8c53e654289d2af66ff6b49eee2f705d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Aug-03 16:02:26
Comments
CompanyName Command Transportation
FileDescription Clutch
FileVersion 1.0.0.0
InternalName Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename Clutch.exe
ProductName Clutch
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): .NET executable -> Microsoft
Info Interesting strings found in the binary: Contains domain names:
  • adobe.com
  • http://ns.adobe.com
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/sType/ResourceRef#
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/expression/blend/2008
  • http://schemas.microsoft.com/winfx/2006/xaml
  • http://schemas.microsoft.com/winfx/2006/xaml/presentation
  • http://schemas.openxmlformats.org
  • http://schemas.openxmlformats.org/markup-compatibility/2006
  • http://www.w3.org
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • microsoft.com
  • ns.adobe.com
  • openxmlformats.org
  • schemas.microsoft.com
  • schemas.openxmlformats.org
  • www.w3.org
Suspicious VirusTotal score: 1/72 (Scanned on 2020-11-20 18:23:24) APEX: Malicious

Hashes

MD5 8c53e654289d2af66ff6b49eee2f705d
SHA1 8f3850ca824f02849864d6b85458bc1c5db6b952
SHA256 156518be18f0f92215340d4087f2dd76c20ccf03d1dfae40254806489d4c79bc
SHA3 f515a39b18c5a019b9a4300396cd13284a4a13df26bb37379dd69c85d73b5c64
SSDeep 49152:rziw4ZZ1VKKa9/VphZoKajSr/HtRjLIr8RaY6G0n5AT7XSuBk7tNGLuU7iRiE3d:r2vZPwz/VphWKamZRnIrDHGTzPBqtJ4
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Aug-03 16:02:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 80.0
SizeOfCode 0x2db200
SizeOfInitializedData 0x4200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x002DD186 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x2de000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x2e4000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5deda4732f375a98de0c6aad91b6fcb4
SHA1 0b4d75223fc9e6b818b89d438a47b8d899a996f1
SHA256 f8aa1830910adf17ae525bb26b58a9d75d87c3704b7f8c1cf62c2dc2acb43b76
SHA3 9f150a79030cfd4f834af9e26e3e64e2757d374b54fd244ac151d4e866a82a8d
VirtualSize 0x2db19c
VirtualAddress 0x2000
SizeOfRawData 0x2db200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.97926

.rsrc

MD5 f3e430655496c71bc7abd2f65b82f816
SHA1 a4bbb31fc5d441485f8a9eb6f279d558ec304f01
SHA256 4caabd89af9af94c920cff64f7c79eaa64bf2006e7cd4796b461d8f087082f84
SHA3 35387f9eca1102c883f865ec6695b41d541582d42079b9b6cd200ed13cf00d6d
VirtualSize 0x3f4c
VirtualAddress 0x2de000
SizeOfRawData 0x4000
PointerToRawData 0x2db400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.99408

.reloc

MD5 accd205c08ea91ed74495826ad1ff265
SHA1 a602d60f61954494bd52661f9d1261fec360615c
SHA256 7bf5b7a2daa9f7f29b7b21d6c29dc2dbaf83f95eadbb9cbfaf85a340b07eaed3
SHA3 a3400de461a50842698fd0e54f70572dc163771a6948dc59d575621f8262e5b0
VirtualSize 0xc
VirtualAddress 0x2e2000
SizeOfRawData 0x200
PointerToRawData 0x2df400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.71044
MD5 acd166266ad2d21bbe6f74bd8459f882
SHA1 7f511d453a0d33fff545ee86b3d60501f48c66d7
SHA256 2560f0369535a59faa7c6dc0e66efcd4305d92476d59f7b27d05b469ef33c5f2
SHA3 bff742c889493877fb8b8c394366fd1f8f60fa105b4a1574343c4a3f7699e1b9

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.9805
MD5 378ef88fb417e316e35aefbe5965f42e
SHA1 6ad958dccb88821c274512d9a23bb7317b606584
SHA256 e97c7f8b850a624df78e017dcfbcf51ac40da921810f006b7124b9a64c694c95
SHA3 8e37e4f080178c6a6f3c8ff10b1bde8e36b2362a49a883ccfd6615cd0afda0fc

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.01417
MD5 01b83756c5d8e13ee6250212d812aa39
SHA1 41531f8fe918b89641b68b717b2f46d17ee72dc4
SHA256 74f049410dd6b3ad343be5cd391969a20b743be8294380a38e873942a8103eab
SHA3 2f701464a76d139f73a39c63f7964a19ba8cf54807cbfe6327e9fde2253bdfc4

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 409e1724611e0bc39356e2f58888db55
SHA1 c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256 6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3 315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x318
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21079
MD5 d765fbc2e68159e4973bc2cfdfc4a086
SHA1 15169cb925b795b61f1e6612fbc8f824f084feb5
SHA256 eb1abc8c3bff222aaa1342ed0873caad54924b9447263a7144ea59c8d95cf516
SHA3 4e22f10aeaa205ec2ebf6556e7eaebf33f9c1cbea39491163a89ad240e320e23

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName Command Transportation
FileDescription Clutch
FileVersion (#2) 1.0.0.0
InternalName Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename Clutch.exe
ProductName Clutch
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors