b3917fe7e9b7e60f360f27e882ff5576

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Apr-24 12:49:55
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious The file contains overlay data. 65164 bytes of data starting at offset 0x13600.
Malicious VirusTotal score: 22/67 (Scanned on 2020-09-15 10:38:05) Bkav: W32.AIDetectVM.malware2
Elastic: malicious (high confidence)
McAfee: GenericRXLY-NN!B3917FE7E9B7
K7AntiVirus: Riskware ( 0040eff71 )
K7GW: Riskware ( 0040eff71 )
BitDefenderTheta: Gen:NN.ZexaF.34242.iuZ@aunGyepi
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Cynet: Malicious (score: 100)
Avast: Win32:Malware-gen
Rising: Trojan.Generic@ML.80 (RDML:gCf3ztq5k52YgvoKi+1cwg)
F-Secure: Heuristic.HEUR/AGEN.1123436
Invincea: Generic ML PUA (PUA)
FireEye: Generic.mg.b3917fe7e9b7e60f
SentinelOne: DFI - Suspicious PE
Jiangmin: TrojanDownloader.Tiny.ctk
Avira: HEUR/AGEN.1123436
Microsoft: Trojan:Win32/Wacatac.C!ml
AhnLab-V3: Trojan/Win32.Tiny.R351066
AVG: Win32:Malware-gen
CrowdStrike: win/malicious_confidence_60% (D)
Qihoo-360: HEUR/QVM20.1.F16E.Malware.Gen

Hashes

MD5 b3917fe7e9b7e60f360f27e882ff5576
SHA1 990648833321f46d1702d99ad6a937bb4b8da3ba
SHA256 6a75520299e3c8582f4610a645b4f159e9be66c7aad94a17e5e889c0b3aeeece
SHA3 5a3e324053e69db8d9f849a4850afe42149cab46cb40e26a56662e67460d2ebf
SSDeep 1536:ZQQeD8LQfdS/tW6L6e+4ZyS2OjUfwmE2IOZ4aPIsWKcdlHhi:MD8EfQ/tWK5yS2OjU4mn47lBi
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-Apr-24 12:49:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xbe00
SizeOfInitializedData 0x7e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001473 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x17000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c3d817540a5c51a83a3c37ca92d628cb
SHA1 3d034eed88cf7bdcefb1ceb78918fed3845ba7cb
SHA256 7fded07abd4109d4455247be286137e18c3d0df8e1d92160f6103ec7fc032fc8
SHA3 cbfadd673f8085464f6c4a751341839405fb8f794c8ba83856744c5ce9cb98c3
VirtualSize 0xbccf
VirtualAddress 0x1000
SizeOfRawData 0xbe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.61711

.rdata

MD5 0faf4d343c242ef343a14881db0f463a
SHA1 da0be5e113315baf141e664d2338f4e3676ddc71
SHA256 33fc79c08310666489eea2eb19c3270a1938fc7a9a310e710f2c0e9dd6292cf4
SHA3 11b3049eaeed35148d680c1260a797cb0c779275b691ce1de84c6698df3a5b29
VirtualSize 0x58d0
VirtualAddress 0xd000
SizeOfRawData 0x5a00
PointerToRawData 0xc200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.81245

.data

MD5 906b13c1bf6854ff91015472910e0e1f
SHA1 f47eb1935931fc539465d50c705707895675ab7f
SHA256 96d1ac78c8d14fb677a9e1751de574bba236170f76eea2fc8aacd58d4d0bdf29
SHA3 50d33a9ff47590ddfdea8afc781cfb4537d223cf4d3302ea452292f52ffc9a85
VirtualSize 0x12a4
VirtualAddress 0x13000
SizeOfRawData 0xa00
PointerToRawData 0x11c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.8106

.rsrc

MD5 04a79324a4b1712f5f06605a8f50a397
SHA1 296f2a9c77007a148b63628dcf058f9e87f20150
SHA256 4db283b7d3eae13a1faecfbfa1585364f28d11cc2cf680772857fc9af086eeec
SHA3 7bfdc7d5233f7a1536d88b8babe99df1fd258e18184e5247a8e3cde48139c753
VirtualSize 0x1e0
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x12600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.47228

.reloc

MD5 b4202f7fe985b9648b4676e6f70832bd
SHA1 d37c2b3927946ed617455b3c5913fcab0bc1af52
SHA256 6cf1b57d59e7111bc218dfb01dda93ac0f776715599a1c69f89035bd20c16a10
SHA3 a51cde69090452f3e45491306e2e536dabdde61d5bde0a832f35ab4a6afc5552
VirtualSize 0xdec
VirtualAddress 0x16000
SizeOfRawData 0xe00
PointerToRawData 0x12800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93839
MD5 431fc24d2f0ab691b9f9d9007103404e
SHA1 8c1c0cb0147e619666cc05c4095a889feb55d446
SHA256 772fafc6573c6591b458321f90fdb584e95c79deea8770462b1141f1b7aa8a06
SHA3 99fd6e67eb079591f12ed8cdab65f3a47d3035112496a3f0ec123199baf97e45

Version Info

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x413004
SEHandlerTable 0x411bf0
SEHandlerCount 3

RICH Header

XOR Key 0x41f31910
Unmarked objects 0
ASM objects (26715) 10
C++ objects (26715) 138
C objects (26715) 18
C++ objects (27521) 37
C objects (27521) 17
ASM objects (27521) 17
Imports (26715) 5
Total imports 82
265 (VS2019 Update 1 (16.1) compiler 27702) 1
Resource objects (VS2019 Update 1 (16.1) compiler 27702) 1
Linker (VS2019 Update 1 (16.1) compiler 27702) 1

Errors

[!] Error: Could not read an import's name.
<-- -->