a977bacd91ed9ee24dad1a0035dd220c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Sep-28 01:13:10
Detected languages English - United States

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowA
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
 Interacts with services:
  • OpenSCManagerA
  • OpenServiceA
  • QueryServiceStatusEx
 Manipulates other processes:
  • Process32First
  • WriteProcessMemory
  • OpenProcess
  • Process32Next
  • ReadProcessMemory
 Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 16/67 (Scanned on 2021-10-30 19:01:30) Lionic: Trojan.Win32.Generic.4!c
McAfee: GenericRXAA-AA!A977BACD91ED
Cylance: Unsafe
Sangfor: Trojan.Win64.Agent.INJN30
Cyren: W64/Trojan.VFWQ-0017
ESET-NOD32: a variant of Win64/GameHack.FL potentially unsafe
APEX: Malicious
Sophos: Generic PUA DG (PUA)
McAfee-GW-Edition: BehavesLike.Win64.Injector.hh
Ikarus: Trojan.Win64.Krypt
GData: Win64.Trojan.Agent.INJN30
Gridinsoft: Trojan.Win64.Downloader.sa
Microsoft: Trojan:Win32/Sehyioa.A!cl
Cynet: Malicious (score: 100)
Malwarebytes: Trojan.Crypt
MaxSecure: Trojan.Malware.109715446.susgen

Hashes

MD5 a977bacd91ed9ee24dad1a0035dd220c
SHA1 369673654fc3b2883af6246433547b924458a5af
SHA256 b62f8869b7b6e1a5dc4c051b83b2fac4b4cb2550e58541a50fc5e5da3b8ecbd8
SHA3 b3e4d344fb5ec6e70fb15576c37ca85aef4042321597a2ab21763536aebba102
SSDeep 12288:cdUXpCKA+QtkZYWLD8/LAvGQeUyY42nA5MEmKAY:cWQKA+QGZ7/8/LAvGQeUyOnA5McA
Imports Hash d1cc859126a978987409cfc223966ad8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2020-Sep-28 01:13:10
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x61400
SizeOfInitializedData 0x1e600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000605F8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x84000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a5230ebe0058aa4ff400ee3c136fdf57
SHA1 c6b2ba2a2ce8a4d5f8ee23178b1144657d8c777a
SHA256 186876a9421be3d9dd16e83e74c8d384eb7efe27fe0984e65605af1a74619e1f
SHA3 a47f198807d0de7a0ffa5ae3d543929596c55ad0468c88901b334950bc4510c3
VirtualSize 0x61203
VirtualAddress 0x1000
SizeOfRawData 0x61400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.46995

.rdata

MD5 bb09c25d06ebf8a01b4e41eb8c25aaf0
SHA1 c72400497b4d0aa0694026d3190f35b9a33f44a0
SHA256 056d10b94dac93eff06ce4a294fd70931f23e0ce091eb880e908f8f2475d952d
SHA3 89a31c6071c7e224952901a38bef8e8f19089bc443ec38595d99859879acc164
VirtualSize 0x194a6
VirtualAddress 0x63000
SizeOfRawData 0x19600
PointerToRawData 0x61800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.60631

.data

MD5 cfac3a7c1299f5dcb6a3b44bbca0c29f
SHA1 e001bc88ee3d885e3bbcd16717ef1c2630ef0816
SHA256 f6afe6b48007f785a7f7e53bfb1a989c3f43acfa380bf4cb358709dd15ce2361
SHA3 2ce49000100838c780858cf86cf9c3886fbd2a4ef296d9423e1b0a8237a99ed1
VirtualSize 0xf88
VirtualAddress 0x7d000
SizeOfRawData 0x800
PointerToRawData 0x7ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.069

.pdata

MD5 99f02a881722589c6ee554d2053b9abc
SHA1 05f0287545c3b736d0124d4998d973d155c0c325
SHA256 7cbe384baf4218c0b5731b3e6aa2f5016bbd82521ab32eecb84a41bc97268178
SHA3 6bb6ce8855608d565b821ca5eb5189dfc1f5d6764811ba5821361b3ef504c066
VirtualSize 0x3bc4
VirtualAddress 0x7e000
SizeOfRawData 0x3c00
PointerToRawData 0x7b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.84209

.rsrc

MD5 6166379b097e8de15e0e8f456897aa09
SHA1 ccfcfa47e85707d39e15a8f0e408242fa69d1f52
SHA256 beea464e6b45b7e867ce8150fa2e2a5343a4cd7cb9e8420b200d5505ee6bc2f0
SHA3 e5f63c6e9ea174d98ecf84981600a6e78d80adf6b99a9b9007e3594193b2ce9e
VirtualSize 0x1e8
VirtualAddress 0x82000
SizeOfRawData 0x200
PointerToRawData 0x7f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.75872

.reloc

MD5 223b78406b525abb2ef0b3da33a0cbe5
SHA1 5f2bc5828344039f18a377c9ca78fc33c4482697
SHA256 d306a9c1f76ff5a0450f153e356e5cbaff62d7ecd7c3c3e956df45b5e7a228c8
SHA3 fc343ffa580a61481295517cdddd443b4b9148743f160c26277a5a8f547bb7aa
VirtualSize 0x13c
VirtualAddress 0x83000
SizeOfRawData 0x200
PointerToRawData 0x7f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.73754

Imports

d3d11.dll D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll D3DCompile
KERNEL32.dll GetModuleFileNameA
Process32First
WriteProcessMemory
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
ReadProcessMemory
VirtualQueryEx
FindFirstFileA
SetConsoleTitleA
FindNextFileA
FindClose
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
GetConsoleWindow
USER32.dll GetClientRect
CloseClipboard
EmptyClipboard
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
ShowWindow
GetAsyncKeyState
GetWindowTextA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ReleaseCapture
ScreenToClient
GetCapture
ClientToScreen
IsChild
SetCursorPos
SetCapture
GetClipboardData
SetClipboardData
GetForegroundWindow
GetCursorPos
SetCursor
OpenClipboard
ADVAPI32.dll OpenSCManagerA
CloseServiceHandle
LookupPrivilegeValueA
OpenProcessToken
OpenServiceA
QueryServiceStatusEx
AdjustTokenPrivileges
IMM32.dll ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
XINPUT1_3.dll #4
#2
MSVCP140.dll ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
ntdll.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll memset
_CxxThrowException
__current_exception
__std_type_info_name
memcpy
__C_specific_handler
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memmove
memcmp
__current_exception_context
memchr
api-ms-win-crt-stdio-l1-1-0.dll ungetc
feof
fsetpos
ftell
setvbuf
fgetpos
fopen_s
__acrt_iob_func
__p__commode
__stdio_common_vsprintf_s
_fseeki64
ferror
fputc
_get_stream_buffer_pointers
_set_fmode
fgetc
fflush
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fclose
fseek
api-ms-win-crt-string-l1-1-0.dll strncmp
strcmp
isalnum
strncpy
api-ms-win-crt-utility-l1-1-0.dll rand
srand
qsort
api-ms-win-crt-heap-l1-1-0.dll malloc
_set_new_mode
free
realloc
_callnewh
api-ms-win-crt-convert-l1-1-0.dll atof
strtof
strtol
strtoul
api-ms-win-crt-runtime-l1-1-0.dll _initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
exit
_beginthreadex
terminate
_configure_narrow_argv
_exit
api-ms-win-crt-math-l1-1-0.dll powf
cosf
acosf
ldexp
pow
floorf
sinf
atan2f
ceil
ceilf
fmodf
sqrtf
log2f
log2
__setusermatherr
api-ms-win-crt-filesystem-l1-1-0.dll _unlock_file
_lock_file
api-ms-win-crt-environment-l1-1-0.dll getenv
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Sep-28 01:13:10
Version 0.0
SizeofData 888
AddressOfRawData 0x73394
PointerToRawData 0x71b94

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2020-Sep-28 01:13:10
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140073730
EndAddressOfRawData 0x140073750
AddressOfIndex 0x14007dc34
AddressOfCallbacks 0x1400638e0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x130
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14007d010

RICH Header

XOR Key 0x2161dd82
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 20
Imports (VS 2015/2017/2019 runtime 28920) 6
Imports (VS2010 build 30319) 2
C++ objects (VS 2015/2017/2019 runtime 28920) 30
C objects (VS 2015/2017/2019 runtime 28920) 10
ASM objects (VS 2015/2017/2019 runtime 28920) 4
Imports (27412) 12
Imports (21202) 5
Total imports 295
265 (VS2019 Update 7 (16.7.1) compiler 29111) 7
Resource objects (VS2019 Update 7 (16.7.1) compiler 29111) 1
Linker (VS2019 Update 7 (16.7.1) compiler 29111) 1

Errors

<-- -->