92818764a320ca57d8656d5700ffd281

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: /4
Unusual section name found: /18
Unusual section name found: /30
Unusual section name found: /43
Unusual section name found: /59
Unusual section name found: /75
Unusual section name found: /94
Unusual section name found: /106
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Leverages the raw socket API to access the Internet:
  • WSAGetOverlappedResult
Malicious VirusTotal score: 4/67 (Scanned on 2018-06-18 15:08:43) Cylance: Unsafe
TrendMicro-HouseCall: Suspicious_GEN.F47V0609
Jiangmin: Trojan.Mucc.afs
Antiy-AVL: Trojan[Backdoor]/Win32.Gorsh

Hashes

MD5 92818764a320ca57d8656d5700ffd281
SHA1 0f00b7bf22cdf634018ad8d23a9ee125398e3aac
SHA256 b7e6a4a1e42eb3847adf39df532ea6d6f2d5cd4b6dfc613860417b30c7fd1ac9
SHA3 2c7c814760f606b4407e35ee0476b04ae5fd694c7283d7b44042fdd81f8a129a
SSDeep 49152:Qt+kuLvMMdfUxQjhhESGknrjbYr/rBsKWiz5wkp4+mQkfU5mI0/aTtd7dkmd5y5:7dAQjnr+dsO6v88eLbU5FsXxDCisDGR
Imports Hash 96c44fa1eee2c4e9b9e77d7bf42d59e6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 12
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x8dd600
NumberOfSymbols 11712
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x5e3400
SizeOfInitializedData 0x3c000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000055950 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x98d000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 fe10063f3775f5792d9319b631428342
SHA1 77e445814ba5ad99b6fda9a41f4559f6a827b947
SHA256 117589916ee33a40fa1ce38d209093a2c697afd978a3e7bc96cb9e79b005aadf
SHA3 dce45c6b6c5db8ede2a273c84bdb0b9d744d4e99c0916dfbb9bfd52572452a1d
VirtualSize 0x5e32a6
VirtualAddress 0x1000
SizeOfRawData 0x5e3400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.88491

.data

MD5 6c88423b0c9240d795e99a9110f00b7c
SHA1 736229abe291e5699d2830e8731f4cce66de6b3e
SHA256 8ac55f2dcd81034c811ac6fed95d27baaf523adc47148b1c88ebdaf740b1bd5a
SHA3 4b4b6fba7745311d217bbab03b0751566448c990bb59a4775ae669a01d75d12d
VirtualSize 0x5ccb8
VirtualAddress 0x5e5000
SizeOfRawData 0x3c000
PointerToRawData 0x5e3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10622

/4

MD5 5297c917947d98d48aa44033a6f61bb4
SHA1 2bd5ade2e7b4f92b3449bac367ede6eacf41ff97
SHA256 f08eec20b7dc1a292a88976cc2169472e930495a36f7ca7101f408b08a4f9611
SHA3 4dcbc1c7615a794f528676a6eab593f555840a251f425fdd86b10ba7bad57606
VirtualSize 0x1b5
VirtualAddress 0x642000
SizeOfRawData 0x200
PointerToRawData 0x61fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.23636

/18

MD5 512aa7f660281b1b8d8381173e129c87
SHA1 82e70239da85e62f733ce6f520f829d7635ade17
SHA256 3a7bffe3be7db4c91b8a316002750f875353d13f53f2bb2b13ea61fc49b1d08a
SHA3 29edf77fcaffcf460f468ad2e4b88ed729b53b2c71177d07a08ef949f4609102
VirtualSize 0x5007a
VirtualAddress 0x643000
SizeOfRawData 0x50200
PointerToRawData 0x61fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.56331

/30

MD5 81ed187f4a50162509e173650f8f4d7d
SHA1 41fa89f38001114aada586a0c730d2e9c84acbfe
SHA256 975adbc45b19ee8a3e1073d01148c61e6aa14718ed7d6a95f37ebfe4d3c718af
SHA3 b9638aaf85f3080f254cf29c625786434ef0ee13bb1d81f7e813131edb46577d
VirtualSize 0x576b4
VirtualAddress 0x694000
SizeOfRawData 0x57800
PointerToRawData 0x66fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.72394

/43

MD5 89b5c4e0807af35ee3e020c962330db7
SHA1 5678cbd3ab4f092e4329ef0a41c201bce7720b1f
SHA256 2fe93e2d432b56d29857a17c8a6df2e731cb8cddaa51960984d942770e591b33
SHA3 8e9a937d94f52934428818535f2514d41300cd3fab3077f4e43f780808669cd4
VirtualSize 0x1d8f2
VirtualAddress 0x6ec000
SizeOfRawData 0x1da00
PointerToRawData 0x6c7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42416

/59

MD5 cbc2f0711720f4a671e0f5b65997f2d6
SHA1 75a50693c6edef0396c3156307284ae669abc58d
SHA256 54d070113d82079855226491dd3d0d9685fbdf3ddc0aa48098d383e2e9befa03
SHA3 0c956c38add454c73c8c1b32de9f0cf4bf3a296b181ea5b0a279ac6358191869
VirtualSize 0x33f14
VirtualAddress 0x70a000
SizeOfRawData 0x34000
PointerToRawData 0x6e5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.48403

/75

MD5 d55036c917e5c260dc3a3446984c1111
SHA1 e26f5f67ee450dc4c66462082a59e0baf15fefae
SHA256 4b87402c03c1c337134d9374db1c0cf8a4a3e7d3444cb7b5374a2029d1742dbe
SHA3 c50685a70411476d6daea88c34d7fa0c0d3dfb0552b4045fd12133b99a7268a8
VirtualSize 0x2a
VirtualAddress 0x73e000
SizeOfRawData 0x200
PointerToRawData 0x719000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.74559

/94

MD5 f6bf10378fe89b5d568b50d775c2ed12
SHA1 8626a763344cfa4367facdbf372e4bcc46d7bc60
SHA256 1b146ca95fc73e09c6d6329b5c4a54fa0cc0a9be6cac330dd5146215541b2ca9
SHA3 1bfd8c0f5841a2611dce69e4536d320f35867261425280150c14019b5d171b19
VirtualSize 0x199aa4
VirtualAddress 0x73f000
SizeOfRawData 0x199c00
PointerToRawData 0x719200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.74151

/106

MD5 3c3bf06dc167caa59aa21fe41db9d63d
SHA1 e652be50415a9af2eaa06916b65feebce718ce34
SHA256 f1174c25f4f74e24ffc3c74c428dd75a925643b1e519ec463f69018d643c1871
SHA3 6ad7a6fe6a449924eeb86ee6266c6ac911fc7077eb629b9fcdbfeaa33ce70f86
VirtualSize 0x2a340
VirtualAddress 0x8d9000
SizeOfRawData 0x2a400
PointerToRawData 0x8b2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.31071

.idata

MD5 2df17de52480e66143dccfcc1448c999
SHA1 fd5ddfd28f54ecb59a21888d58667ed9c74e51dd
SHA256 cd05c569f29871c4440b7402ea4ade83054a949d494fe512d5c48d3c4e55c376
SHA3 3764ec328ccb9a5da178360b330ac0858de5c9ac538dad33eeb5855c61883913
VirtualSize 0x3fe
VirtualAddress 0x904000
SizeOfRawData 0x400
PointerToRawData 0x8dd200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.27157

.symtab

MD5 c383948ca92e9852358a19340dfa4ec4
SHA1 9e461d5067d41b32088cffc0ccac27e4dacbb81f
SHA256 a20cef2149e46a97fd0fe8eb2175e047c3acce18bd3196ff0c42d2902b5b976c
SHA3 dcefa0cbeed166078a30fa71b701ea0481ee9cff40c9925d113c92b3ffc253d3
VirtualSize 0x87811
VirtualAddress 0x905000
SizeOfRawData 0x87a00
PointerToRawData 0x8dd600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.39581

Imports

winmm.dll timeEndPeriod
timeBeginPeriod
ws2_32.dll WSAGetOverlappedResult
kernel32.dll WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4! [*] Warning: Tried to read outside the COFF string table to get the name of section /18! [*] Warning: Tried to read outside the COFF string table to get the name of section /30! [*] Warning: Tried to read outside the COFF string table to get the name of section /43! [*] Warning: Tried to read outside the COFF string table to get the name of section /59! [*] Warning: Tried to read outside the COFF string table to get the name of section /75! [*] Warning: Tried to read outside the COFF string table to get the name of section /94! [*] Warning: Tried to read outside the COFF string table to get the name of section /106!
<-- -->