtualSize 0x19fc
VirtualAddress 0x43000
SizeOfRawData 0xa00
PointerToRawData 0x41c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.16461

.rsrc

MD5 e9766094845606e834393c31bb811486
SHA1 fefd797dfa27b5766c240a4071e5e9866e0e79cc
SHA256 2f414463f64f87405302cba6f5a0faae43e08ee4142afef91eba26e364cb3abe
SHA3 e08346c9d98d543dc8d4f5921b984355fa9de5a0c726199110e8c5f0ae533fc7
VirtualSize 0x1e0
VirtualAddress 0x45000
SizeOfRawData 0x200
PointerToRawData 0x42600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70839

.reloc

MD5 b81894256af590c029cac5c323e60ed8
SHA1 c2cdf6b68c4d7980a4cf0e3325c770797f46e2db
SHA256 dc42b46a002aa35f7cea2ac8ed5d77dc1afe1c4915237bf266f5ddd863c78597
SHA3 ce0024eaae49a1124746a06caed3c9d111c3d93a68daed05ef5d42a2a070a9d8
VirtualSize 0x2134
VirtualAddress 0x46000
SizeOfRawData 0x2200
PointerToRawData 0x42800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.62465

Imports

KERNEL32.dll UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapValidate
GetSystemInfo
CompareStringW
LCMapStringW
GetFileType
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
WriteConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CloseHandle
CreateFileW
DecodePointer

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2021-Mar-30 10:30:11
Version 0.0
SizeofData 728
AddressOfRawData 0x41684
PointerToRawData 0x40a84

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2021-Mar-30 10:30:11
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xbc
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x443004
SEHandlerTable 0x44165c
SEHandlerCount 10

RICH Header

XOR Key 0x4351568c
Unmarked objects 0
ASM objects (27412) 13
C++ objects (27412) 147
C objects (27412) 18
C++ objects (VS 2015/2017/2019 runtime 29804) 37
C objects (VS 2015/2017/2019 runtime 29804) 16
ASM objects (VS 2015/2017/2019 runtime 29804) 19
Imports (27412) 3
Total imports 83
265 (VS2019 Update 9 (16.9.2-3) compiler 29913) 2
Resource objects (VS2019 Update 9 (16.9.2-3) compiler 29913) 1
Linker (VS2019 Update 9 (16.9.2-3) compiler 29913) 1

Errors

<-- -->