a16d1affbbc71808d1123b120a84dbd9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Mar-16 06:02:19
Detected languages English - United States
FileVersion 1.1.37.02a0
ProductVersion 1.1.37.02a0

Plugin Output

Suspicious The PE is packed with mpress Unusual section name found: .MPRESS1
Section .MPRESS1 is both writable and executable.
Unusual section name found: .MPRESS2
Section .MPRESS2 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegCloseKey
 Has Internet access capabilities:
  • InternetOpenW
 Can take screenshots:
  • GetDC
  • BitBlt
Malicious VirusTotal score: 28/72 (Scanned on 2024-11-20 21:15:53) APEX: Malicious
Antiy-AVL: Trojan/Win32.Agent
Avira: HEUR/AGEN.1366251
Bkav: W32.AIDetectMalware
CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
F-Secure: Heuristic.HEUR/AGEN.1366251
FireEye: Generic.mg.a16d1affbbc71808
Ikarus: PUA.PowerShell.Runner
Jiangmin: Trojan.Convagent.ecv
Kaspersky: VHO:Trojan.Win32.Convagent.gen
Kingsoft: Win32.HeurC.KVMH008.a
Lionic: Trojan.Win32.Convagent.4!c
Malwarebytes: Malware.AI.4271022556
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!A16D1AFFBBC7
McAfeeD: Real Protect-LS!A16D1AFFBBC7
Paloalto: generic.ml
Rising: Trojan.Convagent!8.12323 (CLOUD)
SentinelOne: Static AI - Malicious PE
Skyhigh: BehavesLike.Win32.Generic.fc
Sophos: Generic ML PUA (PUA)
Trapmine: malicious.high.ml.score
VBA32: BScope.TrojanDropper.Dapato
alibabacloud: Trojan:Win/Convagent.gyf

Hashes

MD5 a16d1affbbc71808d1123b120a84dbd9
SHA1 01b6c9e2d561d8be0098ddef06f57652f5006483
SHA256 30a99f0c9acd05ac7a54c1a617aa95c5a28da095e4dfc511da0dc1512222f9a8
SHA3 5a159ac5002e06a41cfb69b31b12bc97f79965a7f3375be807d207b9160e47fb
SSDeep 6144:tgq9BXg2Gkza5+XMFxScM6KtLvlQPq2vip+Pw4n8olM3jmNmLxTm:t9BXTGr5+8FvKtzlBiPoNTmNH
Imports Hash 1343ca50d234527bf272645d6db0664b

DOS Header

e_magic MZ
e_cblp 0x40
e_cp 0x1
e_crlc 0
e_cparhdr 0x2
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0xb400
e_oeminfo 0xcd09
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2024-Mar-16 06:02:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0xac200
SizeOfInitializedData 0x38c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000EF316 (Section: .MPRESS2)
BaseOfCode 0x1000
BaseOfData 0xae000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0xfa000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x400000
SizeofStackCommit 0x7000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.MPRESS1

MD5 76f9cbf8eaea60641fd6b622c878364c
SHA1 e1d1f31a579ed7ef20f6cae08ac634b3f0defaac
SHA256 8262221dacb19f2a63dbb409c93214cf572afdee6c498e199db32d4e1bc3b2be
SHA3 3d7a3f430f85ff73be3ac8c2783bec19f09a79bc82a0b83bd450b6631865809a
VirtualSize 0xee000
VirtualAddress 0x1000
SizeOfRawData 0x54e00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9995

.MPRESS2

MD5 41fc64282b5cae084fc8b6e5c3208479
SHA1 227bbefc1c2ef9bb8938cf58298e6930effbf9a5
SHA256 1edd83f5432ae371eec387af97bdce81c3f3b7af260d93be7b0e4f9c3c13d84b
SHA3 ee400f8ce714a943343c7811a47d0dbf5e5146c39a4b079ede0b79f9cfb0e251
VirtualSize 0xe80
VirtualAddress 0xef000
SizeOfRawData 0x1000
PointerToRawData 0x55000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.66961

.rsrc

MD5 0625e09bb1788fe29ef193cbf75e1b84
SHA1 3e6c2f874914d7134b31cf6e32a54b000c17442f
SHA256 76f5926ba81aae53dd9bc7f0e14408c9232c061473507976ce7580692726e506
SHA3 7d50748a38223df386f1ef86e3e7c5bc8cdf4c508ff344b128b0bab7ffc6ad2a
VirtualSize 0x9468
VirtualAddress 0xf0000
SizeOfRawData 0x9600
PointerToRawData 0x56000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.0888

Imports

KERNEL32.DLL GetModuleHandleA
GetProcAddress
WSOCK32.dll WSACleanup
WINMM.dll mixerOpen
VERSION.dll VerQueryValueW
COMCTL32.dll ImageList_Create
PSAPI.DLL GetModuleBaseNameW
WININET.dll InternetOpenW
USER32.dll GetDC
GDI32.dll BitBlt
COMDLG32.dll GetOpenFileNameW
ADVAPI32.dll RegCloseKey
SHELL32.dll DragFinish
ole32.dll CoGetObject
OLEAUT32.dll OleLoadPicture

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.60719
MD5 7a7fd531976bf5d5962ce6bd512ec4f9
SHA1 5d6dc5099fdac2d02ef7e225e392710810518a79
SHA256 028ea5589efb612bc2129a09b3e3ce73ab811de0344e9ef58a4b85af5fb3ca40
SHA3 2ffc02d1ad8fc89d9a4deb38df4ca7ccc6b486507f0a66967ead0547c292ae75

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.60406
MD5 71ba081b94218e8364dd2e4e8b804c51
SHA1 63096c0a4dff3b067b6e619e5e6a38c5ed5cc943
SHA256 8a5ac6abb43180226052148a21c3b919701cfdf797b43b39ba2611d5230d3e80
SHA3 7908406b9e7ea05d6a597e10b9801003dab62e73a24157dae82aea95d9362170

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.72735
MD5 4452d334b20a4a74f1c614d62c75d35c
SHA1 1c8aed9c27ab287ba8687bdd973c1bdc1fab02fc
SHA256 2c1bb9b12fb5684a5c1b89aca9e3870e658e12fc1c0e5bca453b18c93518862c
SHA3 5462052da40668ec7849fabe1a011a1287b06dc0eba1e12194c8ec554337b2d9

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.84157
MD5 1c93a14c5a485c11350ef568f5e423c1
SHA1 bead6553859c4ec6e647551a19b224dc2357fc5f
SHA256 ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd
SHA3 5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.3349
MD5 266626c8655c67b9530c361ca939f01d
SHA1 4f799d89f7255ef58628605cc0f37a3420925a3d
SHA256 1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84
SHA3 85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.46964
MD5 fbbd1dfd9481f55d0e9ebc890ce09c3c
SHA1 cbfd96b3e1c556af63424b3a153def765077b8fb
SHA256 5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0
SHA3 108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.60719
MD5 7a7fd531976bf5d5962ce6bd512ec4f9
SHA1 5d6dc5099fdac2d02ef7e225e392710810518a79
SHA256 028ea5589efb612bc2129a09b3e3ce73ab811de0344e9ef58a4b85af5fb3ca40
SHA3 2ffc02d1ad8fc89d9a4deb38df4ca7ccc6b486507f0a66967ead0547c292ae75

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.60406
MD5 71ba081b94218e8364dd2e4e8b804c51
SHA1 63096c0a4dff3b067b6e619e5e6a38c5ed5cc943
SHA256 8a5ac6abb43180226052148a21c3b919701cfdf797b43b39ba2611d5230d3e80
SHA3 7908406b9e7ea05d6a597e10b9801003dab62e73a24157dae82aea95d9362170

9

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.72735
MD5 4452d334b20a4a74f1c614d62c75d35c
SHA1 1c8aed9c27ab287ba8687bdd973c1bdc1fab02fc
SHA256 2c1bb9b12fb5684a5c1b89aca9e3870e658e12fc1c0e5bca453b18c93518862c
SHA3 5462052da40668ec7849fabe1a011a1287b06dc0eba1e12194c8ec554337b2d9

10

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.19142
MD5 83f6a1c8b60d451f6851d741522a4501
SHA1 5b237fb5cac5086ed9c4bf904c5afbdbb9f094f9
SHA256 4b7f70d81e67bec9132a9d008a81be3717e430f6422c07cc5e5edf6e10783cba
SHA3 d20d8555d489a977a0cc43274a2b8e386f8430f57685db0b093d4853585ff366

11

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.19142
MD5 83f6a1c8b60d451f6851d741522a4501
SHA1 5b237fb5cac5086ed9c4bf904c5afbdbb9f094f9
SHA256 4b7f70d81e67bec9132a9d008a81be3717e430f6422c07cc5e5edf6e10783cba
SHA3 d20d8555d489a977a0cc43274a2b8e386f8430f57685db0b093d4853585ff366

211

Type RT_MENU
Language English - United States
Codepage Latin 1 / Western European
Size 0x2c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

205

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xe8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

212

Type RT_ACCELERATOR
Language English - United States
Codepage Latin 1 / Western European
Size 0x48
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1 (#2)

Type RT_RCDATA
Language English - United States
Codepage Latin 1 / Western European
Size 0x5c35
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

159

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60748
Detected Filetype Icon file
MD5 d071c67aa6204671eb448fa1e285bcc4
SHA1 56ed26e1e00ee8e8a622b3aeb60e9acbf8b9427f
SHA256 29fb2b968286e40ad42f998507c1f1e4984628b4434c4b78bc340f625964d1dc
SHA3 624e369467eb7ae2243089bedcf3882b45fb98a4836bac2911ba610207d1c98f

160

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.70265
Detected Filetype Icon file
MD5 ad692dfb9d3a017c6904883edaebe744
SHA1 b17ba1985021d40e61437d2f03cad0b432b3d969
SHA256 878e2e93a4e08a0e754bec870f4ea4012f977c7fd8922271ff740b770e570ed0
SHA3 9a337373ef41f4193d51c51887238deed35d4e913c1e028bec888873f72aa2d2

206

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.9815
Detected Filetype Icon file
MD5 40c1414025bcc34e7ba97fd22bc9f5a4
SHA1 b53a6a13513b5205cef6fc6d7556ad80d8b62173
SHA256 d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c
SHA3 88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720

207

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 9b2193af49fdb53892356f594e9f18b9
SHA1 448aa28721dd65475b37505de8140d88d5aa1501
SHA256 9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4
SHA3 46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116

208

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 5f51cbb6145d3a4c36cffa3b028b0199
SHA1 b2bbd2afcfa1c44725bf90df8948792d3bc7fb97
SHA256 fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9
SHA3 93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79

1 (#3)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x150
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21478
MD5 6cc663cf8b3883844d83608cf6891579
SHA1 0021678da611b163d5c8c86355f6da59d44d8f88
SHA256 8d974c77ce7907e0acee04a51b8d99b86799e3947f673f1d48743004cfd542da
SHA3 d8daf5561c3a2bc9c8372ceb683fe0f30528925b1ced85c9ed1f6532c6bd2364

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x4f4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.34908
MD5 fd97ad678377c9966ba3f8697c4e0aec
SHA1 a219c82a72b1a932c555f7b8ca0180f5b909d8ca
SHA256 0ca571f6485ac59097ce1d665a6c65086b8bc9f639715beb28666cb367f12f8a
SHA3 cf4561c34a35064efaa478d33745f6e1bb002dbf220524c3fe547d68cc0337ef

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.1.37.2
ProductVersion 1.1.37.2
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileVersion (#2) 1.1.37.02a0
ProductVersion (#2) 1.1.37.02a0
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty!
<-- -->