Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-Aug-10 21:20:32 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA256 Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 3/70 (Scanned on 2020-09-25 14:31:53) |
Bkav:
W32.AIDetectVM.malware1
Elastic: malicious (high confidence) APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Aug-10 21:20:32 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x97600 |
SizeOfInitializedData | 0x63000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0009689D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x99000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xfe000 |
SizeOfHeaders | 0x400 |
Checksum | 0x106543 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
---|---|
WLDAP32.dll |
#26
#22 #143 #46 #211 #60 #45 #50 #41 #33 #32 #35 #79 #27 #30 #200 #301 |
WS2_32.dll |
#8
#13 #10 #111 inet_pton #151 #18 #112 #2 #4 #5 #6 #7 #9 #15 #21 WSAIoctl #115 #116 #1 #3 #16 #23 #57 #20 #17 #19 freeaddrinfo #14 getaddrinfo |
ADVAPI32.dll |
GetCurrentHwProfileA
CryptAcquireContextA CryptReleaseContext CryptHashData CryptDestroyHash CryptDestroyKey CryptImportKey CryptEncrypt CryptGenRandom CryptGetHashParam CryptCreateHash |
CRYPT32.dll |
CryptStringToBinaryA
CryptDecodeObjectEx CertFindCertificateInStore CertEnumCertificatesInStore CertCloseStore CertOpenStore CertAddCertificateContextToStore CertFindExtension PFXImportCertStore CertGetNameStringA CryptQueryObject CertCreateCertificateChainEngine CertFreeCertificateChainEngine CertGetCertificateChain CertFreeCertificateContext CertFreeCertificateChain |
KERNEL32.dll |
SetLastError
WaitForMultipleObjects PeekNamedPipe ReadFile GetFileType GetStdHandle GetEnvironmentVariableA GetLastError WaitForSingleObjectEx CloseHandle MoveFileExA VerifyVersionInfoA FormatMessageA GetSystemDirectoryA SleepEx DeleteCriticalSection InitializeCriticalSectionEx LeaveCriticalSection EnterCriticalSection GetTickCount WideCharToMultiByte MultiByteToWideChar GlobalFree LoadLibraryA GetProcAddress CreateFileA GetFileSizeEx FreeLibrary VerSetConditionMask IsProcessorFeaturePresent InitializeCriticalSectionAndSpinCount CreateEventW GetModuleHandleW UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess GetCurrentThreadId GetSystemTimeAsFileTime Sleep GetConsoleWindow GetModuleHandleA LoadResource LockResource SizeofResource FindResourceA GetVolumeInformationA IsDebuggerPresent GetCurrentProcessId GlobalAlloc GlobalUnlock GlobalLock GetComputerNameA InitializeSListHead QueryPerformanceCounter QueryPerformanceFrequency |
USER32.dll |
GetForegroundWindow
GetClientRect SetCursorPos SetCursor ClientToScreen ScreenToClient LoadCursorA GetClipboardData ShowWindow SetCapture GetCapture GetKeyState IsChild EmptyClipboard SetClipboardData CloseClipboard OpenClipboard FindWindowA GetCursorPos PostMessageW CallNextHookEx UnhookWindowsHookEx SetWindowsHookExA GetMessageA LoadIconA UpdateWindow GetKeyNameTextA SetWindowPos DestroyWindow CreateWindowExA RegisterClassExA UnregisterClassA PostQuitMessage DefWindowProcA PeekMessageA DispatchMessageA TranslateMessage ReleaseCapture |
MSVCP140.dll |
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ?always_noconv@codecvt_base@std@@QBE_NXZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ??Bid@locale@std@@QAEIXZ ??1_Lockit@std@@QAE@XZ ??0_Lockit@std@@QAE@H@Z ?_Random_device@std@@YAIXZ _Thrd_sleep _Query_perf_frequency _Query_perf_counter _Xtime_get_ticks ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?_Throw_Cpp_error@std@@YAXH@Z _Cnd_do_broadcast_at_thread_exit _Thrd_id _Thrd_join ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z ?uncaught_exceptions@std@@YAHXZ ?_Xlength_error@std@@YAXPBD@Z ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ |
XINPUT1_4.dll |
#2
#4 |
D3DCOMPILER_47.dll |
D3DCompile
|
IMM32.dll |
ImmReleaseContext
ImmGetContext ImmSetCompositionWindow |
VCRUNTIME140.dll |
__current_exception
__std_terminate __std_exception_copy __std_exception_destroy _CxxThrowException __CxxFrameHandler3 memcpy memmove memset strstr memchr strchr _except_handler4_common strrchr __current_exception_context |
api-ms-win-crt-runtime-l1-1-0.dll |
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn _errno system strerror terminate _c_exit _cexit __p___argv __p___argc _exit _crt_atexit exit _initterm_e _getpid _beginthreadex _controlfp_s _initterm __sys_nerr _configure_narrow_argv _get_initial_narrow_environment _register_onexit_function _seh_filter_exe _set_app_type _register_thread_local_exe_atexit_callback _initialize_narrow_environment |
api-ms-win-crt-stdio-l1-1-0.dll |
feof
_lseeki64 fopen _set_fmode _get_stream_buffer_pointers fgets fflush fgetpos fputc fsetpos ungetc __p__commode fputs _fseeki64 fwrite setvbuf __stdio_common_vsscanf __stdio_common_vsprintf _wfopen ferror ftell _read _write _close _open fseek fgetc fread __acrt_iob_func fclose |
api-ms-win-crt-string-l1-1-0.dll |
_strdup
strcpy_s isupper strspn strcspn strncmp strpbrk tolower strncpy |
api-ms-win-crt-math-l1-1-0.dll |
_libm_sse2_pow_precise
__setusermatherr ldexp _CIfmod floor _libm_sse2_cos_precise _libm_sse2_sin_precise _libm_sse2_acos_precise _libm_sse2_sqrt_precise ceil |
api-ms-win-crt-heap-l1-1-0.dll |
calloc
free _callnewh malloc realloc _set_new_mode |
api-ms-win-crt-convert-l1-1-0.dll |
strtoll
atoi strtoul atof strtol |
api-ms-win-crt-time-l1-1-0.dll |
clock
_gmtime64 _time64 |
api-ms-win-crt-filesystem-l1-1-0.dll |
_access
_lock_file _stat64 _fstat64 _unlink _unlock_file |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Aug-10 21:20:32 |
Version | 0.0 |
SizeofData | 860 |
AddressOfRawData | 0xaf8d0 |
PointerToRawData | 0xae2d0 |
StartAddressOfRawData | 0x4afc3c |
---|---|
EndAddressOfRawData | 0x4afc50 |
AddressOfIndex | 0x4b3908 |
AddressOfCallbacks | 0x4995e8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xb8 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4b32e0 |
SEHandlerTable | 0x4af82c |
SEHandlerCount | 41 |
XOR Key | 0x76d43c8b |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 22 |
199 (41118) | 6 |
C objects (VS 2015/2017/2019 runtime 28619) | 12 |
ASM objects (VS 2015/2017/2019 runtime 28619) | 11 |
C++ objects (VS 2015/2017/2019 runtime 28619) | 30 |
Imports (VS 2015/2017/2019 runtime 28619) | 4 |
Imports (26715) | 23 |
Total imports | 363 |
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806) | 111 |
C++ objects (VS2019 Update 6 (16.6.1-5) compiler 28806) | 10 |
Resource objects (VS2019 Update 6 (16.6.1-5) compiler 28806) | 1 |
Linker (VS2019 Update 6 (16.6.1-5) compiler 28806) | 1 |