7dd17081fb73d13df36e28ce13b0fc8c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jun-27 13:05:49
Detected languages English - United States
Comments Zeje veximosakixuzi rojegoko mahedogujekole zi jufizorozaro rozofoba vufepamacora
FileVersion 26, 10, 3, 37
LegalCopyright Wejigabohari
LegalTrademarks Gulaxafadi lakihoke rujiwisi pu vejato rihelixeja fobasigowofe
ProductVersion 26, 10, 3, 37

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Has Internet access capabilities:
  • WinHttpCloseHandle
Info The PE's resources present abnormal characteristics. Resource 143 is possibly compressed or encrypted.
Malicious VirusTotal score: 50/64 (Scanned on 2017-07-17 20:49:15) MicroWorld-eScan: Trojan.GenericKD.5520679
CMC: Trojan-Downloader.Win32.Gamarue.2!O
CAT-QuickHeal: TrojanBanker.Emotet
ALYac: Trojan.GenericKD.5520679
Malwarebytes: Trojan.Injector
VIPRE: Trojan.Win32.Generic!BT
K7GW: Trojan ( 005110a31 )
K7AntiVirus: Trojan ( 005110a31 )
Invincea: heuristic
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9997
Symantec: Ransom.Kovter
TrendMicro-HouseCall: TROJ_EMOTET.XXTY
Avast: Win32:Malware-gen
Kaspersky: Trojan-Banker.Win32.Emotet.vpi
BitDefender: Trojan.GenericKD.5520679
NANO-Antivirus: Trojan.Win32.Emotet.eqnkml
ViRobot: Trojan.Win32.Agent.208384.K
AegisLab: Ml.Attribute.Gen!c
Rising: Trojan.Emotet!8.B95 (cloud:sPyaITM3AjE)
Ad-Aware: Trojan.GenericKD.5520679
Sophos: Mal/Generic-S
F-Secure: Trojan.GenericKD.5520679
DrWeb: Trojan.Siggen7.21438
Zillya: Trojan.Emotet.Win32.751
TrendMicro: TROJ_EMOTET.XXTY
McAfee-GW-Edition: BehavesLike.Win32.FakeAlertSecurityTool.dc
Emsisoft: Trojan.GenericKD.5520679 (B)
SentinelOne: static engine - malicious
Cyren: W32/Trojan.PCTX-2702
Jiangmin: Trojan.Banker.Emotet.av
Webroot: W32.Trojan.Gen
Avira: TR/Crypt.Xpack.nhrvm
Antiy-AVL: Trojan[Banker]/Win32.Emotet
Microsoft: Trojan:Win32/Emotet.K
Endgame: malicious (high confidence)
Arcabit: Trojan.Generic.D543D27
ZoneAlarm: Trojan-Banker.Win32.Emotet.vpi
GData: Win32.Trojan-Spy.Emotet.AC
AhnLab-V3: Trojan/Win32.Inject.C2021913
McAfee: Packed-NA!7DD17081FB73
AVware: Trojan.Win32.Generic!BT
Panda: Trj/GdSda.A
ESET-NOD32: a variant of Win32/Kryptik.FTYF
Tencent: Win32.Trojan.Inject.Auto
Yandex: Trojan.PWS.Emotet!
Ikarus: Trojan.Win32.Krypt
Fortinet: W32/GenKryptik.ALTJ!tr
AVG: Win32:Malware-gen
Paloalto: generic.ml
CrowdStrike: malicious_confidence_90% (W)

Hashes

MD5 7dd17081fb73d13df36e28ce13b0fc8c
SHA1 5d816f1f3d2ab9afee6a34c99db52f25f49b9110
SHA256 0c451e42735fa72cb36d1cc6911cd78ff5a6605bbf104c5f43b90342b1cc38db
SHA3 175f4cc131e1aaf7ccb9b18698d52c5f0cc1d9a0909cace6056844a18aaa9ccc
SSDeep 3072:+9GLRcfjXpVb5V7q5iLB6/bXQygEY+lCTLv3CrcWXK5SonG18JE4:+njvXq5bzngoCTLv3CoWXK5r
Imports Hash bb5a5e7a8296438403b29fa6e823dac8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Jun-27 13:05:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0xb200
SizeOfInitializedData 0x28400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001431 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd000
ImageBase 0x1100000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x36000
SizeOfHeaders 0x400
Checksum 0x3e939
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2b64c2c85a6996eab80eb8fcda6ccda7
SHA1 0495d986eda371fe078b451254cac5b381b00618
SHA256 6bbd93517a2c0592e5d08359afcd4bbe35d2917871a8a75886e5a4646f5d3eaa
SHA3 c198d5c0ef09222c7275ed1e5c7817fb8f4eaeaf175dff5c3df46d003c1d7a98
VirtualSize 0xb0d9
VirtualAddress 0x1000
SizeOfRawData 0xb200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.76899

.rdata

MD5 50c93493e61abb7ca2f4c9deb30841c4
SHA1 8b4789dd30d420715474f06087d224359569926f
SHA256 5ae5ea30fe1b67d4dedd92f97bce56918c3fcdadfb0c21604714eec474a322ee
SHA3 da4529348e1a77ab7a535d3c4f14bcbafda8e39751ded757cffa39bef5e1b187
VirtualSize 0x38e0
VirtualAddress 0xd000
SizeOfRawData 0x3a00
PointerToRawData 0xb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.76772

.data

MD5 7ba8dde86fad110f2eb6dba40f803908
SHA1 13cf53e3dbff771b2235b992b8a3b4763be41566
SHA256 23731a512f47b9b043d7c84da88082f2055bd097c0c836b709bf4366b4537fa3
SHA3 e15d3baa30392815add8b353462ea6e6ccea22dcf0e73d0e7110e0f025939f1d
VirtualSize 0x1ca4
VirtualAddress 0x11000
SizeOfRawData 0x1200
PointerToRawData 0xf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.70499

.rsrc

MD5 5b49b6a213bf556ae11109fe33f06df5
SHA1 64ff5705e04e29555f6e59d87b9bb91684011bd9
SHA256 8b6e018538258daf6f3b4359cac2a98ce904afea3561db24447d4cce778c1e94
SHA3 b3050544f75bb9aac419a153163f95a6ef210367d901455a18b0224695fe02a6
VirtualSize 0x22a60
VirtualAddress 0x13000
SizeOfRawData 0x22c00
PointerToRawData 0x10200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.77144

Imports

KERNEL32.dll GetSystemTimes
GetThreadSelectorEntry
GetSystemTimeAdjustment
GetACP
GetProcAddress
LoadLibraryA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
USER32.dll GetNextDlgTabItem
RealGetWindowClassW
GetAltTabInfoW
GetDlgCtrlID
WINHTTP.dll WinHttpCloseHandle

Delayed Imports

143

Type RT_BITMAP
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ccd8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.82578
MD5 b09ddbf3363ead5153c79c207a590aae
SHA1 c6ce2d10ad0baf6622cefae6e3c12fc4a2ba041f
SHA256 d39ac559f11a0910d1f8c45510fb152dcbfb65985cd7fc4081ac1d9ab50c253f
SHA3 07c2246f256ee2f63dbe7674eb7c807c9e0db6b754c9d947d4d59d50381eaf69
Preview

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.52781
MD5 956c0bc3e1a36ee726c7ac969fc3037a
SHA1 f16a6fe8bc06b80f485a09d2473bbbb43be03e1e
SHA256 4962e73b7cfa0d684111c5d681d291139365f3484a560b32a7b1b0297aac56c4
SHA3 49022c7ada899e147f100b29ebcaeab5bf9355c455d6ba641ef06144a3341dc1

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.53155
MD5 5022a5828dd6c906e760ac66d2013745
SHA1 950b579720eb3af554767b944c387e62db790393
SHA256 67f9d7f3e43ad9e01f758cec0ad5a68f8e2fbd6ad52be5c3b15261987ca881db
SHA3 a651524907948ca46c020b8f1c332f7a7edfb7641754020648329473510d4103

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.12405
MD5 94f77c2f8b400c44d6997436241b27ea
SHA1 2f1b7d0a9be0e7afa3ce74a49f2de547211e9508
SHA256 c06e7ae1d62d52329293c87300b473bec37fee7307408208a0ececf49689c919
SHA3 8bb8fe4070e176589823bd735adb34d42fdd543b5e602973ad132d6e9c6f4760

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.40714
MD5 62508d6313b88aa63dc1f7b8b551b2c1
SHA1 e111e77035552eee4321359125367a8a6ecfcf17
SHA256 44389868827bd099a05b963ef686eee8a35c350f12f42fd2c2856ba8915e8767
SHA3 b13bafdaf3d63ba691fab7a650fb6944b3d8369215f76a452e0cc4ac78bbf4ff

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.34496
MD5 0580ba884f9d25403e2cbed74f26996e
SHA1 faaec8b487b401510910d4a22d008664dec2fcd8
SHA256 4f2154170b754918e0d8abc196097dbed28ddf2c1f02dd1f241b2db468c3d900
SHA3 0463b952505c8381eac5f8a73ffc5767431c3561ad1ca559457ad894edc77603

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.24026
MD5 7ff3450126e84b02f9285b9f2894cd7f
SHA1 0e82a8e4480fe261f456c887b0eaf377fd70a149
SHA256 49066483397decb73c92ad3f9de64b8337319a3f4238ba3f0c9d55ad1a68bef2
SHA3 c9c433d8f261c1560d6b637c7ec3a09c9bda386da211b9938a89500baea90779

101

Type RT_ACCELERATOR
Language UNKNOWN
Codepage UNKNOWN
Size 0x58
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71224
MD5 3715ad80d8d0b1f1e5afd4ffff95eb3f
SHA1 6475185d9957b641c6f0e84f806809f01be21f7a
SHA256 6584fd559349a0d6d73e80141986ef8af073bf035241b485bbb75843ac64f95c
SHA3 4131ecb4c2b024b03bb172b004c8f711a16695fe601141de54f8ba7c380e1564

119

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.69913
Detected Filetype Icon file
MD5 fc8846589a152507308beb48ead7a796
SHA1 787c24f9fbf50523b34bcb328ed56d33c4e7ffd7
SHA256 4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe
SHA3 8ddbf8de92320682fb04bf04b166aab2b443a9fd6055b504b0c29ee44468a9c9

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50746
MD5 f422fc6ceb904c1bdf32414a642bc75a
SHA1 f18c0e72ff23b29b9bb87ebcf4125529b72693d5
SHA256 9c77fe248b4765eb15582ee3b26cfd9c10e823134f518cd10664aab8fc460834
SHA3 50ee7ca2a6dfb4b6c1f6547b17b7482bc607e19c23e9aa245d2de5ac04bb3939

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 26.10.3.37
ProductVersion 26.10.3.37
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - United States
Comments Zeje veximosakixuzi rojegoko mahedogujekole zi jufizorozaro rozofoba vufepamacora
FileVersion (#2) 26, 10, 3, 37
LegalCopyright Wejigabohari
LegalTrademarks Gulaxafadi lakihoke rujiwisi pu vejato rihelixeja fobasigowofe
ProductVersion (#2) 26, 10, 3, 37
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x111100c
SEHandlerTable 0x110ff90
SEHandlerCount 3

RICH Header

XOR Key 0xe61ef640
Unmarked objects 0
C++ objects (VS2008 build 21022) 28
ASM objects (VS2008 build 21022) 25
C objects (VS2008 build 21022) 96
Total imports 83
Imports (VS2012 build 50727 / VS2005 build 50727) 7
138 (VS2008 build 21022) 1
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors

<-- -->