b92262c05435395322e54a6948bf60b4

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-May-09 02:21:41

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessA
Malicious VirusTotal score: 19/68 (Scanned on 2021-05-17 15:13:26) MicroWorld-eScan: Gen:Variant.Ursu.887102
ALYac: Gen:Variant.Ursu.887102
Malwarebytes: RiskWare.GameHack
Cyren: W64/Trojan.JURU-7483
APEX: Malicious
BitDefender: Gen:Variant.Ursu.887102
Ad-Aware: Gen:Variant.Ursu.887102
McAfee-GW-Edition: RDN/Generic.com
FireEye: Gen:Variant.Ursu.887102
Emsisoft: Gen:Variant.Ursu.887102 (B)
GData: Gen:Variant.Ursu.887102
Gridinsoft: Trojan.Win64.GameHack.ns
Arcabit: Trojan.Ursu.DD893E
AegisLab: Riskware.Win32.Ursu.1!c
McAfee: RDN/Generic.com
MAX: malware (ai score=83)
Rising: PUA.Presenoker!8.F608 (CLOUD)
MaxSecure: Trojan.Malware.101111862.susgen
Cybereason: malicious.054353

Hashes

MD5 b92262c05435395322e54a6948bf60b4
SHA1 642ef0378a9a458a54fc7cdaae71fdb6968b2d5e
SHA256 0ea19b88a41590285fbdd2ae2e0ba342b8510e51899aeea3aaaaf82521eab839
SHA3 fd2951f80a62ae723a5c536ed791e130eb44244737ab6059d74b356cde12c846
SSDeep 1536:jCnnThLjpqKaWv1ZhOwx7ISL0ljCDPyjhAJnsWXd09dlr1wFLO8GAwR:jCnThnpqvWNuwWu0ljCDPGApMZ1F8Jw
Imports Hash d391742cdc429701fc390403c98ef2b2

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2020-May-09 02:21:41
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xc200
SizeOfInitializedData 0xce00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002348 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0cb004b08ae96a5b7a57057ac62258f1
SHA1 4ec13f3ae37a2c052f1630ab17643caf8e4b2801
SHA256 11fa6131638ca626f4c438a09f6b1ec6b467755602341614b9f3090d88c5ddb0
SHA3 93e3b66c37d930614daf1df3386ca0fc6e000bb254810cd1ba4bc324e918f1c2
VirtualSize 0xc070
VirtualAddress 0x1000
SizeOfRawData 0xc200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39787

.rdata

MD5 410e563f85c9bc2d1e30dc441c1928f8
SHA1 78e5556b10b6061fed0ab375219607fa6e7190b0
SHA256 5f77ec17d8bdee79a8a89c14ac2b6ed216841864396d5a223f9838bb2e5bf6fc
SHA3 f2e817e533eeff77bacf77791d84d836e5dedfde99d0bfde21b2a59616840830
VirtualSize 0x9426
VirtualAddress 0xe000
SizeOfRawData 0x9600
PointerToRawData 0xc600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.62058

.data

MD5 dcb704b1a53aef2cba661a718a5198bc
SHA1 f47ff44519dac58d6b25bec252c2a5e100e44cf9
SHA256 7cf92b5d97a70128abc0e216bd75278dfb793f340bc3c2fb4d70dd2ea58fb08e
SHA3 4e9db2327227f38e240780a15a7d4e615fb413afb2a396687b13734ebaafcfc4
VirtualSize 0x1cc0
VirtualAddress 0x18000
SizeOfRawData 0xc00
PointerToRawData 0x15c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.14269

.pdata

MD5 b9712db8936564eea4a3ee367bd40515
SHA1 14d5429538f8ed376042336b762d3be2d04f8013
SHA256 b19925d77a68ee015bd4899d6d6af0ace7f35557e12dc92587fcd1a33439cddb
SHA3 2afd463e3af506136832035ca0931e57ecdff3e9521f693b148d98aeb05ae7c0
VirtualSize 0xed0
VirtualAddress 0x1a000
SizeOfRawData 0x1000
PointerToRawData 0x16800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.61379

_RDATA

MD5 e48fb9ddfb130355cb2a6a3382a3909a
SHA1 84fe37c765ebe5e4971c239b8593e200f375525a
SHA256 aad15ceeafcab6a4a398b4fb8c5d3935636167f167d027164fa5ce7cbd4f57aa
SHA3 42b6f9046504e0ac43b975422bd5f05f0f5736a3e0c53444ccf6dfd132fed875
VirtualSize 0x94
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x17800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.05998

.reloc

MD5 26b012006f5d8e9bab29bde5d56e12a4
SHA1 cd179269898a077de24ab9babf740327cd7bb626
SHA256 00c2131977813d5f5cc36cc93aef98b52810a69c2105557488a00fb08ab14b0a
SHA3 c386c1079a707cb77af050cc1e5023faf65db59265c174b5d7f5b36cc6e6fb51
VirtualSize 0x660
VirtualAddress 0x1c000
SizeOfRawData 0x800
PointerToRawData 0x17a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.88014

Imports

KERNEL32.dll ReadFile
WriteFile
CloseHandle
WaitForSingleObject
CreateProcessA
CreateNamedPipeA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-May-09 02:21:41
Version 0.0
SizeofData 712
AddressOfRawData 0x15bbc
PointerToRawData 0x141bc

TLS Callbacks

Load Configuration

Size 0x108
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140018008

RICH Header

XOR Key 0x41bc0410
Unmarked objects 0
C objects (26715) 10
ASM objects (26715) 5
C++ objects (26715) 136
Imports (26715) 3
Total imports 87
C objects (VS2019 Update 2 (16.2) compiler 27905) 16
ASM objects (VS2019 Update 2 (16.2) compiler 27905) 8
C++ objects (VS2019 Update 2 (16.2) compiler 27905) 40
C++ objects (VS2019 Update 3 (16.3) compiler 28107) 1
Linker (VS2019 Update 3 (16.3) compiler 28107) 1

Errors

<-- -->