Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2021-Mar-30 10:30:11 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 22/68 (Scanned on 2022-03-07 14:44:01) |
Elastic:
malicious (moderate confidence)
MicroWorld-eScan: Gen:Variant.Ulise.219029 FireEye: Gen:Variant.Ulise.219029 McAfee: Artemis!7C74FB64715F Cylance: Unsafe Sangfor: Riskware.Win32.Uwamson.A APEX: Malicious BitDefender: Gen:Variant.Ulise.219029 Rising: Malware.Heuristic!ET#91% (RDMK:cmRtazqfFgZhfoLaR2oO33aPlv1h) Ad-Aware: Gen:Variant.Ulise.219029 Emsisoft: Gen:Variant.Ulise.219029 (B) McAfee-GW-Edition: BehavesLike.Win32.Generic.dh Trapmine: malicious.moderate.ml.score Gridinsoft: Malware.Win32.Uwamson.oa Microsoft: Program:Win32/Uwamson.A!ml GData: Gen:Variant.Ulise.219029 Cynet: Malicious (score: 100) ALYac: Gen:Variant.Ulise.219029 MAX: malware (ai score=99) TrendMicro-HouseCall: TROJ_GEN.R002H09B422 Fortinet: W32/PossibleThreat Cybereason: malicious.4715fe |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Mar-30 10:30:11 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x31000 |
SizeOfInitializedData | 0x14600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000016C0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x32000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x49000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
UnhandledExceptionFilter
SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW RtlUnwind GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW EncodePointer RaiseException GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW GetCommandLineA GetCommandLineW HeapAlloc HeapValidate GetSystemInfo CompareStringW LCMapStringW GetFileType OutputDebugStringW FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW GetProcessHeap HeapFree HeapReAlloc HeapSize HeapQueryInformation WriteConsoleW FlushFileBuffers GetConsoleOutputCP GetConsoleMode GetFileSizeEx SetFilePointerEx CloseHandle CreateFileW DecodePointer |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Mar-30 10:30:11 |
Version | 0.0 |
SizeofData | 728 |
AddressOfRawData | 0x41684 |
PointerToRawData | 0x40a84 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Mar-30 10:30:11 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x443004 |
SEHandlerTable | 0x44165c |
SEHandlerCount | 10 |
XOR Key | 0x4351568c |
---|---|
Unmarked objects | 0 |
ASM objects (27412) | 13 |
C++ objects (27412) | 147 |
C objects (27412) | 18 |
C++ objects (VS 2015/2017/2019 runtime 29804) | 37 |
C objects (VS 2015/2017/2019 runtime 29804) | 16 |
ASM objects (VS 2015/2017/2019 runtime 29804) | 19 |
Imports (27412) | 3 |
Total imports | 83 |
C++ objects (LTCG) (VS 2015/2017/2019 runtime 29913) | 2 |
Resource objects (VS 2015/2017/2019 runtime 29913) | 1 |
Linker (VS 2015/2017/2019 runtime 29913) | 1 |