Manalyze report for b4a7aedac63609081f1a178ecdb56bb3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Jun-18 16:36:06
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: system`
Suspicious	The PE is possibly a dropper.	`Resources amount for 96.1566% of the executable.`
Malicious	VirusTotal score: 10/71 (Scanned on 2024-04-19 10:33:53)	`APEX: Malicious` `Antiy-AVL: Trojan/Win32.Agent` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (D)` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Fortinet: Malicious_Behavior.SB` `Jiangmin: Trojan.Bingoml.fkg` `McAfee: Artemis!B4A7AEDAC636` `Skyhigh: Artemis`

Hashes

MD5	`b4a7aedac63609081f1a178ecdb56bb3`
SHA1	`6e16e9b6f081497d2e924092b29e5e1f2e349c34`
SHA256	`7786a81820589b149a49e8866ee7756eb35664d3497feff1f117f9b96a1e2551`
SHA3	`37bcdf8d8e9c6f15eb53f8016c2244b8d3c59ab1e3d9b01a3db00252808b1eff`
SSDeep	`6144:me7w+FQZVALwmNTQxsDEYYzdd2u1amnNRj/CQk:V09mx2RYYf20NgV`
Imports Hash	`640921e7db23fd035b0d4fa9ee0af6aa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Jun-18 16:36:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xe00`
SizeOfInitializedData	`0x44000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000012B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x49000`
SizeOfHeaders	`0x400`
Checksum	`0x455c6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`50dcb46f4673b3077498fc8057e4140d`
SHA1	`dbd672820621dadcf1a63f422009c7968ac7d96a`
SHA256	`4e166b3b8f8aff5f14dd9c0e6f0e76ee587e3f6d9504899055c9e1ea40837b71`
SHA3	`c815d2908083b5b5895c0e104e38c7aeaed2360cb8f44e3de64a37eaaaa23f9d`
VirtualSize	`0xd1c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.77486`

.rdata

MD5	`4c3ca9b9939167dc284e8c83e1fa869b`
SHA1	`0770211fcf955cccc1c84ba40dd47225503cbea0`
SHA256	`2ae79a8e9e567cac58130e3a41632b82d980a4add978745d1481dd670d722005`
SHA3	`67864a4f63b9bfc556e0f4bd41504c3843af950e22716a7fcc2b1a3a090369db`
VirtualSize	`0xf4e`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.9541`

.data

MD5	`1c3b8ea3c34144e7a14bd945b131a256`
SHA1	`9c6184ad1e5a05dd0d71ac0061ba4c9171668682`
SHA256	`0b1ce44239213efc024791c78cbc9b904bca20c693718d0ae0b07aa143ffbdee`
SHA3	`2647c605c3cdb46f147dff56d6779cf56cad337864dd0b1f06d4add46eb27517`
VirtualSize	`0x638`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.444405`

.pdata

MD5	`17e1762a915b3e76d2aff31af8dd488d`
SHA1	`139ec28acf85a452facffde30879be1759a7567c`
SHA256	`05871fe82b1abfbdf4c8e8d7db832c8a30d4175c6477628d47c467ac7a99ebbd`
SHA3	`5aa2f3f55c5f817167109d78fdc7e91bbcb147f3d519227124b4d60f12102259`
VirtualSize	`0x168`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.66824`

.rsrc

MD5	`5cebea9bd3a890e5eea1a6caf0decd71`
SHA1	`12632cfc1d98a7f8e60ff341d134d8660a81ab5e`
SHA256	`e20e1a5a2c45a62ab05dc2933a0d4ddf0515aad1754a099082174135bbaab711`
SHA3	`68193078fe8513eeb84cab2275356ae2ddcc4cf91321830ac2372d7efbcaca76`
VirtualSize	`0x422b5`
VirtualAddress	`0x5000`
SizeOfRawData	`0x42400`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.56043`

.reloc

MD5	`cde29ab58cc9748c1a0175835ca492c3`
SHA1	`541c516115a4a38f5bf58700a5f5d868fe801085`
SHA256	`56e3b206bd85b9588e6c90f6ced2908fa7c12a0b851a6dfa9950f186a9119b2e`
SHA3	`f74a8d1d3a6067903e7e8f8e2cb0f1f6e15d50974f98694e94b77bee8c5768f1`
VirtualSize	`0x30`
VirtualAddress	`0x48000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.70779`

Imports

VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `__C_specific_handler` `memset` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_thread_local_exe_atexit_callback` `system` `_crt_atexit` `_seh_filter_exe` `terminate` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_app_type` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `_initialize_onexit_table` `_register_onexit_function`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
KERNEL32.dll	`GetCurrentThreadId` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `GetModuleHandleW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `RtlCaptureContext` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56205`
MD5	`15d3d4ada563aeae9a4af05f9e2ddbe0`
SHA1	`b915cfabc70f9b4a5029a79af3d3c5a612d846b7`
SHA256	`0fb8512df0c90e332380d9544107476032454de36f5ce556bb60c5c935ff1ac4`
SHA3	`a774208757bd2d5494de17b4dc533d0ccf117f9f24a09a52e0ea57a201c54f5d`

MSQRULES!

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`464cb94db3a2622922a9562865009ae8`
SHA1	`dbe17c767d942f219df59f9eae77b213c15eab70`
SHA256	`8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a`
SHA3	`3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Jun-18 16:36:06
Version	`0.0`
SizeofData	`112`
AddressOfRawData	`0x24d4`
PointerToRawData	`0x16d4`

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Jun-18 16:36:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2544`
PointerToRawData	`0x1744`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Jun-18 16:36:06
Version	`0.0`
SizeofData	`644`
AddressOfRawData	`0x2558`
PointerToRawData	`0x1758`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Jun-18 16:36:06
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140003008`

RICH Header

XOR Key	`0xfcfeb22e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (32420)	`3`
C++ objects (32420)	`18`
C objects (32420)	`10`
ASM objects (32420)	`3`
Imports (30795)	`2`
Total imports	`49`
C++ objects (LTCG) (VS2022 Update 6 (17.6.3) compiler 32534)	`1`
Resource objects (VS2022 Update 6 (17.6.3) compiler 32534)	`1`
Linker (VS2022 Update 6 (17.6.3) compiler 32534)	`1`

b4a7aedac63609081f1a178ecdb56bb3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

MSQRULES!

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors