Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-May-09 02:21:41 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 19/68 (Scanned on 2021-05-17 15:13:26) |
MicroWorld-eScan:
Gen:Variant.Ursu.887102
ALYac: Gen:Variant.Ursu.887102 Malwarebytes: RiskWare.GameHack Cyren: W64/Trojan.JURU-7483 APEX: Malicious BitDefender: Gen:Variant.Ursu.887102 Ad-Aware: Gen:Variant.Ursu.887102 McAfee-GW-Edition: RDN/Generic.com FireEye: Gen:Variant.Ursu.887102 Emsisoft: Gen:Variant.Ursu.887102 (B) GData: Gen:Variant.Ursu.887102 Gridinsoft: Trojan.Win64.GameHack.ns Arcabit: Trojan.Ursu.DD893E AegisLab: Riskware.Win32.Ursu.1!c McAfee: RDN/Generic.com MAX: malware (ai score=83) Rising: PUA.Presenoker!8.F608 (CLOUD) MaxSecure: Trojan.Malware.101111862.susgen Cybereason: malicious.054353 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2020-May-09 02:21:41 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xc200 |
SizeOfInitializedData | 0xce00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000002348 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1d000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ReadFile
WriteFile CloseHandle WaitForSingleObject CreateProcessA CreateNamedPipeA RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW WriteConsoleW RtlPcToFileHeader RaiseException RtlUnwindEx GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW GetStdHandle GetModuleFileNameW ExitProcess GetModuleHandleExW HeapAlloc HeapFree FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle GetFileType GetStringTypeW LCMapStringW GetProcessHeap HeapSize HeapReAlloc FlushFileBuffers GetConsoleCP GetConsoleMode SetFilePointerEx CreateFileW |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-May-09 02:21:41 |
Version | 0.0 |
SizeofData | 712 |
AddressOfRawData | 0x15bbc |
PointerToRawData | 0x141bc |
Size | 0x108 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140018008 |
XOR Key | 0x41bc0410 |
---|---|
Unmarked objects | 0 |
C objects (26715) | 10 |
ASM objects (26715) | 5 |
C++ objects (26715) | 136 |
Imports (26715) | 3 |
Total imports | 87 |
C objects (VS2019 Update 2 (16.2) compiler 27905) | 16 |
ASM objects (VS2019 Update 2 (16.2) compiler 27905) | 8 |
C++ objects (VS2019 Update 2 (16.2) compiler 27905) | 40 |
C++ objects (VS2019 Update 3 (16.3) compiler 28107) | 1 |
Linker (VS2019 Update 3 (16.3) compiler 28107) | 1 |