a06db6bf5f698da5c97de1795cb971ec

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Jun-18 03:35:11
Comments
CompanyName
FileDescription
FileVersion 1.0.0.0
InternalName Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename Stub.exe
ProductName
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • schtask
Looks for VMWare presence:
  • vmware
Looks for Sandboxie presence:
  • SbieDll.dll
Accesses the WMI:
  • root\Security
Malicious VirusTotal score: 40/66 (Scanned on 2022-06-23 15:51:00) Bkav: W32.AIDetectNet.01
ClamAV: Win.Packed.Razy-9625918-0
FireEye: Generic.mg.a06db6bf5f698da5
CAT-QuickHeal: Trojan.IgenericFC.S14890850
McAfee: Fareit-FZT!A06DB6BF5F69
Cylance: Unsafe
Sangfor: Suspicious.Win32.Save.a
Cybereason: malicious.f5f698
Cyren: W32/Samas.B.gen!Eldorado
Elastic: Windows.Trojan.Asyncrat
ESET-NOD32: a variant of MSIL/Agent.CFQ
APEX: Malicious
Cynet: Malicious (score: 100)
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: IL:Trojan.MSILZilla.1628
MicroWorld-eScan: IL:Trojan.MSILZilla.1628
Ad-Aware: IL:Trojan.MSILZilla.1628
Sophos: ML/PE-A
DrWeb: BackDoor.AsyncRATNET.2
McAfee-GW-Edition: BehavesLike.Win32.AdwareLinkury.qm
Trapmine: suspicious.low.ml.score
Emsisoft: IL:Trojan.MSILZilla.1628 (B)
SentinelOne: Static AI - Malicious PE
GData: IL:Trojan.MSILZilla.1628
Avira: TR/Dropper.Gen
MAX: malware (ai score=85)
Arcabit: IL:Trojan.MSILZilla.D65C
ZoneAlarm: HEUR:Trojan.Win32.Generic
Microsoft: Backdoor:MSIL/AsyncRat.AD!MTB
AhnLab-V3: Malware/Win32.RL_Generic.C3558490
Acronis: suspicious
ALYac: IL:Trojan.MSILZilla.1628
Rising: Trojan.AntiVM!1.CF63 (CLASSIC)
Ikarus: Trojan.MSIL.Agent
MaxSecure: Trojan.Malware.300983.susgen
Fortinet: MSIL/CoinMiner.CFQ!tr
BitDefenderTheta: Gen:NN.ZemsilF.34742.dm0@a8y@Ceg
AVG: Win32:DropperX-gen [Drp]
Avast: Win32:DropperX-gen [Drp]
CrowdStrike: win/malicious_confidence_90% (D)

Hashes

MD5 a06db6bf5f698da5c97de1795cb971ec
SHA1 ac497d1db21f8720d2e802b0d885f9afab3a5b1b
SHA256 844584b3cde84d6ebfcb4e9f0bdd31fea4f37021727b771712674ea22e14dc46
SHA3 ef95a3c8ef7e2c4e66c4a6534f0a183f2708c2a6dc5e4cda111d0a90e841939a
SSDeep 1536:u5kqOmrxf0IRdsmAFrKHbKOIeuA+2u0lzRiBx:u5jOmrxf0IRmmARKHbKjHAgx
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2022-Jun-18 03:35:11
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xc200
SizeOfInitializedData 0xa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000E1AE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x10000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x14000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c12f62c0d4c343a445239659ba328205
SHA1 bdeb07c0efc21fbd95dcf2ecd4f8087eedc835f0
SHA256 3209c0e67f0a7aae387b37497503a49e712c76ba4ff7fa0a420cc76a63b727ab
SHA3 db2b8d375272dc3f4609742aeeb5e3523c480037f906380184a7161f89657d61
VirtualSize 0xc1b4
VirtualAddress 0x2000
SizeOfRawData 0xc200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.65544

.rsrc

MD5 2522fd8c77ec3a1fcf4224f317eb9c77
SHA1 1ad99a88360b00069b2ebf636321dcca62231703
SHA256 1b71b9071b98a626e3508b6f2088d5ee2f49c0274ded2601b5a09dd4c0079756
SHA3 09a56b470bac7e4aadbb8f044a0f6b9e427dab27e51d653cf2fdb36cdb63fc4d
VirtualSize 0x7ff
VirtualAddress 0x10000
SizeOfRawData 0x800
PointerToRawData 0xc400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.88397

.reloc

MD5 6efcae8c86c5f0823ec82847b83ae0af
SHA1 1516d623ba60e6c2b50dfbfad2af912714032146
SHA256 9fd0a4b209ecf829dba217b34ba583863782e8c5e44e6a1ac46fc3546aea5388
SHA3 012d430fabe29212e516ee03672f2ec9fe11fc25f75de14576afa15baaf3ee10
VirtualSize 0xc
VirtualAddress 0x12000
SizeOfRawData 0x200
PointerToRawData 0xcc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15228
MD5 16ec11406456535d1de48d96513667e8
SHA1 a60ebbbcae868abd27fc96e22701fae48940e53c
SHA256 23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad
SHA3 ec347df0db7e63c15cad3d1f9d2b5b4d497473b5992bd681fc145eb5057ecb7d

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x493
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.22615
MD5 f3d7095de1636559aa56ad81b25bbff9
SHA1 6a55e1445c1c915664fba385828c5a0078fe460d
SHA256 4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133
SHA3 66d420e8633fd20ebea3048e5ed6afe3cf66dcb6d5041729ab7c7faa44b0a1b0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2) 1.0.0.0
InternalName Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename Stub.exe
ProductName
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->