7de8db0437a68ac9c26525654839b72a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Mar-01 17:09:30
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Malicious VirusTotal score: 7/70 (Scanned on 2021-03-06 07:42:58) APEX: Malicious
Paloalto: generic.ml
Jiangmin: Trojan.Generic.gffbv
Cynet: Malicious (score: 100)
VBA32: BScope.Trojan.Wacatac
Yandex: Trojan.GenAsa!pOHLq032Mvo
Qihoo-360: Win32/Heur.Generic.HwsBn6YA

Hashes

MD5 7de8db0437a68ac9c26525654839b72a
SHA1 f0662b0b31176ec2a1e3f79fa1a91f9d2dc02582
SHA256 2ff8f21f3d03eb272cee9d537b0ad47af8dca98dbc0d767a83e47fd73e32ec0f
SHA3 fcc2f945255872eef1f7770518cca7353ece4834ac9b822e1387163abb68c255
SSDeep 96:V4A7twcpvydk3OtfvrIyuqh38w3zrTrYex0731e0wp2IrK/9Xw2tKlQFeZoLpUT:2636dkmjIy/3zkf4xhuy2tKmFe2UXSp
Imports Hash c87fd55ae19e97c08e01911770c9c544

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2021-Mar-01 17:09:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x2000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x5000
AddressOfEntryPoint 0x00007240 (Section: UPX1)
BaseOfCode 0x6000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 58b061da57a9ad31e7233be8caf61cc7
SHA1 c17421da180941eee16cc1e7b04eb4b5dd5b857e
SHA256 c54d7c0df17c01797d2279510dfea9ed09b8bfec4b41f2206856ac1cb1e4be13
SHA3 ea5cf2d9d2e19c489ff2c0df92ff9aa70a8278a0706bc3faffa1b1cb85618da6
VirtualSize 0x2000
VirtualAddress 0x6000
SizeOfRawData 0x1600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.43497

.rsrc

MD5 ca822b11de9c4fad94665ff23b9f7d06
SHA1 aab30e232bc942f5f21751aa39f68ef4df6181c0
SHA256 691045ca2cf7afca05bbe7df4985e3a9e9370bceb49499f6f55548243bbb9e77
SHA3 4542144577a29568407c42362fc6694c181923191b5151ad4d980c6b54787472
VirtualSize 0x1000
VirtualAddress 0x8000
SizeOfRawData 0x600
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.78183

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll exit
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
VCRUNTIME140.dll memset

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

Load Configuration

Size 0xbc
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x404004
SEHandlerTable 0x4036c0
SEHandlerCount 1

RICH Header

XOR Key 0xc170e649
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (VS 2015/2017/2019 runtime 29118) 3
C++ objects (VS 2015/2017/2019 runtime 29118) 19
C objects (VS 2015/2017/2019 runtime 29118) 12
ASM objects (VS 2015/2017/2019 runtime 29118) 2
Imports (26715) 2
Total imports 48
265 (VS2019 Update 8 (16.8.5-6) compiler 29337) 1
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337) 1
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->