Manalyze report for b62a0edef77209a6571b59fcc88f39fd

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Apr-04 04:49:32
Comments
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	Nrcnqicdxiggavbjtzf.dll
LegalCopyright
LegalTrademarks
OriginalFilename	Nrcnqicdxiggavbjtzf.dll
ProductName
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: https://urn.to`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Malicious	VirusTotal score: 46/67 (Scanned on 2024-01-09 18:45:55)	`APEX: Malicious` `AVG: Win32:CrypterX-gen [Trj]` `AhnLab-V3: Trojan/Win.Purecrypter.C5405073` `Alibaba: Trojan:MSIL/Kryptik.ed862321` `Antiy-AVL: Trojan/MSIL.Kryptik` `Arcabit: Trojan.MSILHeracles.D12510` `Avast: Win32:CrypterX-gen [Trj]` `Avira: HEUR/AGEN.1367982` `BitDefender: Gen:Variant.MSILHeracles.75024` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PackedNET.1945` `ESET-NOD32: a variant of MSIL/Kryptik.AIFX` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.MSILHeracles.75024 (B)` `F-Secure: Heuristic.HEUR/AGEN.1367982` `Fortinet: MSIL/Kryptik.AIFX!tr` `GData: Gen:Variant.MSILHeracles.75024` `Google: Detected` `Ikarus: Trojan.MSIL.Crypt` `K7AntiVirus: Trojan ( 0059fa091 )` `K7GW: Trojan ( 0059fa091 )` `Kaspersky: HEUR:Trojan.MSIL.Agent.gen` `Lionic: Trojan.Win32.Agent.Y!c` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan.Malware.204949132.susgen` `McAfee: GenericRXVS-QH!B62A0EDEF772` `MicroWorld-eScan: Gen:Variant.MSILHeracles.75024` `Microsoft: Trojan:Win32/Casdet!rfn` `NANO-Antivirus: Trojan.Win32.Kryptik.jwcflg` `Panda: Trj/Chgt.AD` `Rising: Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:rPzM7OX7uneSnA7quDk3mA)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.tc` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `Tencent: Msil.Trojan.Agent.Cujl` `VIPRE: Gen:Variant.MSILHeracles.75024` `Varist: W32/MSIL_Kryptik.JEH.gen!Eldorado` `Webroot: W32.Trojan.GenKD` `Xcitium: Malware@#19wdkpqvk3mjh` `Zillya: Trojan.Kryptik.Win32.4117024` `ZoneAlarm: HEUR:Trojan.MSIL.Agent.gen`

Hashes

MD5	`b62a0edef77209a6571b59fcc88f39fd`
SHA1	`71d6bb0cea05f97ca1c806860393dbaa284f5c4e`
SHA256	`7faf13b574863d660749d70d7c0933e757289de1a6f9e71c55e3a5ff84be3f7a`
SHA3	`68db57b54e577251d1c2e49152d8ba046412d078cb85a64ada634f875c1230be`
SSDeep	`24576:k9NHUjIh3+DAOtX2n316+OzlncmmTVy7sRai9DP98jVa:W6Ra316+OzlncjyYRJVSVa`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Apr-04 04:49:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x128a00`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0012A9A2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x12c000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x130000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f30cb546703797845286af45443ea925`
SHA1	`d93e7cb51b285d838d4ea4f30724376677787969`
SHA256	`f43185e429d2986691f973a299fe2be75415278397d7a229abb3d011ef452cde`
SHA3	`daa5cad0a7ab0c4bf143d0a49cfbab4869885dc3192ee540ef21f6ac6da411ee`
VirtualSize	`0x1289a8`
VirtualAddress	`0x2000`
SizeOfRawData	`0x128a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.62332`

.rsrc

MD5	`1c319d96eb100d8b3369c65ed98fde88`
SHA1	`91ee303d8a1de41ec8ae1d48f6f3ea2b2f782084`
SHA256	`cdb5134eb5c5b3dac674fb1420830e71eb29de388daa8392099a7bf058f1b487`
SHA3	`1d52cafc72b0e910f50e499d2fa09612d2b33a1a6d80a3d32ec32c20e931b23c`
VirtualSize	`0x35c`
VirtualAddress	`0x12c000`
SizeOfRawData	`0x400`
PointerToRawData	`0x128c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.71963`

.reloc

MD5	`7a1d758850f1a709d5334639f10bcaf2`
SHA1	`ca19d48240b7b92bb9aa23af421ae09a36aad617`
SHA256	`e87896ff82387c1196f2e8624945eb89399e6df42ff275e44c338d7f3a7e3aab`
SHA3	`4bf491d5f3c30b28fd90eaa7ea35b7f1950687042ce8920623dc5e312e069996`
VirtualSize	`0xc`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x129000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23561`
MD5	`2c7c2779c5dc378a395bd28925869c98`
SHA1	`01274ce94cd7991d4b3b622de05bea846cc02492`
SHA256	`085cd293b5c0243257b6eafb392b448e37b1db402cbbe25e42bb904148ef4edd`
SHA3	`c394e9f33715f1ecb55e629d751a3d01895fe131f74cc7b132780a6194240a94`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Nrcnqicdxiggavbjtzf.dll
LegalCopyright
LegalTrademarks
OriginalFilename	Nrcnqicdxiggavbjtzf.dll
ProductName
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

b62a0edef77209a6571b59fcc88f39fd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors