984e28e70d1000272a2ab61e34d12d6e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1999-Oct-06 10:33:39
Detected languages English - United States

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • irantk.ir
Suspicious The PE is possibly packed. Unusual section name found: .Shared
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
Suspicious The file contains overlay data. 5285043 bytes of data starting at offset 0x1e00.
The overlay data has an entropy of 7.9958 and is possibly compressed or encrypted.
Overlay data amounts for 99.8549% of the executable.
Malicious VirusTotal score: 29/69 (Scanned on 2022-05-31 20:52:28) Lionic: Trojan.Win32.Generic.4!c
Elastic: malicious (moderate confidence)
CAT-QuickHeal: Hacktool.Sqlinject
McAfee: Artemis!984E28E70D10
Cylance: Unsafe
Sangfor: Trojan.Win32.Skeeyah.A
CrowdStrike: win/grayware_confidence_100% (W)
K7GW: Unwanted-Program ( 004bdd991 )
K7AntiVirus: Unwanted-Program ( 004bdd991 )
VirIT: Trojan.Win32.X-Fiha.IEG
ESET-NOD32: Win32/HackTool.Crack.BF potentially unsafe
Paloalto: generic.ml
ClamAV: Win.Tool.Sqlinject-20
Avast: Win32:Evo-gen [Susp]
Comodo: Malware@#lrpvwo0k02lq
DrWeb: Trojan.Siggen6.53599
TrendMicro: TROJ_GEN.R002C0DDO21
McAfee-GW-Edition: Artemis!Trojan
Sophos: Mal/Generic-S
Ikarus: HackTool.Win32.SQLInject
Kingsoft: Win32.Malware.Generic.a.(kcloud)
Microsoft: Trojan:Win32/Skeeyah.A!rfn
Gridinsoft: Hack.Win32.Patcher.ns
TACHYON: Trojan/W32.SQLInject.5292723
VBA32: Trojan.Skeeyah
MAX: malware (ai score=99)
Malwarebytes: HackTool.SQLHavijPro
TrendMicro-HouseCall: TROJ_GEN.R002C0DDO21
AVG: Win32:Evo-gen [Susp]

Hashes

MD5 984e28e70d1000272a2ab61e34d12d6e
SHA1 35f4fa8d9e8779504300aa449b862ff119ceee49
SHA256 bfea6b1ba80a8b663c54dba0aa6e45ad3a4e8ff005a82adfed88aab78b2ffb85
SHA3 c6101c2bcf734a181dbee81b1c30f3a0c85783f25224abd4d588e9dc77dc3605
SSDeep 98304:W8s0qHiN7V6/1IyObD26U/M78DLhJHcMW36wYZjj/Yk/D6IeQBTpUIeUR536uMMc:vs0qHuVSgal/z/hJ8XGjzY+D6IeQppU5
Imports Hash a3cd138f09c17f81fb64526d63cb2df6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 1999-Oct-06 10:33:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0xa00
SizeOfInitializedData 0x1200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001020 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2ea0c6f50f14cfbaa8db5da67b0f984b
SHA1 d060ec3a36d8affebaf0abadbeaa9b5d7c3b9a06
SHA256 525bf6bb03c2af992f58fb3320aaf7b0f1fbe8891cb76f7675f9a27a2920b78c
SHA3 677faf096b96ceb3c16c744bea62300c6e09cddc19b994b3d4b5293b0941b062
VirtualSize 0x9f8
VirtualAddress 0x1000
SizeOfRawData 0xa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.27597

.rdata

MD5 91b133ee1f288e129ea95f099dfb3264
SHA1 2341fa690c881af79023ff57b52bcbed6f0dc5bb
SHA256 c98e9f529894e0881b8935cea17cf284d617937cf6cc2c119f91045820030953
SHA3 c29069c8a1ea7a156d6bf17611ab5660f168b0729e1eac7e9226cb4fa356fe8b
VirtualSize 0x4
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0407808

.data

MD5 30709b09363698f69b53057ca0785e2d
SHA1 cd048c2957555e7ca40213f5c7b468e963718a1f
SHA256 6c5be894433a5c43899f54f0ef3520396057089a574f5b5a1540682533ac6577
SHA3 ecda13bb48d6790a657d8d0af55afb97b6281f5348512a772d7ee34f0e37f953
VirtualSize 0x25c
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.15937

.idata

MD5 a4f4378b9fed81ce4f452ae32eb5dea3
SHA1 12cb76c098a353dfd7231be5a98ab506aafb7ae5
SHA256 54d660635d7ddd77fb28b35e268c0fd067c6bb5a9f42c7102e5b57266068c58f
SHA3 a5a62514103815516aa40ed25f53669d0154cb404b566e2f47330f2a9f3075ec
VirtualSize 0x2fe
VirtualAddress 0x4000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.83057

.Shared

MD5 1d7d80e8b5ce8c86e7c833467964b6ae
SHA1 88aa1601feff36c623fb15fca9cf29af496ec9b2
SHA256 eac0bc584b30b30f3172f645fd2103caa322244e85a3ec4fb1c345f0c4314c94
SHA3 a8483a22d7281a11677adbc110fa0c305d06a1ff41bfda4e197443b8b6a3b8e5
VirtualSize 0x4
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
IMAGE_SCN_MEM_WRITE
Entropy 0.0659144

.rsrc

MD5 8111acc67b622b0821eb58553ee0ee83
SHA1 4238fd89b7b0ab543bbd7e4052d85e3fc2d3c9f1
SHA256 2707f9ee00896c8fb5cdbd84d929750e48ecfe8dd52bfa70aa390e33d66eab89
SHA3 ec255368b01851aa545482a8a954dc180451a48a859daa082c0234a291b25e76
VirtualSize 0x39c
VirtualAddress 0x6000
SizeOfRawData 0x400
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.00314

.reloc

MD5 f328cf02fdc3d50b64ad99fa4befe97f
SHA1 f4fd015008265f5c23127d9ae63fd0ff919f3dfa
SHA256 5746640fa5d9925fb4fb7c96673c1fc598f9e5caf72f8f939cd613271e66ddd4
SHA3 1301566b7610c274db7ea3c04f51e54f552931bccdfd5a4cde8006a9293ce038
VirtualSize 0x1b2
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.36734

Imports

KERNEL32.dll GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA
USER32.dll SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1999-Oct-06 10:33:37
Entropy 3.23396
MD5 53e89b5794ce0d9dea539af26ebcb028
SHA1 5bc24b472516896b8bca07b288987b349363c626
SHA256 02a6a88fee59fbae3974c1130cf17d283e10710102ae33713dc66928e63979a4
SHA3 6719bab39c19d501e4a4d65912492ebccd8c3523cb1acf195c2e9d03a6f48504

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1999-Oct-06 10:33:37
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->