8af145865f7fa48e110bf585878cf73c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Sep-04 14:40:31

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • distutils.info
  • linalg.info
  • numpy.core.info
  • numpy.distutils.info
  • numpy.fft.info
  • numpy.lib.info
  • numpy.linalg.info
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryA
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Leverages the raw socket API to access the Internet:
  • ntohl
 Enumerates local disk drives:
  • GetDriveTypeW
Info The PE is digitally signed. Signer: deepinstruction O\xC3\x9C
Issuer: Sectigo RSA Code Signing CA
Suspicious VirusTotal score: 1/69 (Scanned on 2023-03-04 20:49:07) APEX: Malicious

Hashes

MD5 8af145865f7fa48e110bf585878cf73c
SHA1 272ad5df02c381cfd7ac448b6d1e424fa7aeb017
SHA256 566879320a2fd2e4d32d1135286113ceb798aa8f836a9461237f8bdce971835d
SHA3 5dfb3e482520eed376c721ecb78de7119648503b2340fd01dff55917e494d562
SSDeep 98304:ss+q2ndK8hDRqqWoSKWPa1Zexfe+lhEJKOdUQJHfxegHDKnjajuG:ssQkKwPo7I6ZsTbuK0UQ1xWmuG
Imports Hash 94984869e1c4b93c0069850d9e3b564b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2018-Sep-04 14:40:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20c00
SizeOfInitializedData 0x31000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000008CA8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x56000
SizeOfHeaders 0x400
Checksum 0x4bd958
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e3dc4a8186fe446d3fd1d74070d0f64b
SHA1 62a78805de81886052ce63605679549e3b1cb911
SHA256 80ce1c8d2b572163e6bb8624576f648f35bb1866e60147de70ece7e90e85f93c
SHA3 cd35c108de8ad3ad5cdb03baf31bb9820018b1f955c832c925cd0f27013c0866
VirtualSize 0x20b00
VirtualAddress 0x1000
SizeOfRawData 0x20c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.45415

.rdata

MD5 223b810d4592db6fba6f30acb3157163
SHA1 b206cbe32fee7a85a1fc7eb8ed5e728f6547154e
SHA256 7efaa9655524960e3ea6ede22b919f3b58076b949b85f8f7e311d7d0479b92bc
SHA3 376fbf3befaed623306f1f328c7e9adab21c747e97e19a1bbec6252ae98494ed
VirtualSize 0xf4c0
VirtualAddress 0x22000
SizeOfRawData 0xf600
PointerToRawData 0x21000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.83027

.data

MD5 4c751bd0824879808309a05b27d4a492
SHA1 110d8c9590a7523ff85e3cb7ea3730c5deb93026
SHA256 c5d90e3a0a7d45bce2bcaf017cb74a2f701a507a4cd1904b519831db3a4d6976
SHA3 a5cb39ebc19c0258e45c865a45aa7c848cf076a7c0c40e1d9c2cc3f0626bdb25
VirtualSize 0xf108
VirtualAddress 0x32000
SizeOfRawData 0xc00
PointerToRawData 0x30600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.84448

.pdata

MD5 ced65a2d74ee6c2b2b7e1f8a599e1f6a
SHA1 59dc3c36febb64cacf6cba7962cfb3153a39dd16
SHA256 461047ed83aa6afa1b5a76331c4a811a5c7788c7ae4875bd01a033298d4e06ac
SHA3 6b60fa672cae03a54b405caf67510244a970951b455400a6805d63a3b208dcc9
VirtualSize 0x1cb0
VirtualAddress 0x42000
SizeOfRawData 0x1e00
PointerToRawData 0x31200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.1779

.gfids

MD5 20b34331f960e8b42c889c1c44ec93b0
SHA1 ba92b10ac0937b6cd77c695ed9ae52c2c36349e9
SHA256 c4742d645ca8f7edcaed8961c0c7f40d4c60966fba598298203660fbde025158
SHA3 787d2f428f0c00d48b5a810618a341824503002c16f4ba81ec70f648487a4005
VirtualSize 0xac
VirtualAddress 0x44000
SizeOfRawData 0x200
PointerToRawData 0x33000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.7507

.rsrc

MD5 67071da14c9db579039bbfecb42160c6
SHA1 efa6b3c0bf46c9ca21ab6436c9621148445eb469
SHA256 95371f6dbbc39f5134052a5ddcced3e2caf2ff49cbee47f09df41071e0058832
SHA3 14b905765ac995551f5aaf5383bcd151d7690edc9b4f8a2ec1c749c5f1ce59af
VirtualSize 0xfe3c
VirtualAddress 0x45000
SizeOfRawData 0x10000
PointerToRawData 0x33200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.80566

.reloc

MD5 dba232b263d15c005890f728ca658d4b
SHA1 7198ed03590d386a428b1cdb8aa7ac0d835ac010
SHA256 5b85d2e1842a227af7ca318b90ae5e45cf09722247d1ba647e3481352cd38bf8
SHA3 99263fd98cec12a1ee1e77946db21cf068aa46eb4cfc42ef636c0f90cc6df354
VirtualSize 0x698
VirtualAddress 0x55000
SizeOfRawData 0x800
PointerToRawData 0x43200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.9952

Imports

USER32.dll MessageBoxW
MessageBoxA
KERNEL32.dll GetFileType
SetEndOfFile
HeapReAlloc
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetTimeZoneInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
RaiseException
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
WS2_32.dll ntohl

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.96341
MD5 2ce64bc7bf488d5914dbffe1f8c198c6
SHA1 c521e3d49f0e8c3c40053770407863a7ec01d8aa
SHA256 eac7baeec7a451227e8e082a55dd9ec3fba82d84b2c8cc683a5b42b6500258d2
SHA3 4f09c85b8925ea2c66c422081194ac329ad6a0660f493cdb5d27ccc7bddcf434

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18309
MD5 7edc45620b816cdba1d33819d87e30de
SHA1 d8372ea42585044e8323011e4be673f3b696e469
SHA256 a222c3b92280c531525c34a8e126cc079f4f8d3e556cd3795a196e61281ed3ce
SHA3 16f58b4d80ada15f4ace5e77e02a3db8d4561b696c2f38f268d94aa9374b0b75

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.68023
MD5 0898824878b031f8991ce7e637c76a2c
SHA1 25f0bebef31b782ba22ff448ac4988642c8613a3
SHA256 9824ec37c0f1ce186acfe8c35b2642f6977472ea269d6ebd5c6046a1b0c9f43a
SHA3 898862b5a91375ab629bb3cd1e92f9f11bcc44a0d36ca037bf9b64880a9f7f62

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.43234
MD5 d3a5c2366d00a669adc2ccc29dadcb10
SHA1 df7f4a8c7afb1c7df256aa19b62a93d03b596a8b
SHA256 7dc86c5d64b13dc26f8606bb589584958f1fb5abf7856d7ffd6ac4e484a86081
SHA3 84d1e469d4526cb092a86bda466948247ef29743694bab95ea021116b994c6dd

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x7fae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98007
Detected Filetype PNG graphic file
MD5 201aab3ee1cc427288479398e7c58c63
SHA1 7e7e1b1940a84e6c8c5532fdcb109f0e7fd96966
SHA256 d99f1507b9bd41a309e0745af059d057210bd93a3a986f481bf8c7d268514ac5
SHA3 983b5b007e0ec511849e900b587cbabd91ef0008b0b9261eb4a1bc4b81ec4217

101

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.64638
Detected Filetype Icon file
MD5 e4ea13b98879ebc5079821ac4af777ba
SHA1 d3fe9ed31e91a82034f8ab4b4f9c682d12c52ca8
SHA256 d484677a4a3d8968deaaedbc7cdf4914d601717bee7c9b2ed3853abf27e763f6
SHA3 38aeb631161a26f9875c6fada95841086f15daef92c21754b8c02982973f282c

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Sep-04 14:40:31
Version 0.0
SizeofData 720
AddressOfRawData 0x2eaf8
PointerToRawData 0x2daf8

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140032010

RICH Header

XOR Key 0xd93e34b3
Unmarked objects 0
241 (40116) 7
243 (40116) 172
242 (40116) 13
ASM objects (VS2015 UPD3 build 24123) 7
C++ objects (VS2015 UPD3 build 24123) 28
C objects (VS2015 UPD3 build 24123) 19
Imports (65501) 7
Total imports 116
C objects (VS2015 UPD3 build 24210) 17
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3 build 24210) 1

Errors

<-- -->