8b923746242130bc39f9566cf8ab60dc

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Mar-11 14:46:52
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • High-Logic.com
  • Logic.com
  • github.com
  • http://scripts.sil.org
  • http://scripts.sil.org/OFL
  • http://scripts.sil.org/OFLhttp
  • http://www.zkysky.com.ar
  • http://www.zkysky.com.ar/This
  • https://github.com
  • scripts.sil.org
  • www.zkysky.com
  • zkysky.com
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
  • CreateToolhelp32Snapshot
 Possibly launches other programs:
  • CreateProcessW
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
 Manipulates other processes:
  • WriteProcessMemory
  • ReadProcessMemory
  • Process32First
  • OpenProcess
  • Process32Next
 Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 34/73 (Scanned on 2025-03-11 21:40:47) APEX: Malicious
AVG: FileRepMalware [Misc]
AhnLab-V3: Trojan/Win.Generic.C5604983
Avast: FileRepMalware [Misc]
Bkav: W32.Common.02476C0A
CAT-QuickHeal: Trojan.Ghanarava.1724305954ab60dc
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
DeepInstinct: MALICIOUS
ESET-NOD32: a variant of Win64/GameHack.IZ potentially unsafe
Fortinet: Riskware/Application
GData: Win64.Trojan.Agent.O8GAWC
Google: Detected
Gridinsoft: Trojan.Win64.Gen.sa
Ikarus: Trojan.Win32.Generic
K7AntiVirus: Unwanted-Program ( 005b0e871 )
K7GW: Unwanted-Program ( 005b0e871 )
Lionic: Trojan.Win32.GameHack.4!c
Malwarebytes: Malware.AI.1492285693
MaxSecure: Trojan.Malware.259638731.susgen
McAfee: Artemis!8B9237462421
McAfeeD: ti!021F53C23281
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Rising: Trojan.Znyonm!8.18A3A (CLOUD)
Skyhigh: BehavesLike.Win64.Injector.th
Symantec: ML.Attribute.HighConfidence
Varist: W64/ABRisk.SCDW-7205
ViRobot: Trojan.Win.Z.Agent.1425408.CD
Webroot: W32.Trojan.GenKD
Yandex: Riskware.Agent!M3o8/zPudoY
Zillya: Trojan.GameHack.Win64.600
alibabacloud: Trojan:Win/GameHack.690d4d02

Hashes

MD5 8b923746242130bc39f9566cf8ab60dc
SHA1 430ef7824759dc2295eb6cc5591bf2558c71e350
SHA256 021f53c2328113f02db282d7bde017efcf807b1021173e497c06711a15d7f98f
SHA3 e5440df8c697a1caa8be4b062866143c7e9fd394d5e2a8c12ca20a4130581294
SSDeep 24576:iJgvkMzSYAM9YSlbczEpQizfmQDc06WogeOfQr0W:itMzLAVStcdiT7FoR2A0W
Imports Hash a98fcc30097a9893402b8be27c43a74b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2023-Mar-11 14:46:52
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xaf600
SizeOfInitializedData 0xaee00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000007C194 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x164000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 74c729ffe067e412265cef5e227b941f
SHA1 13220126e6a3fb74db21c36b0b26850529147304
SHA256 f12ebd078c691009350e0f224948d56b3d25d37d4c600176b34db7289db67265
SHA3 f996f0c7937dd51d8e042832862967a9611e28154a1a514e4ec55e63da056e7c
VirtualSize 0xaf4bc
VirtualAddress 0x1000
SizeOfRawData 0xaf600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.53347

.rdata

MD5 9d57e79a55d59989ad76759c60a966aa
SHA1 dc3ff3ffe332458682122e7b115280162d8a2003
SHA256 7e6c97b7aad8610436290bc3e8f889f549d2232cfa11ed2dbe15ab01a32b85ba
SHA3 b630e69cd5dbd88aad1a53eead2a42de54fe39a6558784d5247a4548ec3ba673
VirtualSize 0xa2220
VirtualAddress 0xb1000
SizeOfRawData 0xa2400
PointerToRawData 0xafa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.22674

.data

MD5 5ecefc752dc538d6b53e0188d9c9fa36
SHA1 9434aa4d90349ea384e01e532170662802b64665
SHA256 e97d78737aadb9800bac875739f1ac2848d8b2bfa4cdb71cf58a489ac3df176f
SHA3 69e7a0d60ee02e83a679e18ec316b26556452356497a1e434f9e653de314ca1a
VirtualSize 0x4204
VirtualAddress 0x154000
SizeOfRawData 0x1c00
PointerToRawData 0x151e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.37411

.pdata

MD5 d4eab302e769e08c2f79b1e7684c7829
SHA1 05a20b37e863974d497c1f223f55a82e4825d857
SHA256 f15bc63f424355d154ad3328f87387471a75aa48dcd1f252f4c68f539293fa75
SHA3 7e3742d432012a6219caccf1e9678577d746aee8e5f32191a6e09532461fd244
VirtualSize 0x7080
VirtualAddress 0x159000
SizeOfRawData 0x7200
PointerToRawData 0x153a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.92759

_RDATA

MD5 92fa6a13e2a5108e0caa3aead0a96d6d
SHA1 3fd54eb7ed92651af58d63f3df4dcdd5c5471309
SHA256 369e871d5c86e9de18d284ec1668292d9785628d5a366902075d529cf9653024
SHA3 528c6d7f79afd3a0b729066871c835e3335fce6af97ad2a22efa6261855e1ff4
VirtualSize 0x15c
VirtualAddress 0x161000
SizeOfRawData 0x200
PointerToRawData 0x15ac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.27696

.rsrc

MD5 6be9b05798cdc0744a882fd69ae48858
SHA1 087e42634c196f85555967c5bdd71bd4062e41fc
SHA256 0c220e390e68f248f103154b46f9cbf28806ba83bec9909e8b0f3a150c59b04e
SHA3 69397d32f7941e97e1dc178341ea54c8378d1260f0e2ce4183a968b1bb866d23
VirtualSize 0x288
VirtualAddress 0x162000
SizeOfRawData 0x400
PointerToRawData 0x15ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.84686

.reloc

MD5 648dec168b05f1b45ea532ce07107dfa
SHA1 c739d83c11793749dfbe171547c63785ef8ba475
SHA256 2672163da5f999c127ccfa81f46b0ca15c94a064ae25abfedfacdf6c8cb6ab5f
SHA3 233f5c86d4d9b7ab7aa41c0692fac462b238bf6adedff762334d091c7f9393db
VirtualSize 0xd14
VirtualAddress 0x163000
SizeOfRawData 0xe00
PointerToRawData 0x15b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.33155

Imports

d3d11.dll D3D11CreateDeviceAndSwapChain
d3dx9_43.dll D3DXMatrixTranspose
dwmapi.dll DwmExtendFrameIntoClientArea
USER32.dll FindWindowA
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DispatchMessageA
LoadCursorA
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetWindowThreadProcessId
GetWindowRect
KERNEL32.dll HeapReAlloc
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
SetConsoleTitleA
GetCurrentProcess
GetTickCount64
K32GetModuleBaseNameA
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
IsValidCodePage
AreFileApisANSI
GetLastError
GetModuleHandleW
MoveFileExW
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetEndOfFile
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TlsGetValue
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
SetStdHandle
HeapSize
WriteConsoleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
IMM32.dll ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext
D3DCOMPILER_43.dll D3DCompile

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x224
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04378
MD5 245b863be176aab16ef1dbe168defe03
SHA1 c0a369f6f0e77b89c5d9d37fb94e1d5e2d431b5b
SHA256 59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa
SHA3 7efbe82f17422b353f747a146c1e8f1b9df37e90648150f2020442ff9477341e

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-Mar-11 14:46:52
Version 0.0
SizeofData 1008
AddressOfRawData 0x1463d4
PointerToRawData 0x144dd4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2023-Mar-11 14:46:52
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1401467e8
EndAddressOfRawData 0x1401467f0
AddressOfIndex 0x1401568e8
AddressOfCallbacks 0x1400b1800
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140154060

RICH Header

XOR Key 0xaebf3c76
Unmarked objects 0
ASM objects (29395) 23
C++ objects (29395) 190
C objects (29395) 27
C objects (VS2022 Update 4 (17.4.2) compiler 31935) 18
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) 10
Imports (29395) 10
Imports (21202) 7
Total imports 237
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) 92
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215) 17
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215) 1
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215) 1

Errors

<-- -->