Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Aug-16 23:22:50 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
19154748 bytes of data starting at offset 0x43400.
The overlay data has an entropy of 7.99749 and is possibly compressed or encrypted. Overlay data amounts for 98.5823% of the executable. |
Suspicious | VirusTotal score: 1/68 (Scanned on 2020-09-16 04:49:38) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2020-Aug-16 23:22:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x21600 |
SizeOfInitializedData | 0x2c000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000835C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x51000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
MessageBoxW
MessageBoxA |
---|---|
KERNEL32.dll |
WriteConsoleW
GetLastError SetDllDirectoryW GetModuleFileNameW GetProcAddress GetCommandLineW GetEnvironmentVariableW SetEnvironmentVariableW ExpandEnvironmentStringsW GetTempPathW SetEndOfFile Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW LoadLibraryExW CreateDirectoryW LoadLibraryA FormatMessageW MultiByteToWideChar WideCharToMultiByte HeapReAlloc WaitForSingleObject RaiseException HeapSize GetTimeZoneInformation RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetModuleHandleW RtlUnwindEx SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetCommandLineA ReadFile CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType CloseHandle PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindClose FindFirstFileExW FindNextFileW SetStdHandle SetConsoleCtrlHandler DeleteFileW GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapAlloc HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleCP GetFileSizeEx CompareStringW LCMapStringW GetCurrentDirectoryW FlushFileBuffers GetFileAttributesExW IsValidCodePage GetACP GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW GetStringTypeW GetProcessHeap |
ADVAPI32.dll |
ConvertStringSecurityDescriptorToSecurityDescriptorW
|
WS2_32.dll |
#14
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Aug-16 23:22:50 |
Version | 0.0 |
SizeofData | 680 |
AddressOfRawData | 0x2fd20 |
PointerToRawData | 0x2e720 |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140033018 |
XOR Key | 0x6b76df8a |
---|---|
Unmarked objects | 0 |
C objects (26213) | 10 |
ASM objects (26213) | 7 |
C++ objects (26213) | 185 |
C++ objects (VS 2015/2017 runtime 26706) | 38 |
C objects (VS 2015/2017 runtime 26706) | 17 |
ASM objects (VS 2015/2017 runtime 26706) | 8 |
Imports (26213) | 9 |
Total imports | 113 |
C objects (27042) | 16 |
Resource objects (27042) | 1 |
Linker (27042) | 1 |