888005e38e5b5b112018cf6e4dfe63c2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Sep-16 12:30:21

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Info Interesting strings found in the binary: Contains domain names:
  • http://www.smartassembly.com
  • http://www.smartassembly.com/webservices/Reporting/
  • http://www.smartassembly.com/webservices/Reporting/UploadReport2
  • http://www.smartassembly.com/webservices/UploadReportLogin/
  • http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
  • smartassembly.com
  • www.smartassembly.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious The file contains overlay data. 36680 bytes of data starting at offset 0x41000.
The overlay data has an entropy of 7.99462 and is possibly compressed or encrypted.
Malicious VirusTotal score: 23/66 (Scanned on 2020-09-16 09:28:31) Elastic: malicious (high confidence)
McAfee: Artemis!888005E38E5B
Sangfor: Malware
Cybereason: malicious.d0adfa
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of MSIL/Packed.SmartAssembly.AZ
APEX: Malicious
Paloalto: generic.ml
Cynet: Malicious (score: 100)
Kaspersky: HEUR:Backdoor.MSIL.NetWiredRC.gen
Avast: Win32:RATX-gen [Trj]
DrWeb: Trojan.PackedNET.276
Invincea: Generic ML PUA (PUA)
FireEye: Generic.mg.888005e38e5b5b11
SentinelOne: DFI - Malicious PE
ZoneAlarm: HEUR:Backdoor.MSIL.NetWiredRC.gen
BitDefenderTheta: Gen:NN.ZemsilF.34242.smZ@aSeIfub
Ikarus: Trojan.MSIL.SmartAssembly
eGambit: Unsafe.AI_Score_95%
Fortinet: MSIL/Kryptik.SHS!tr
AVG: Win32:RATX-gen [Trj]
CrowdStrike: win/malicious_confidence_100% (W)
Qihoo-360: HEUR/QVM03.0.F69B.Malware.Gen

Hashes

MD5 888005e38e5b5b112018cf6e4dfe63c2
SHA1 73366cbd0adfa0bac401588ce9e062f456e1a9ec
SHA256 aff0f01bfb06951ff4567c496207f406b066cfd78c32177f744b6609197ca086
SHA3 27d5d3244f214665029e5eee4d90dab7176ceba67e57494e692ae0176e73e7cb
SSDeep 6144:wqZ9TBsA0HVHY9g2/2eBT1meF8LXlIUb68d1GV2kzv3:wohBsPHVHc+eV1mC8bl1bXd1GV9j
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Sep-16 12:30:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x40800
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0004273B (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x44000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x48000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f4331988a22740c8700c5fc1157072db
SHA1 754ea5d1f2d632e48e5fd86059e1d7b456212142
SHA256 d77941d942e4e78cd27b322cfbe3c7ffba925cd5ec68b589d3f2a5e608e7f887
SHA3 8eed66139061b0e6efd391c9ae9463acb14efe31fa654fe58fec430136178460
VirtualSize 0x40741
VirtualAddress 0x2000
SizeOfRawData 0x40800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.05128

.rsrc

MD5 6e8fe56815ff21238333fa18f46746fa
SHA1 046146b63742bd7bb985a78e6d8947e094cdb94f
SHA256 5e76b9231d242b5c3241f41bc2a20fc0c50e647e47d60f97aa82590872a8619a
SHA3 2119aec0ecf8e826ace139bd796eeaca64c0c60f1160c65033fc57730e34195c
VirtualSize 0x394
VirtualAddress 0x44000
SizeOfRawData 0x400
PointerToRawData 0x40a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.31544

.reloc

MD5 56573b5272f69d1c4ee380732de3271b
SHA1 9392414704a02fa04b6ba20fe216228817d7f169
SHA256 45e0d025416ab30da8d735217543b6291676ff4324371b6fb141c79bacaac25a
SHA3 8db7a4a3cca85670df195885e499cd62913ee50d83f74ed13f994a2e93f59e04
VirtualSize 0xc
VirtualAddress 0x46000
SizeOfRawData 0x200
PointerToRawData 0x40e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96286
MD5 4dcb7d0708a18f2965b2978d6e1e7aa6
SHA1 60d3660c9d3857868859b9fd581057294bf654a4
SHA256 acba1bc050f08a9b008e23862fb5df15e2fb5f1dc511beb6ab15b723fd608987
SHA3 d11239f679f0cf52bdac39da8bfae5587fa689b6222626ba3d3a1370fa84210f

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 a603e440adc86f00a5463060ee772153
SHA1 3ff28dcc90b5233bf8c7ac902c0da1af0362ddfc
SHA256 9acb4982706f5cdb4f38c1d3d2e4b765747531c73f49a89a09ade970116d8d9c
SHA3 41f85b8da1d23645c68bd051703b1fc22b2caf68d9269d260473acffd4ac9777

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors