Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-May-25 18:42:28 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
21138819 bytes of data starting at offset 0x4e600.
The overlay data has an entropy of 7.99875 and is possibly compressed or encrypted. Overlay data amounts for 98.5041% of the executable. |
Malicious | VirusTotal score: 26/64 (Scanned on 2023-05-26 17:48:18) |
MicroWorld-eScan:
Generic.Trojan.Stealer.D.FDD38524
McAfee: Artemis!93136D138414 Malwarebytes: Agent.Spyware.Stealer.DDS VIPRE: Generic.Trojan.Stealer.D.FDD38524 Symantec: Trojan.Gen.MBT Elastic: malicious (high confidence) Kaspersky: UDS:Trojan-PSW.Win64.Alien.cmo Alibaba: TrojanSpy:Win64/Genric.21ebf96e Avast: Python:Agent-IR [Trj] Emsisoft: Generic.Trojan.Stealer.D.FDD38524 (B) F-Secure: Heuristic.HEUR/AGEN.1358346 McAfee-GW-Edition: Artemis Sophos: Mal/Generic-S Ikarus: Trojan-Spy.Python.TokenGrabber Avira: HEUR/AGEN.1358346 MAX: malware (ai score=80) Arcabit: Generic.Trojan.Stealer.D.FDDD967C ZoneAlarm: UDS:Trojan-PSW.Win64.Alien.cmo Microsoft: Trojan:Win32/Sabsik.FL.B!ml Cynet: Malicious (score: 99) Cylance: unsafe TrendMicro-HouseCall: TROJ_GEN.R002H0CEQ23 Tencent: Win32.Trojan.Agen.Cplw Fortinet: W32/PossibleThreat AVG: Python:Agent-IR [Trj] DeepInstinct: MALICIOUS |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2023-May-25 18:42:28 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x28800 |
SizeOfInitializedData | 0x25a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000AFA0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x63000 |
SizeOfHeaders | 0x400 |
Checksum | 0x147c10a |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x1e8480 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
CreateWindowExW
MessageBoxW MessageBoxA SystemParametersInfoW DestroyIcon SetWindowLongPtrW GetWindowLongPtrW GetClientRect InvalidateRect ReleaseDC GetDC DrawTextW GetDialogBaseUnits EndDialog DialogBoxIndirectParamW MoveWindow SendMessageW |
---|---|
COMCTL32.dll |
#380
|
KERNEL32.dll |
IsValidCodePage
GetStringTypeW GetFileAttributesExW HeapReAlloc FlushFileBuffers GetCurrentDirectoryW GetACP GetOEMCP GetModuleHandleW MulDiv GetLastError SetDllDirectoryW GetModuleFileNameW GetProcAddress GetCommandLineW GetCPInfo SetEnvironmentVariableW ExpandEnvironmentStringsW CreateDirectoryW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW FreeLibrary LoadLibraryExW FindClose FindFirstFileExW CloseHandle GetCurrentProcess LocalFree FormatMessageW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap GetTimeZoneInformation HeapSize WriteConsoleW SetEndOfFile GetEnvironmentVariableW RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent RtlUnwindEx SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer RaiseException RtlPcToFileHeader GetCommandLineA CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindNextFileW SetStdHandle SetConsoleCtrlHandler DeleteFileW ReadFile GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW |
ADVAPI32.dll |
OpenProcessToken
GetTokenInformation ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidW |
GDI32.dll |
SelectObject
DeleteObject CreateFontIndirectW |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-May-25 18:42:28 |
Version | 0.0 |
SizeofData | 772 |
AddressOfRawData | 0x3966c |
PointerToRawData | 0x3826c |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14003d000 |
GuardCFCheckFunctionPointer | 5368882200 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xa4b59193 |
---|---|
Unmarked objects | 0 |
ASM objects (29395) | 7 |
C++ objects (29395) | 190 |
C objects (29395) | 10 |
253 (VS 2015-2022 runtime 30818) | 4 |
C++ objects (VS 2015-2022 runtime 30818) | 40 |
C objects (VS 2015-2022 runtime 30818) | 17 |
ASM objects (VS 2015-2022 runtime 30818) | 9 |
Imports (29395) | 11 |
Total imports | 139 |
C objects (VS2022 Update 2 (17.2.0-1) compiler 31328) | 20 |
Linker (VS2022 Update 2 (17.2.0-1) compiler 31328) | 1 |