80a81ad326d018152d74ab62e8283f53

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Feb-22 05:04:51

Plugin Output

Suspicious The PE is packed with Aspack Unusual section name found: .aspack
The PE only has 5 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 5/70 (Scanned on 2021-03-01 08:07:13) Bkav: W32.AIDetect.malware1
APEX: Malicious
Paloalto: generic.ml
eGambit: Unsafe.AI_Score_93%
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 80a81ad326d018152d74ab62e8283f53
SHA1 06db67e6375099d5d006f5853cd516dd01baff78
SHA256 53308fe47bcef0f053e2a50fed1addfdda2739556cde16366ed3bc2a2c1b1862
SHA3 234b0fd236783db2f6635d64ab64fe371fb8c7afa97d190aa86882b821b2942b
SSDeep 1536:mW0oanlcbEKQeHvQDuHEw/zL56NRAUXLT+a27L+HLUVa3ZeYfvqYQGNGUTqr+7q:VmgEKQe645qRRXma2f+HlFfvqYQGN6
Imports Hash 7521b325b2cf04529630150e1c201a13

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2021-Feb-22 05:04:51
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x2c400
SizeOfInitializedData 0x19a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00049001 (Section: .aspack)
BaseOfCode 0x1000
BaseOfData 0x2e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d131b670705eba8b15b6022127f25abe
SHA1 20cfa7018c6c67dd7f41c4a5a586659c72ea8ce1
SHA256 3a37cc5c5d12e80e0a4a418b342ef2c7d0184d681a05b3a5ec571b144b11a2a3
SHA3 e0cc9871b7276d27bebd0e7d2a7b5a2b7e61ce3199feb1b3628b4b070331256d
VirtualSize 0x2d000
VirtualAddress 0x1000
SizeOfRawData 0x17200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99491

.rdata

MD5 11a9c5f2c114e1ab2f7749b0cfe54a9f
SHA1 1f1b6bc5902d97c8633e48bbc944c00e719c9e53
SHA256 7a59807fb97a9d379cdfbe51c0d2613fca45d01cdf804409955387aa7728312d
SHA3 9acb54c86a8ef12e1aefe217bdc20a213257b640967bb0429222fbd65d64a059
VirtualSize 0x2000
VirtualAddress 0x2e000
SizeOfRawData 0x800
PointerToRawData 0x17600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.72884

.data

MD5 d59eb8de3e74c4e2d95bf0011651d90e
SHA1 d747cf9b2e1b5d99e492bc41344c960194816f17
SHA256 1e4f5b36d642a3d791d916ed2c62483438533a8dece5c024755b8dd3c67ad7f6
SHA3 5cd99d2461be5dd96c4027b1a8eb9151ad604daa0feafdead64c916da8a4b7af
VirtualSize 0x19000
VirtualAddress 0x30000
SizeOfRawData 0x4400
PointerToRawData 0x17e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.98026

.aspack

MD5 8bb5f434822e5f1115a3b5efaf8b6111
SHA1 77e1b920cbede1c288d62d062431c62065fcac6d
SHA256 5752d47f89e5985557a5ed67b084ca7c1abfc7585a0d96bac60a464b2bce7f8b
SHA3 61bd83b982eaf66571e5838e16a9474a6819d14a0c29062233025f837abf90a9
VirtualSize 0x2000
VirtualAddress 0x49000
SizeOfRawData 0x1400
PointerToRawData 0x1c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.54968

.data (#2)

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0x4b000
SizeOfRawData 0
PointerToRawData 0x1d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

kernel32.dll GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll OemToCharBuffA
advapi32.dll IsTextUnicode

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xa1f6b5b8
Unmarked objects 0
C++ objects (VS98 SP6 build 8804) 1
14 (7299) 28
19 (8034) 7
Total imports 111
C objects (VS98 SP6 build 8804) 284

Errors

[*] Warning: Section .data has a size of 0!
<-- -->