ab009f81946872d7ac34260a59661e49

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2040-Mar-20 09:47:46
Detected languages Italian - Italy

Plugin Output

Suspicious PEiD Signature: ASPack v2.12
Suspicious The PE is packed with Aspack or Armadillo Unusual section name found: .PATCH
Unusual section name found: .master
Unusual section name found: .adata
The PE only has 3 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2011-Jun-27 08:31:06
Malicious VirusTotal score: 17/67 (Scanned on 2022-06-20 16:15:44) Elastic: malicious (high confidence)
Cylance: Unsafe
Cybereason: malicious.c67555
ESET-NOD32: a variant of Win32/HackTool.Patcher.X potentially unsafe
ClamAV: Win.Worm.Cekar-133
Sophos: Generic ML PUA (PUA)
Zillya: Tool.Patcher.Win32.36372
McAfee-GW-Edition: BehavesLike.Win32.PUP.kc
Trapmine: malicious.high.ml.score
Ikarus: PUA.Hacktool.Gen-Patch
Gridinsoft: Trojan.Heur!.022120A1
Malwarebytes: Malware.Heuristic.1008
APEX: Malicious
Rising: Hacktool.Patcher!8.2DD (CLOUD)
Yandex: PUP.Patcher!wRd6sXVc2+U
MaxSecure: Trojan.Malware.300983.susgen
CrowdStrike: win/grayware_confidence_100% (W)

Hashes

MD5 ab009f81946872d7ac34260a59661e49
SHA1 6a4dbf7c675551b5350f102498b06bb5c5151eea
SHA256 b397c49f021637957baa0fd77674b11fbfa05cf6a32027d604a00997dd791326
SHA3 b88e1db7f1a487efa2f129c5d07f834864d2e8e2ac18bf97b0a34ac270a0f6df
SSDeep 768:jPq+VCr2BB1D2eELB/PsK1AjlCr9B0wi6RhMGVcULVLvHuWQiUhRt217hLpkIdc:TqJ22NmPl3/6Rh7VcUpHu1RtkFDcRjh
Imports Hash 5a498eee87e4d89512a84502f500181f

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2040-Mar-20 09:47:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x1000
SizeOfInitializedData 0x1a000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001F001 (Section: .master)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x23000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x10000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x10000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 0ab6475f10c2c50b233631f7616ddd68
SHA1 bcf010e11214444e80d420c1e6ee7edd848bb369
SHA256 060b2c84b9ba86c00af2d8d694b7debd4fa6d7bf364f33a5a5c66fc455e9f757
SHA3 6ca07a0455ad66cb40063e1bc74674daf3537fce09f3f1d99292671238f9f2c5
VirtualSize 0x1000
VirtualAddress 0x1000
SizeOfRawData 0x800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.12016

DATA

MD5 881e390ffee7eded387fefdb5edd4e39
SHA1 8573a4227e0052a0e9b6a844f948f7ed7b38b116
SHA256 19d0af3b9ffee7fe7813ba5b85575068164e5af91d85b9c5c4d29e9503b1fa29
SHA3 d35c5ced1342808c1284a2930a3e33111f0f4623fefbf31fffb852e3300b83e4
VirtualSize 0x1000
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.92439

.idata

MD5 c9aec46b550b656d98298ca943d54df3
SHA1 78b13bf7e106274e47d2e524ee563644d56ef7ad
SHA256 3bcee21f26cf68cfee9f7ca715d769a3c3cf78c57ac827dbdba6e01844cf4408
SHA3 aeabfdfc0fc60c139c1aaed7c4944869fb93d43a2aa330f47b3ea7fa28336cfc
VirtualSize 0x1000
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.80467

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc

MD5 8637185dc4075e17324a552755758c50
SHA1 cbf04d007739436d32272358b6b1f80f9981a40e
SHA256 af6a2eff770fe7f41dbf7ff1489a78d74018fba58839135c55a4872726f5f10a
SHA3 cdee435267c6cf99d33c8facbfad962b5474b36784c054bf2547ea5517abcb4b
VirtualSize 0x19000
VirtualAddress 0x5000
SizeOfRawData 0xba00
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9716

.PATCH

MD5 1df6f700add2b1fbc4ef02505cabeb8f
SHA1 64bb5709cc66650cbf7a6fb5f596c55b992fa7c2
SHA256 28d90cdd238d3c87e2d1de3fc9939faca6e0f3cd8dac1fadb7d8f51ac88d0f01
SHA3 d454304a3bbf9f8837a785fee09b6ae86e370dec8eb67fcc4ab25060da2baac0
VirtualSize 0x1000
VirtualAddress 0x1e000
SizeOfRawData 0x400
PointerToRawData 0xd000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.54016

.master

MD5 073d049fd9f84e230f8bcc16f44f5eb9
SHA1 1eca4ffb930267a11bed008815323e1134731d22
SHA256 9665c942744e9aec39d36ccbd50d3993ec99e91b75f28f57dc66ef02a3449065
SHA3 579c792392726a4a93365422376e33f555fb77c8e8a170e4ccc2bc2f99d073ec
VirtualSize 0x3000
VirtualAddress 0x1f000
SizeOfRawData 0x2800
PointerToRawData 0xd400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.42677

.adata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0x22000
SizeOfRawData 0
PointerToRawData 0xfc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

kernel32.dll GetProcAddress
GetModuleHandleA
LoadLibraryA

Delayed Imports

1

Type RT_ICON
Language Italian - Italy
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.1303
MD5 ac319e02a0bd3c8209eac7d08d986231
SHA1 654eaa9649fd42e06a37f3da888bd2d284444a6d
SHA256 0f71313ffc4a681ad15e398e163c8be6343bbf5fa9fb1dce8504af6bce2a3962
SHA3 50fa5aebf03e84ad62f7ffcb9fb2ce383f100af8d7e44a4cb2bf2214c318948f

2

Type RT_ICON
Language Italian - Italy
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.22399
MD5 ed525d3ed8426ea32a763cb49a65ab5d
SHA1 7cec06ea57bfb1f5df047413976e1d24cc8c8bf3
SHA256 09efcb0b3aa69ee87aa4510e030e9bef668480ec22cf4d218561afff375683bc
SHA3 15562255816b906953ed92543b466f3ed17e75d1764b400b3ccca9542cce1463

PATCHERCLASS

Type RT_DIALOG
Language Italian - Italy
Codepage UNKNOWN
Size 0x29c
TimeDateStamp 2011-Jun-27 08:31:06
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

101

Type RT_DIALOG
Language Italian - Italy
Codepage UNKNOWN
Size 0xac
TimeDateStamp 2011-Jun-27 08:31:06
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

104

Type RT_GROUP_ICON
Language Italian - Italy
Codepage UNKNOWN
Size 0x22
TimeDateStamp 2011-Jun-27 08:31:06
Entropy 2.26942
Detected Filetype Icon file
MD5 f3818d9254fe4d6dc51dfbf8883d2c8b
SHA1 7dec669ea993ee4def3ae3b103ace1b228aa7bd7
SHA256 e18445c03a4ba1e266945e8c2b4173949402da1f57809b5c9180cad8162705ec
SHA3 f35e0708829d9607b1a1458befe3cf5a69cbdea8724ba943ab9d14627e7bbaea

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY [*] Warning: Section .reloc has a size of 0! [*] Warning: Section .adata has a size of 0! [*] Warning: Resource PATCHERCLASS is empty! [*] Warning: Resource is empty!
<-- -->