7e6f4c35be747ec3cb3f6d2d5b11930c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Dec-02 13:48:02
Detected languages English - United States

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • QueryPerformanceCounter
Leverages the raw socket API to access the Internet:
  • #116
  • #16
  • #4
  • #23
  • #19
  • #115
  • getaddrinfo
  • #3
Malicious VirusTotal score: 3/69 (Scanned on 2018-12-03 08:04:27) Cylance: Unsafe
Trapmine: suspicious.low.ml.score
Jiangmin: Trojan.Generic.cuker

Hashes

MD5 7e6f4c35be747ec3cb3f6d2d5b11930c
SHA1 3c5f0e53e112606d6c563135dc6cddf4e85212ea
SHA256 63f0657123a02ac21a729244a5c087ee53cb3c671c1e2f2c095ac1dbd558279b
SHA3 4ca4d95f1195056378955ec1ba76bbe3c6cd257081232f742f030cb5ea8f343e
SSDeep 192:OwLCmxNG9Ji1nvmkQgzEPzNHsJ7a/51R7RC7E5pz6//6SrCgy/boq1Ggv:OwW3cnvsPdsJqRI7DWg6brGgv
Imports Hash 7ec5d8142294eedc368915597534cbaa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Dec-02 13:48:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1600
SizeOfInitializedData 0x1a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001A49 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 62d1fdccb0f5523effc7afd9cdfa386d
SHA1 a4c557b4eeb4c99b1205e2e888a43734c0fbc5f8
SHA256 954982c312f8fd212da06af5420b879a0a6fc0dbb1688c01e9a74f35618597c1
SHA3 7452a0e023173bfd799b03ac180bbf4844a92b4cb3ade1a664af54912c7e7fdd
VirtualSize 0x141d
VirtualAddress 0x1000
SizeOfRawData 0x1600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.87966

.rdata

MD5 1a40e4ab87688e9a45d0445df71a1751
SHA1 5bb6a72d7dc1ed8ef5c93fd8063bf4b8272d4d99
SHA256 e5340f8c87f60d70257a148e79832e93c8a73668fe43448c7071b778bb36cb78
SHA3 b927c4c0d14e459234d0b7e19684f991c92f7e6044b318f70a5201131b64c6dc
VirtualSize 0xc5a
VirtualAddress 0x3000
SizeOfRawData 0xe00
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27608

.data

MD5 dc90fc786a971ecd7fd9828ca92bf697
SHA1 05697320aa505379bf3d6f0b60d26091e861cfad
SHA256 447498377adfd3694a3699918af2f5ec48f34dcc85078cbbfa2dbe053223a0f7
SHA3 6130d718a8a657ea570906ba16c0ed6770c855394349b277f6f897dd102b73cb
VirtualSize 0x660
VirtualAddress 0x4000
SizeOfRawData 0x400
PointerToRawData 0x2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.34138

.rsrc

MD5 4dde323af9808a00b376d6895922dc1f
SHA1 bcafff5b6284bc83d01296b1ba160d28faee6ef9
SHA256 79e650fc0d108f0b5cb909904d5cb598b02b04f7c06be6c8622dd073aac8f762
SHA3 d353d855c24ba1ddc170eaeed3be531d0764013724d92ea267b1d5be7264f0d2
VirtualSize 0x1e0
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69612

.reloc

MD5 ce33782a67df005e097bd4f9e95599dc
SHA1 8812d6500cc4fe171da645dd2c6bbab03c3f6bb5
SHA256 4b1a03bdf6a3c558f56a64284af29096261f1d9c88084dfc95e64b825245983e
SHA3 ae8bb3b55a09a37e93f38b2e9b0f1faf9b598496fda3b37cb1d8024e29de2b50
VirtualSize 0x1d8
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.0836

Imports

KERNEL32.dll FindFirstFileA
FindNextFileA
FindClose
GetLastError
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
USER32.dll MessageBoxA
SHELL32.dll SHGetSpecialFolderPathA
WS2_32.dll #116
#16
#4
#23
#19
#115
getaddrinfo
#3
VCRUNTIME140.dll memset
strrchr
_except_handler4_common
api-ms-win-crt-stdio-l1-1-0.dll fopen
__p__commode
_set_fmode
fread
__acrt_iob_func
fclose
ftell
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0.dll strcat_s
strlen
strcpy_s
strcmp
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
malloc
api-ms-win-crt-runtime-l1-1-0.dll exit
_exit
_initterm_e
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Dec-02 13:48:02
Version 0.0
SizeofData 596
AddressOfRawData 0x3264
PointerToRawData 0x1c64

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2018-Dec-02 13:48:02
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x404004
SEHandlerTable 0x403260
SEHandlerCount 1

RICH Header

XOR Key 0x81f4f9c5
Unmarked objects 0
Imports (VS 2015/2017 runtime 26706) 2
C++ objects (VS 2015/2017 runtime 26706) 18
C objects (VS 2015/2017 runtime 26706) 12
ASM objects (VS 2015/2017 runtime 26706) 2
Imports (VS2008 SP1 build 30729) 21
Total imports 71
264 (VS2017 v15.9.2 compiler 27024) 2
Resource objects (VS2017 v15.9.2 compiler 27024) 1
Linker (VS2017 v15.9.2 compiler 27024) 1

Errors