Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-Mar-20 20:22:13 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\lold\source\repos\lold\Release\lold.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA256 |
Suspicious | The PE is possibly packed. | Unusual section name found: .voltbl |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: CryptoCO
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2 |
Malicious | VirusTotal score: 7/72 (Scanned on 2020-04-06 17:49:14) |
MicroWorld-eScan:
Gen:Variant.Ursu.809739
BitDefender: Gen:Variant.Ursu.809739 Endgame: malicious (high confidence) Emsisoft: Gen:Variant.Ursu.809739 (B) GData: Gen:Variant.Ursu.809739 MAX: malware (ai score=84) Cylance: Unsafe |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2020-Mar-20 20:22:13 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x27800 |
SizeOfInitializedData | 0x18600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000C172 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x47000 |
SizeOfHeaders | 0x400 |
Checksum | 0x4aba4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CloseHandle
CompareStringW CreateFileW CreateMutexA CreateThread DecodePointer DeleteCriticalSection EncodePointer EnterCriticalSection EnumSystemLocalesW ExitProcess ExitThread FindClose FindFirstFileExW FindNextFileW FindResourceW FlushFileBuffers FreeEnvironmentStringsW FreeLibrary FreeLibraryAndExitThread GetACP GetCPInfo GetCommandLineA GetCommandLineW GetConsoleCP GetConsoleMode GetConsoleWindow GetCurrentProcess GetCurrentProcessId GetCurrentThread GetCurrentThreadId GetEnvironmentStringsW GetExitCodeThread GetFileSizeEx GetFileType GetLastError GetLocaleInfoW GetModuleFileNameW GetModuleHandleExW GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetStartupInfoW GetStdHandle GetStringTypeW GetSystemTimeAsFileTime GetThreadTimes GetTickCount GetUserDefaultLCID HeapAlloc HeapFree HeapReAlloc HeapSize InitializeCriticalSectionAndSpinCount InitializeSListHead IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale LCMapStringW LeaveCriticalSection LoadLibraryA LoadLibraryExW LoadResource LockResource MultiByteToWideChar QueryPerformanceCounter RaiseException ReadConsoleW ReadFile RtlUnwind SetEndOfFile SetEnvironmentVariableW SetEvent SetFilePointerEx SetLastError SetStdHandle SetUnhandledExceptionFilter SizeofResource Sleep SwitchToThread TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter VirtualAllocExNuma WaitForSingleObjectEx WideCharToMultiByte WriteConsoleW WriteFile |
---|---|
USER32.dll |
ShowWindow
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Mar-20 20:22:13 |
Version | 0.0 |
SizeofData | 73 |
AddressOfRawData | 0x36ac2 |
PointerToRawData | 0x356c2 |
Referenced File | C:\Users\lold\source\repos\lold\Release\lold.pdb |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4394b4 |
SEHandlerTable | 0x436b0b |
SEHandlerCount | 52 |