Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Mar-17 20:33:10 |
Debug artifacts |
G:\aaaa\bbbb\cccc\dddd\eeee.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 37/71 (Scanned on 2020-03-25 16:16:29) |
MicroWorld-eScan:
Trojan.GenericKD.42872102
McAfee: Artemis!B7AD5F7EC71D Alibaba: Ransom:Win32/Cryptor.492dda55 K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Arcabit: Trojan.Generic.D28E2D26 Avast: Win32:Malware-gen Kaspersky: Trojan-Ransom.Win32.Cryptor.ddu BitDefender: Trojan.GenericKD.42872102 Paloalto: generic.ml Tencent: Win32.Trojan.Cryptor.Pgwr Ad-Aware: Trojan.GenericKD.42872102 Emsisoft: Trojan.GenericKD.42872102 (B) DrWeb: Trojan.Encoder.31322 TrendMicro: Ransom.Win32.SEKHMET.A McAfee-GW-Edition: Artemis!Trojan Sophos: Mal/Generic-S Cyren: W32/Trojan.KCGR-6380 Jiangmin: Trojan.Cryptor.ps eGambit: Unsafe.AI_Score_94% Fortinet: W32/Cryptor.DDU!tr.ransom Antiy-AVL: Trojan[Ransom]/Win32.Cryptor Endgame: malicious (high confidence) Microsoft: Trojan:Win32/Occamy.C AegisLab: Trojan.Win32.Cryptor.j!c ZoneAlarm: Trojan-Ransom.Win32.Cryptor.ddu TACHYON: Ransom/W32.Cryptor.709632 ALYac: Trojan.Ransom.Filecoder MAX: malware (ai score=82) ESET-NOD32: a variant of Generik.GYISLCY TrendMicro-HouseCall: Ransom.Win32.SEKHMET.A Rising: Ransom.Cryptor!8.10A9 (CLOUD) Ikarus: Trojan.SuspectCRC GData: Trojan.GenericKD.42872102 AVG: Win32:Malware-gen Panda: Trj/GdSda.A Qihoo-360: Win32/Trojan.Ransom.135 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2020-Mar-17 20:33:10 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x63e00 |
SizeOfInitializedData | 0x4a800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001460 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x65000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb2000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
VirtualAlloc
Sleep GetProcAddress LoadLibraryW CreateFileW VirtualQuery VirtualFree VirtualProtect GetCurrentProcess FlushInstructionCache LoadLibraryA IsBadReadPtr FreeLibrary lstrcmpA QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW IsProcessorFeaturePresent GetModuleHandleW TerminateProcess InterlockedPushEntrySList InterlockedFlushSList RaiseException RtlUnwind GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW ExitProcess GetModuleHandleExW GetModuleFileNameA GetModuleFileNameW MultiByteToWideChar WideCharToMultiByte HeapFree HeapAlloc GetCurrentThread GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW FindClose FindFirstFileExA FindFirstFileExW FindNextFileA FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableA SetEnvironmentVariableW GetProcessHeap GetStdHandle GetFileType SetConsoleCtrlHandler GetStringTypeW HeapSize HeapReAlloc SetStdHandle WriteFile FlushFileBuffers GetConsoleCP GetConsoleMode SetFilePointerEx OutputDebugStringA OutputDebugStringW CloseHandle WaitForSingleObjectEx CreateThread WriteConsoleW EncodePointer DecodePointer |
---|
Ordinal | 1 |
---|---|
Address | 0x2dbf |
Ordinal | 2 |
---|---|
Address | 0x1573 |
Ordinal | 3 |
---|---|
Address | 0x2158 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Mar-17 20:33:10 |
Version | 0.0 |
SizeofData | 56 |
AddressOfRawData | 0x6eb90 |
PointerToRawData | 0x6dd90 |
Referenced File | G:\aaaa\bbbb\cccc\dddd\eeee.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Mar-17 20:33:10 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x6ebc8 |
PointerToRawData | 0x6ddc8 |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x100a9038 |
SEHandlerTable | 0x1006ea80 |
SEHandlerCount | 3 |
XOR Key | 0x840b13da |
---|---|
Unmarked objects | 0 |
241 (40116) | 9 |
243 (40116) | 117 |
242 (40116) | 24 |
ASM objects (VS2015 UPD3 build 24123) | 17 |
C++ objects (VS2015 UPD3 build 24123) | 27 |
C objects (VS2015 UPD3 build 24123) | 15 |
Imports (65501) | 3 |
Total imports | 94 |
Unmarked objects (#2) | 3 |
Exports (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3 build 24210) | 1 |