Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jul-30 08:52:50 |
Info | Matching compiler(s): | MASM/TASM - sig2(h) |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource B76741BB3C5C88504F48819A4136F090 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 18/67 (Scanned on 2022-06-13 23:45:15) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (high confidence) FireEye: Generic.mg.97dd19d11d41c4b3 Cylance: Unsafe Sangfor: Trojan.Win32.Save.a Cybereason: malicious.0dddf0 VirIT: Trojan.Win32.Genus.IHW Cyren: W32/Trojan.VFBA-8001 Sophos: Generic ML PUA (PUA) Zillya: Tool.Lazagne.Win32.102 McAfee-GW-Edition: BehavesLike.Win32.Generic.nh Cynet: Malicious (score: 100) Malwarebytes: Malware.AI.392946571 APEX: Malicious Rising: Trojan.Agent!8.B1E (RDMK:cmRtazrc4R6osXh2AdQnBS37wX+L) SentinelOne: Static AI - Malicious PE MaxSecure: Trojan.Malware.300983.susgen Panda: Trj/Genetic.gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Jul-30 08:52:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x10c00 |
SizeOfInitializedData | 0x6800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x13000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1c000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
memset
wcsncmp memmove wcsncpy wcsstr _wcsnicmp _wcsdup free _wcsicmp wcslen wcscpy wcscmp memcpy tolower wcscat malloc |
---|---|
KERNEL32.dll |
GetModuleHandleW
HeapCreate GetStdHandle HeapDestroy ExitProcess WriteFile GetTempFileNameW LoadLibraryExW EnumResourceTypesW FreeLibrary RemoveDirectoryW GetExitCodeProcess EnumResourceNamesW GetCommandLineW LoadResource SizeofResource FreeResource FindResourceW GetNativeSystemInfo GetShortPathNameW GetWindowsDirectoryW GetSystemDirectoryW EnterCriticalSection CloseHandle LeaveCriticalSection InitializeCriticalSection WaitForSingleObject TerminateThread CreateThread Sleep GetProcAddress GetVersionExW WideCharToMultiByte HeapAlloc HeapFree LoadLibraryW GetCurrentProcessId GetCurrentThreadId GetModuleFileNameW GetEnvironmentVariableW SetEnvironmentVariableW GetCurrentProcess TerminateProcess SetUnhandledExceptionFilter HeapSize MultiByteToWideChar CreateDirectoryW SetFileAttributesW GetTempPathW DeleteFileW GetCurrentDirectoryW SetCurrentDirectoryW CreateFileW SetFilePointer TlsFree TlsGetValue TlsSetValue TlsAlloc HeapReAlloc DeleteCriticalSection InterlockedCompareExchange InterlockedExchange GetLastError SetLastError UnregisterWait GetCurrentThread DuplicateHandle RegisterWaitForSingleObject |
USER32.DLL |
CharUpperW
CharLowerW MessageBoxW DefWindowProcW DestroyWindow GetWindowLongW GetWindowTextLengthW GetWindowTextW UnregisterClassW LoadIconW LoadCursorW RegisterClassExW IsWindowEnabled EnableWindow GetSystemMetrics CreateWindowExW SetWindowLongW SendMessageW SetFocus CreateAcceleratorTableW SetForegroundWindow BringWindowToTop GetMessageW TranslateAcceleratorW TranslateMessage DispatchMessageW DestroyAcceleratorTable PostMessageW GetForegroundWindow GetWindowThreadProcessId IsWindowVisible EnumWindows SetWindowPos |
GDI32.DLL |
GetStockObject
|
COMCTL32.DLL |
InitCommonControlsEx
|
SHELL32.DLL |
ShellExecuteExW
SHGetFolderLocation SHGetPathFromIDListW |
WINMM.DLL |
timeBeginPeriod
|
OLE32.DLL |
CoInitialize
CoTaskMemFree |
SHLWAPI.DLL |
PathAddBackslashW
PathRenameExtensionW PathQuoteSpacesW PathRemoveArgsW PathRemoveBackslashW |