946bbcfe627b005e9f1d577367d5f1b27b73917b80ef1659e1aeb38698965a22

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States

Plugin Output

Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 24/65 (Scanned on 2026-06-04 01:30:28) Antiy-AVL: Trojan[PSW]/Win32.Disco
Bkav: W32.Malware.490B5ED4
CTX: exe.trojan.disco
CrowdStrike: win/malicious_confidence_90% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Fortinet: W32/PossibleThreat
Google: Detected
Kaspersky: HEUR:Trojan-PSW.Win32.Disco.gen
Kingsoft: Win32.Trojan-PSW.Disco.gen
Lionic: Trojan.Win32.Disco.i!c
McAfeeD: Real Protect-LS!29614F8D6632
Microsoft: Trojan:Win32/Wacatac.B!ml
Paloalto: generic.ml
Rising: Stealer.Disco!8.1326E (LESS:bWQ1OilhT41mMnVkxlaR9+bI+Zg)
Sangfor: Infostealer.Win32.Disco.Vepf
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Trojan.vc
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
TrellixENS: Artemis!29614F8D6632
Varist: W64/ABTrojan.ICVZ-0294
alibabacloud: Trojan[stealer]:Win/Wacatac.B9nj

Hashes

MD5 29614f8d66327564c65691f7e6c8f998
SHA1 a35a3fd94fae5c65f28f20f8e7a5fe7c7a5b0c5a
SHA256 946bbcfe627b005e9f1d577367d5f1b27b73917b80ef1659e1aeb38698965a22
SHA3 22bcb3beeaebfabccd7bbfcdd0aaa4adbd083b0ef94bb9a4adb52899fd283fdf
SSDeep 49152:E5eHbjPBU3Btr7pF5GdkHQz14g0TDEYcQi/:DbTMBtr7f5G+HOK3Ti/
Imports Hash 6ed4f5f04d62b18d96b26d6db7c18840

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x686a00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x207000
SizeOfInitializedData 0x21000
SizeOfUninitializedData 0x2506000
AddressOfEntryPoint 0x000000000270C450 (Section: UPX1)
BaseOfCode 0x2507000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x272f000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2506000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 7ab8105070cd8e183664f8cdd9237818
SHA1 b38a024f664766cc923ca9c6726063ef33c97229
SHA256 b2b348fbbc789dd938afaa443612427dacc9e2f5dc31540131af969034df0d1d
SHA3 3a3332eb9609eeeaa220da8f322b43f6b3c3089f637de6e6a6778a550cfd199b
VirtualSize 0x207000
VirtualAddress 0x2507000
SizeOfRawData 0x206200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99988

.rsrc

MD5 8f74d6a3a36e55f4ed218635eb86acc3
SHA1 5090b453a8a0bda1b3b33a9e3879b28372598c53
SHA256 956573f15c661c2b1c89f5cc087db2174f75e2cb3b075294fb15ec527161d067
SHA3 1dcc2e2e664d6ecb3670e720c8fade37440595ce6867bc83aaeff90c9fc6c6fd
VirtualSize 0x21000
VirtualAddress 0x270e000
SizeOfRawData 0x20c00
PointerToRawData 0x206400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9891

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

Delayed Imports

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x20996
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99095
Detected Filetype PNG graphic file
MD5 bae2ad1dede9912d8e4b9ed8fcb24e4a
SHA1 6bacd09f415a18c5037a9d6e692423813745a708
SHA256 2059355e0a45bc1cb62255822136a2f6405af041a23dce96b1f5ed91ca17e00a
SHA3 7e68421cf2e2e9a86068a6257e6d14003ddd28d08052c540df76a607ddfdfc6a

1

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83321
Detected Filetype Icon file
MD5 33fce8dcf8e880775295157774bbee2d
SHA1 ebdfa2955abeedb4f79399eb73de960f88681544
SHA256 0e32c45ede3655ea84d2abe9979e32fd9879149cefda36533ef877c61ce8bbd6
SHA3 7f49983b2dcf2183bea11c3aa82959a5939516c2d7c4b4f0f28cc3398c96211a

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.