826d8976709765e3dd70e3ed8f6744d3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Jul-26 03:57:30
FileVersions 8.8.87.89
InternalName Electricidad.exe
OriginalFilename Hungle.exe
ProductName Hsdfgidgfyh
ProductVersion 2.70.47.63

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
 Enumerates local disk drives:
  • GetDriveTypeA
Malicious VirusTotal score: 32/69 (Scanned on 2023-09-19 08:54:16) Bkav: W32.AIDetectMalware
Lionic: Trojan.Win32.Androm.4!c
Elastic: malicious (high confidence)
McAfee: Artemis!826D89767097
Sangfor: Trojan.Win32.Save.a
K7AntiVirus: Trojan ( 00516fdf1 )
K7GW: Trojan ( 00516fdf1 )
CrowdStrike: win/malicious_confidence_100% (W)
Cyren: W32/Kryptik.KRH.gen!Eldorado
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Kaspersky: UDS:Trojan-PSW.Win32.Stealerc.gen
Avast: BotX-gen [Trj]
McAfee-GW-Edition: BehavesLike.Win32.Lockbit.dm
Trapmine: malicious.moderate.ml.score
FireEye: Generic.mg.826d8976709765e3
Sophos: Mal/Generic-S
SentinelOne: Static AI - Suspicious PE
Google: Detected
Gridinsoft: Ransom.Win32.STOP.bot!n
ZoneAlarm: UDS:Trojan-PSW.Win32.Stealerc.gen
Microsoft: Ransom:Win32/StopCrypt.SL!MTB
Cynet: Malicious (score: 100)
AhnLab-V3: Malware/Win.Generic.R605963
Acronis: suspicious
VBA32: BScope.Trojan.Zenpak
Cylance: unsafe
Rising: Trojan.Generic@AI.100 (RDML:KSulDXsU+ZH8kiXH6VXCPw)
Ikarus: Trojan.Win32.Crypt
AVG: BotX-gen [Trj]
Cybereason: malicious.1564d4
DeepInstinct: MALICIOUS

Hashes

MD5 826d8976709765e3dd70e3ed8f6744d3
SHA1 17a4b4b1564d42d9ba28b280943d85a042e1af76
SHA256 f36497550dfecfee3505c7176924a1afe8b49b628e2bca2441e6e0ffcb2b7899
SHA3 97bc423781f15ed1ae84a083624d94570766938624404912534434c8deaedd76
SSDeep 3072:FMsy/3afExvuG3xqD2U4LgqVmkGGkdT8GtX:a3afEhuGhqS8omkIx8G
Imports Hash 8fb9154a21443bd071cf8e302cbc978d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2022-Jul-26 03:57:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x35400
SizeOfInitializedData 0x2d7800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000359E (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x37000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x30c000
SizeOfHeaders 0x400
Checksum 0x422ef
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 38d50861192f20acd395cb92dd82f7bd
SHA1 13ba3ef6a0723a3d6e99ba207e3e43d121442b0f
SHA256 5de3a66d22bf24b28dfc3bcc57d809077ccbd080e9c47c883358ebef693d8a2c
SHA3 73eb11f40df5d73f7a38c964bdf72a1df1fcab602a18b093c6e21ca02450d5f2
VirtualSize 0x35360
VirtualAddress 0x1000
SizeOfRawData 0x35400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.51972

.data

MD5 7bf85b24db467e36498341c6ffa4b5c2
SHA1 b15e10a2f71e34039b3c69f67299d43240b4f902
SHA256 e8f9bd344a0b6740ebffaf780735cd066d6c48e435849725c37d634e59bff929
SHA3 db2f5b306cca641f6f5eff3e6da776df165670b14e48ebee895e6fa85456f07b
VirtualSize 0x2d09e4
VirtualAddress 0x37000
SizeOfRawData 0x4400
PointerToRawData 0x35800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.16124

.rsrc

MD5 1f1be7c97770a754b55efa74ce96bd7a
SHA1 ce33367bf8a817cc3436cc5c14885720a7b3ba05
SHA256 6cd9fd804db7596ee5389a444b790dd0e2e0e0b453095d96ec80a40165a8bc93
SHA3 4c9101a9741c13c6b41a7816b5b0a96c538543b9e6a2c029ff99da243a22597c
VirtualSize 0x3ea8
VirtualAddress 0x308000
SizeOfRawData 0x4000
PointerToRawData 0x39c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.0072

Imports

KERNEL32.dll GetConsoleAliasExesA
MoveFileExA
ReadConsoleA
InterlockedDecrement
SetDefaultCommConfigW
GetEnvironmentStringsW
GetUserDefaultLCID
SetConsoleScreenBufferSize
AddConsoleAliasW
SetVolumeMountPointW
GetComputerNameW
GetModuleHandleW
GetCommConfig
GetConsoleAliasesLengthA
GetDriveTypeA
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
TerminateThread
ReadConsoleInputA
CopyFileW
SetConsoleCP
EnumSystemCodePagesA
LocalReAlloc
GetACP
GetVolumePathNameA
CreateMailslotW
FindFirstFileW
CreateJobObjectA
GetNamedPipeHandleStateW
GetStartupInfoA
FindFirstFileA
GetLastError
GetCurrentDirectoryW
RemoveDirectoryA
GetProcessVersion
LoadLibraryA
LocalAlloc
GetFileType
FindNextFileA
EnumDateFormatsA
SetLocaleInfoW
FreeEnvironmentStringsW
FindNextFileW
VirtualProtect
PurgeComm
FatalAppExitA
GetShortPathNameW
FindFirstVolumeA
ReadConsoleInputW
FindAtomW
GetWindowsDirectoryW
EnumSystemLocalesW
CreateFileW
CloseHandle
SetInformationJobObject
GetPrivateProfileSectionNamesW
DisconnectNamedPipe
GetCommandLineW
WriteConsoleW
MoveFileA
HeapAlloc
EncodePointer
DecodePointer
HeapReAlloc
HeapSetInformation
GetStartupInfoW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
HeapFree
SetFilePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RaiseException
USER32.dll CharUpperW
GDI32.dll SelectPalette
GetTextFaceW
GetCharWidthA
SHELL32.dll DragFinish

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62097
MD5 1d8464f0a779e78940fa66648fd39767
SHA1 a6313a0fcb94ebe70c8f7c363eb6e3160231602b
SHA256 af0be11b5523c80c6ca3dee0fa019fd965e8648ee73cce1a990986973ce91bb0
SHA3 5464cd741bfb3dce4c848b7bad9ad9482f847d1ada58997c7d2a601c78495151

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76716
MD5 5194e08ffe3165c24e9eee5645b3e2ff
SHA1 f581abbc2b3d31cd6e0c5850019ee97b80a34149
SHA256 0777093f5ff2385b565f4a3cb6c3f294dd87f612bd5b928f65182f15d2498213
SHA3 e60acfd2bca4526841783f27901f521ed3747a0488749308baf2abf6c3ecfe40

25

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x28e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21131
MD5 5c9572abc09391dcc07d681c60c8d148
SHA1 8ba446df860caadcb3498f131df51bff354b8d0f
SHA256 b5d1fa92a5089230fc0321419b923c456cae85c7c24ee53c5e0bebd237fa4ba5
SHA3 8361634633af13afc576bcbb70c00a99d90058fba4747901bf1b38871e6bc19a

26

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ee
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16219
MD5 c942fda2eb04ffa260fbe023039ae0d9
SHA1 32addcdb8248030437f0a877b3e15ea20177e1bd
SHA256 a5ab3d9b7f71b0298328d14bc33fe6d8d03575628f23c3813e1c2b46e7bebe38
SHA3 a294552a28caa60e1f282ff7f57f0d9475b01d7184deef932728cd3ab2d36d42

27

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x706
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.24827
MD5 33ddc606c07bf02b0a95a4bc643ccd90
SHA1 5939611504ac8a9398bd92770f78fb41dd0708e3
SHA256 d217f68d33db9abef6cc54953999a9fed47b1a4104c14509b68c04cb1c85f924
SHA3 f0723569e43dd48413c9fdf9210394dc3b99c3aed2ce316b12a8147e4611bdc7

126

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.40927
Detected Filetype Icon file
MD5 ec88a7cc35bc3e7dc9540b0c8cad0f04
SHA1 449ddc55ce0205dfd05d26bd8acd79f7ae734541
SHA256 b180e15dfa060b8f8c27e735cb2ec3dbea6a21f49763bb40d3bd8e8cedb3df39
SHA3 075dfb1ad19b423edf8e24f2b52dd0f56181cd3403a7108f2dc73300ee32fe1f

10

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x208
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30852
MD5 1add3ba54213bb81da7a81d53bf104a1
SHA1 c6b2fb575b9abcc0dcacf8056261f9289c041581
SHA256 e46661210e22370c27faec2fec72257df1b0ab138e680ccb31613a987e2a5f0c
SHA3 a5a6f7206ba0a42c7479411f55991d3d2fd6729b95a3e73f9a2ae75111d1d1b0

String Table contents

Juyayaxo yovahaperoje huni
Xadujupekeyohi zeta bezuyek fedenolacer
Hurojuribip mujajazo noxi mixirev bimacasume
Sepidogu yesemavoyefuj cijuzog bajicovegamu fubadonusoninom
Nay lozoyimok tireyehotusage
Yumigovafota samokafocale kijeha
Fisarihagegemid nemayugodivo pulohi tepetagujilu tiyorovelific hunavuzulibek koraxi
Yifufocuke sarafobum mafutenaderuyoz bivifezoribuves gofuci susoderodadolid xukoku wexutokilemubit zihovonoj
Fus noyoducici vubisa vel pohopicetol hewiw tilodib rojemaw lubehezolijohus
Zoti badomovov yabuziw
Tupuxif caxutivohidujiz
Nuc
Necatozirexa jonan tazuxafez lutadonoderavi dudukifesujok vah tohe tudosihe dufofezogo mebodapegebobo
Hiranasazocaw nemefetapabadum sapigafobexahik beseniwobuka kow suvigasehuxi giki mesukowaro marajef pexu
Bibihusoregip monefuhaba xuxari lezapok dirogucokad hibi zosebuzegobexot jugiwidofis cezak gukinix
Xinewe dodamayakojeduj zaxetelopaguja fulijope deciniya yewonusofayah coyuyibovo cotuviyehos
Wiketif maful zonizadotepe nicajaxisateye sobomumonemakev heparemox dit zamasapib xazubilizehux
Nisomafu cuvovutexozekax fiz cakusazec yuhonek
Nigib hejiluh xacuya gati dopukaz cesijecebotebi cap
Sujofe hagel kacufijapun xarawehasip
Mufuyeh doxaju talumoduyizi valab punulirom kupuz xudorijize moridewodizoza sutoy
Bilawamesor velicafukaga fufifi bejavokeb rohat tusuyuzebubul gix hopi yofolivuda
Kadevepug kuvobodokex nutene tabow yure jikexopudu lufumod pitaxifuhute menedafivaduxew kumanohon

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 59.0.0.0
ProductVersion 65.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileVersions 8.8.87.89
InternalName Electricidad.exe
OriginalFilename Hungle.exe
ProductName Hsdfgidgfyh
ProductVersion (#2) 2.70.47.63
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0x5dc23fdd
Unmarked objects 0
C++ objects (VS2010 build 30319) 26
ASM objects (VS2010 build 30319) 19
C objects (VS2010 build 30319) 111
Imports (VS2008 SP1 build 30729) 9
Total imports 129
175 (VS2010 build 30319) 1
Resource objects (VS2010 build 30319) 1
Linker (VS2010 build 30319) 1

Errors

<-- -->