97dd19d11d41c4b3aa1694c8f1a40b8d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jul-30 08:52:50

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Info The PE's resources present abnormal characteristics. Resource B76741BB3C5C88504F48819A4136F090 is possibly compressed or encrypted.
Malicious VirusTotal score: 18/67 (Scanned on 2022-06-13 23:45:15) Bkav: W32.AIDetect.malware2
Elastic: malicious (high confidence)
FireEye: Generic.mg.97dd19d11d41c4b3
Cylance: Unsafe
Sangfor: Trojan.Win32.Save.a
Cybereason: malicious.0dddf0
VirIT: Trojan.Win32.Genus.IHW
Cyren: W32/Trojan.VFBA-8001
Sophos: Generic ML PUA (PUA)
Zillya: Tool.Lazagne.Win32.102
McAfee-GW-Edition: BehavesLike.Win32.Generic.nh
Cynet: Malicious (score: 100)
Malwarebytes: Malware.AI.392946571
APEX: Malicious
Rising: Trojan.Agent!8.B1E (RDMK:cmRtazrc4R6osXh2AdQnBS37wX+L)
SentinelOne: Static AI - Malicious PE
MaxSecure: Trojan.Malware.300983.susgen
Panda: Trj/Genetic.gen

Hashes

MD5 97dd19d11d41c4b3aa1694c8f1a40b8d
SHA1 a7f70910dddf0a79513ac26206b97375df7f067f
SHA256 f95a35ebf215d3cd0120b92fc3fc295dff7bd1c65d475c4eefabc46757bfc296
SHA3 524f6f9e65eb20809cd9849013229f4b5835ddeb6ebfe1a12ca0387c56195bcc
SSDeep 1536:z7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfIxgp/kOL:vq6+ouCpk2mpcWJ0r+QNTBfI+pr
Imports Hash 5877688b4859ffd051f6be3b8e0cd533

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2019-Jul-30 08:52:50
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x10c00
SizeOfInitializedData 0x6800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .code)
BaseOfCode 0x1000
BaseOfData 0x13000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.code

MD5 6c0f4094a5493360ae8c9032ef3a9f47
SHA1 46e4e4c197cbfd5b6bc4fcfe852e2f6c19ff32d5
SHA256 f6e9812089d0028c33a2b9eb53df013efade78f2c7a82910557b2ab9ff8f24e1
SHA3 36b8e17b505b7236975ff151e879eec5490c1aa7483cfb43a819f0d42876bf25
VirtualSize 0x37f0
VirtualAddress 0x1000
SizeOfRawData 0x3800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.60878

.text

MD5 1da643e4b1937b50550f9d9e8250428e
SHA1 705a8d46edc2898b99a24b89e3af8a73702de27e
SHA256 5dd774a6dd19c00b8ae3b487d1a1297ccdfe7c83f6c8b1a13c97f9c64e3f1b0f
SHA3 b3f3032b15c38542c6b1f3e9906bfb5e2c66877804d9811f2f948dee7774131b
VirtualSize 0xd2c2
VirtualAddress 0x5000
SizeOfRawData 0xd400
PointerToRawData 0x3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55808

.rdata

MD5 4fb07923b0eb72c40319d48fd2d4f13f
SHA1 f8f4ac5ba9f5ff221c01568f2e378e4582faa7fe
SHA256 cdfd6bc8c473d8389be0f336e7ed1ea672d6918ed1be6b2f5554f649f6dd4695
SHA3 614e0060afaa826b4884f4069d01868583d72e4233009f9779b0529a02a10922
VirtualSize 0x339d
VirtualAddress 0x13000
SizeOfRawData 0x3400
PointerToRawData 0x11000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.11064

.data

MD5 d0c055e8eb37a7cf01b40e28feba4e57
SHA1 c8940225d68e6552fac8e23aa11804126052dc45
SHA256 81ecae7e1b000ec0025fb602509920a28e5a6d1a5a889af227e5f4ca0d685918
SHA3 fd14871e3699f1552d8aaebb164541635595de124d13fd7c6efbd99817c77a1d
VirtualSize 0x172c
VirtualAddress 0x17000
SizeOfRawData 0x1200
PointerToRawData 0x14400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.00001

.rsrc

MD5 4000a310038622130273e2ca8254c8f1
SHA1 50f882e4eee4b7b0b3e47db03338e3d01bed0a0d
SHA256 6b09442ea809b96b63c6c1170cdc6508706dd2918b14dc9d032d6f095c364a69
SHA3 74fdbd72b6463b09b28a44265ecc95afaf3cefeacc8adbc6fcfee6ddd1ff0a65
VirtualSize 0x2024
VirtualAddress 0x19000
SizeOfRawData 0x2200
PointerToRawData 0x15600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.78441

Imports

MSVCRT.dll memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
KERNEL32.dll GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
USER32.DLL CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
GDI32.DLL GetStockObject
COMCTL32.DLL InitCommonControlsEx
SHELL32.DLL ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
WINMM.DLL timeBeginPeriod
OLE32.DLL CoInitialize
CoTaskMemFree
SHLWAPI.DLL PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Delayed Imports

116944DF5FCF067FE280E31EB0591A1C

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.23593
MD5 7bb55e591962edd967c9a3039407256c
SHA1 e84642313805d66ef70fdada202992d040a1c2cc
SHA256 8fcbd3ba77d0af716d0b3f342b877539512ba665a6c5ad7999a531bff05a6a91
SHA3 116f25e12adcabbb7a50c5223cf85536391d06d1114f226b2e5d018f6907ff91

B327688A13

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA3 2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7

B76741BB3C5C88504F48819A4136F090

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1b81
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.97166
MD5 58a40c6042d351e8d1b075cd22ece9ee
SHA1 e059ec2c1304e5c52772c67bfb1a8335a5ed2a56
SHA256 3475cc2d3c6ee6fe2e6053192f9471d776ed4aa1b79301e80b6fdac0eb0560d8
SHA3 591edbeb2ed0c3ae68cf42af50f0e5c414c54973ddebb1ded5a745e17d2f2576

FE7D6D80D5CD6BE1FEE30CE247B228FC53FA88F3

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32193
MD5 c3f0bd7edd2f7045db296d1c54b5c9a0
SHA1 38bc10b565dfeb8b708071deac6ed1f9c833b8a7
SHA256 2463c10d83d7b13ea7e384fa3f6fdf2ac4eacb77ee6ff8197170174b163d8c4c
SHA3 86cf74d3fb5e6ca265c0031f5a6ed5bd787d4a0c7214da04f5eecda532bcd1a3

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x263
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.92322
MD5 841795bb3b61ebd511249778aa26af77
SHA1 59f426938522ef9906b0740821e8cc270d1ca897
SHA256 be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7
SHA3 5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->