9c5c27494c28ed0b14853b346b113145

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: FSG 1.00 (Eng) -> dulek/xt
Suspicious The PE is possibly packed. Unusual section name found: \x00\x00\x00\x00t
Unusual section name found: \x00\x00\x00\x00ta
Unusual section name found: \x00\x00\x00\x00a
The PE only has 0 import(s).
Suspicious The file contains overlay data. 4 bytes of data starting at offset 0x128c.
Malicious VirusTotal score: 61/71 (Scanned on 2023-09-15 10:40:36) Bkav: W32.AIDetectMalware
Lionic: Trojan.Multi.Generic.lVbD
Elastic: malicious (high confidence)
Cynet: Malicious (score: 100)
ALYac: Gen:Variant.Graftor.968808
Cylance: unsafe
Zillya: Trojan.Genome.Win32.112441
Sangfor: Trojan.Win32.Clicker.Vev3
CrowdStrike: win/malicious_confidence_100% (W)
Alibaba: TrojanClicker:Win32/Tnega.79cba6fb
K7GW: Spyware ( 0055e3f61 )
K7AntiVirus: Spyware ( 0055e3f61 )
Baidu: Win32.Trojan-Clicker.Agent.z
VirIT: Trojan.Win32.Generic.APWM
Cyren: W32/SuspPack.DH.gen!Eldorado
Symantec: ML.Attribute.HighConfidence
tehtris: Generic.Malware
ESET-NOD32: Win32/TrojanClicker.Agent.NVN
ClamAV: Win.Malware.Emoneg-9937593-0
Kaspersky: Trojan.Win32.Agentb.bquu
BitDefender: Gen:Variant.Graftor.968808
NANO-Antivirus: Trojan.Win32.Inor.getjo
ViRobot: Trojan.Win32.Z.Genome.4752
MicroWorld-eScan: Gen:Variant.Graftor.968808
Avast: Win32:Malware-gen
Rising: Trojan.Proxy.Win32.Small.gs (CLASSIC)
Emsisoft: Gen:Variant.Graftor.968808 (B)
DrWeb: Trojan.Click2.16518
VIPRE: Gen:Variant.Graftor.968808
TrendMicro: TROJ_SPNR.30E214
McAfee-GW-Edition: BehavesLike.Win32.Generic.xz
Trapmine: malicious.high.ml.score
FireEye: Generic.mg.9c5c27494c28ed0b
Sophos: Mal/Packer
Ikarus: Trojan.Win32.Genome
Jiangmin: Trojan/Genome.bmbp
Webroot: W32.Genome.Ssrc
MAX: malware (ai score=100)
Antiy-AVL: Trojan/Win32.SGeneric
Microsoft: Trojan:Win32/Tnega!MSR
Xcitium: TrojWare.Win32.Trojan.Inor.B_10@1qra8i
Arcabit: Trojan.Graftor.DEC868
ZoneAlarm: Trojan.Win32.Agentb.bquu
GData: Gen:Variant.Graftor.968808
Google: Detected
AhnLab-V3: Trojan/Win.Generic.R427327
McAfee: GenericRXAA-FA!9C5C27494C28
TACHYON: Trojan/W32.Small.4752.C
VBA32: Trojan.Wacatac
Malwarebytes: Trojan.Agent.MWL
Zoner: Probably Heur.ExeHeaderL
TrendMicro-HouseCall: TROJ_SPNR.30E214
Tencent: Malware.Win32.Gencirc.115d78c9
Yandex: Trojan.Genome!qjszR3auxbA
SentinelOne: Static AI - Malicious PE
MaxSecure: Trojan.Malware.1728101.susgen
Fortinet: W32/WebDown.E76A!tr
BitDefenderTheta: Gen:NN.ZexaF.36662.ambdaODfLcf
AVG: Win32:Malware-gen
Cybereason: malicious.431f46
DeepInstinct: MALICIOUS

Hashes

MD5 9c5c27494c28ed0b14853b346b113145
SHA1 290ab6f431f46547db2628c494ce615d6061ceb8
SHA256 7983a582939924c70e3da2da80fd3352ebc90de7b8c4c427d484ff4f050f0aec
SHA3 898fb4384c7b114291ffffeda69b3bc184ec7568db33515e633035710de46faf
SSDeep 24:erDeoULXQeWKPUA4FOopcBl+PxYhlWlsp97lGg4QQL5ACqk22:GeoULAevPUA0O7vL8spDGnNLW7g
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x60

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0x1000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005000 (Section: \x00\x00\x00\x00a)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

\x00\x00\x00\x00t

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x3000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

\x00\x00\x00\x00ta

MD5 dcbb3117347a183b93cc9e50e09abd92
SHA1 8662f3d8d024827383617eb4293b2ac5f4c806b8
SHA256 e33c3c78cc31cd9ce1d1c692372ceccc70ca496aadd6941f34cb3a7ee0fd0818
SHA3 a52b4220f199a6293c662a679166a1a7998c12d440982b3952cba5a2941e958d
VirtualSize 0x1000
VirtualAddress 0x4000
SizeOfRawData 0x28c
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.36186

\x00\x00\x00\x00a

MD5 83d2bc9613dfc4bc5c714214023f386f
SHA1 7339a67b8842922b2c563efaeabc8c088887fc4e
SHA256 52c905e29c1fd8be94bb01db25c4699175a5f09b8d10b06f53db717e1dae7412
SHA3 f158e774ec3404f88a7fcfd3af36aab3dc972db787c513499114a33cb9955219
VirtualSize 0x1000
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.51382

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [*] Warning: Section \x00\x00\x00\x00t has a size of 0!
<-- -->