Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Jul-26 03:57:30 |
FileVersions | 8.8.87.89 |
InternalName | Electricidad.exe |
OriginalFilename | Hungle.exe |
ProductName | Hsdfgidgfyh |
ProductVersion | 2.70.47.63 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 32/69 (Scanned on 2023-09-19 08:54:16) |
Bkav:
W32.AIDetectMalware
Lionic: Trojan.Win32.Androm.4!c Elastic: malicious (high confidence) McAfee: Artemis!826D89767097 Sangfor: Trojan.Win32.Save.a K7AntiVirus: Trojan ( 00516fdf1 ) K7GW: Trojan ( 00516fdf1 ) CrowdStrike: win/malicious_confidence_100% (W) Cyren: W32/Kryptik.KRH.gen!Eldorado Symantec: ML.Attribute.HighConfidence APEX: Malicious Kaspersky: UDS:Trojan-PSW.Win32.Stealerc.gen Avast: BotX-gen [Trj] McAfee-GW-Edition: BehavesLike.Win32.Lockbit.dm Trapmine: malicious.moderate.ml.score FireEye: Generic.mg.826d8976709765e3 Sophos: Mal/Generic-S SentinelOne: Static AI - Suspicious PE Google: Detected Gridinsoft: Ransom.Win32.STOP.bot!n ZoneAlarm: UDS:Trojan-PSW.Win32.Stealerc.gen Microsoft: Ransom:Win32/StopCrypt.SL!MTB Cynet: Malicious (score: 100) AhnLab-V3: Malware/Win.Generic.R605963 Acronis: suspicious VBA32: BScope.Trojan.Zenpak Cylance: unsafe Rising: Trojan.Generic@AI.100 (RDML:KSulDXsU+ZH8kiXH6VXCPw) Ikarus: Trojan.Win32.Crypt AVG: BotX-gen [Trj] Cybereason: malicious.1564d4 DeepInstinct: MALICIOUS |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2022-Jul-26 03:57:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x35400 |
SizeOfInitializedData | 0x2d7800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000359E (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x37000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x30c000 |
SizeOfHeaders | 0x400 |
Checksum | 0x422ef |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetConsoleAliasExesA
MoveFileExA ReadConsoleA InterlockedDecrement SetDefaultCommConfigW GetEnvironmentStringsW GetUserDefaultLCID SetConsoleScreenBufferSize AddConsoleAliasW SetVolumeMountPointW GetComputerNameW GetModuleHandleW GetCommConfig GetConsoleAliasesLengthA GetDriveTypeA GetEnvironmentStrings GetPrivateProfileIntA LoadLibraryW TerminateThread ReadConsoleInputA CopyFileW SetConsoleCP EnumSystemCodePagesA LocalReAlloc GetACP GetVolumePathNameA CreateMailslotW FindFirstFileW CreateJobObjectA GetNamedPipeHandleStateW GetStartupInfoA FindFirstFileA GetLastError GetCurrentDirectoryW RemoveDirectoryA GetProcessVersion LoadLibraryA LocalAlloc GetFileType FindNextFileA EnumDateFormatsA SetLocaleInfoW FreeEnvironmentStringsW FindNextFileW VirtualProtect PurgeComm FatalAppExitA GetShortPathNameW FindFirstVolumeA ReadConsoleInputW FindAtomW GetWindowsDirectoryW EnumSystemLocalesW CreateFileW CloseHandle SetInformationJobObject GetPrivateProfileSectionNamesW DisconnectNamedPipe GetCommandLineW WriteConsoleW MoveFileA HeapAlloc EncodePointer DecodePointer HeapReAlloc HeapSetInformation GetStartupInfoW GetProcAddress ExitProcess WriteFile GetStdHandle GetModuleFileNameW HeapCreate UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent TerminateProcess GetCurrentProcess Sleep HeapSize EnterCriticalSection LeaveCriticalSection HeapFree SetFilePointer SetHandleCount InitializeCriticalSectionAndSpinCount DeleteCriticalSection TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime RtlUnwind GetCPInfo GetOEMCP IsValidCodePage WideCharToMultiByte SetStdHandle GetConsoleCP GetConsoleMode FlushFileBuffers IsProcessorFeaturePresent LCMapStringW MultiByteToWideChar GetStringTypeW RaiseException |
---|---|
USER32.dll |
CharUpperW
|
GDI32.dll |
SelectPalette
GetTextFaceW GetCharWidthA |
SHELL32.dll |
DragFinish
|
Juyayaxo yovahaperoje huni |
Xadujupekeyohi zeta bezuyek fedenolacer |
Hurojuribip mujajazo noxi mixirev bimacasume |
Sepidogu yesemavoyefuj cijuzog bajicovegamu fubadonusoninom |
Nay lozoyimok tireyehotusage |
Yumigovafota samokafocale kijeha |
Fisarihagegemid nemayugodivo pulohi tepetagujilu tiyorovelific hunavuzulibek koraxi |
Yifufocuke sarafobum mafutenaderuyoz bivifezoribuves gofuci susoderodadolid xukoku wexutokilemubit zihovonoj |
Fus noyoducici vubisa vel pohopicetol hewiw tilodib rojemaw lubehezolijohus |
Zoti badomovov yabuziw |
Tupuxif caxutivohidujiz |
Nuc |
Necatozirexa jonan tazuxafez lutadonoderavi dudukifesujok vah tohe tudosihe dufofezogo mebodapegebobo |
Hiranasazocaw nemefetapabadum sapigafobexahik beseniwobuka kow suvigasehuxi giki mesukowaro marajef pexu |
Bibihusoregip monefuhaba xuxari lezapok dirogucokad hibi zosebuzegobexot jugiwidofis cezak gukinix |
Xinewe dodamayakojeduj zaxetelopaguja fulijope deciniya yewonusofayah coyuyibovo cotuviyehos |
Wiketif maful zonizadotepe nicajaxisateye sobomumonemakev heparemox dit zamasapib xazubilizehux |
Nisomafu cuvovutexozekax fiz cakusazec yuhonek |
Nigib hejiluh xacuya gati dopukaz cesijecebotebi cap |
Sujofe hagel kacufijapun xarawehasip |
Mufuyeh doxaju talumoduyizi valab punulirom kupuz xudorijize moridewodizoza sutoy |
Bilawamesor velicafukaga fufifi bejavokeb rohat tusuyuzebubul gix hopi yofolivuda |
Kadevepug kuvobodokex nutene tabow yure jikexopudu lufumod pitaxifuhute menedafivaduxew kumanohon |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 59.0.0.0 |
ProductVersion | 65.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
FileVersions | 8.8.87.89 |
InternalName | Electricidad.exe |
OriginalFilename | Hungle.exe |
ProductName | Hsdfgidgfyh |
ProductVersion (#2) | 2.70.47.63 |
Resource LangID | UNKNOWN |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |
XOR Key | 0x5dc23fdd |
---|---|
Unmarked objects | 0 |
C++ objects (VS2010 build 30319) | 26 |
ASM objects (VS2010 build 30319) | 19 |
C objects (VS2010 build 30319) | 111 |
Imports (VS2008 SP1 build 30729) | 9 |
Total imports | 129 |
175 (VS2010 build 30319) | 1 |
Resource objects (VS2010 build 30319) | 1 |
Linker (VS2010 build 30319) | 1 |