ba86535fd4c14614d3c9588a03be0ea8

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Mar-20 20:22:13
Detected languages English - United States
Debug artifacts C:\Users\lold\source\repos\lold\Release\lold.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Suspicious The PE is possibly packed. Unusual section name found: .voltbl
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: CryptoCO
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2
Malicious VirusTotal score: 7/72 (Scanned on 2020-04-06 17:49:14) MicroWorld-eScan: Gen:Variant.Ursu.809739
BitDefender: Gen:Variant.Ursu.809739
Endgame: malicious (high confidence)
Emsisoft: Gen:Variant.Ursu.809739 (B)
GData: Gen:Variant.Ursu.809739
MAX: malware (ai score=84)
Cylance: Unsafe

Hashes

MD5 ba86535fd4c14614d3c9588a03be0ea8
SHA1 5a8f187dfec7c7615241b09d7f2a2b5e4dd7d25f
SHA256 d41fd38a8478bf788f5dc0acf0e070dd360ddc9bfff0804e6b5254cc0116aa81
SHA3 3979e7da3e11cf591e793a901409539e42687d7485dafe69c5b4e1f80138e275
SSDeep 6144:6ykTjaruSLu//FzFBha6rGI8kbssNeAO1dBSJnlV9w4UF+:RujaruSLI/xFBha8bsVXSJnlV9w4UF+
Imports Hash f9a33fef374fc2f7ebd620611900b1f0

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2020-Mar-20 20:22:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x27800
SizeOfInitializedData 0x18600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000C172 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x47000
SizeOfHeaders 0x400
Checksum 0x4aba4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a90118d64158ba6053f4ab30a9f867d0
SHA1 4651351e0a77e78b5fc2d071bc9e9c37e5de00ad
SHA256 7b5c7ee1a4ce8af473ec285946c157d2a731b51a63cc64b46f545b28c2ecc01d
SHA3 a1378c9fde9c37194e7de4060bb83e20ed7f49b66aed9fdfdebc6c643725aca6
VirtualSize 0x277ae
VirtualAddress 0x1000
SizeOfRawData 0x27800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.66406

.rdata

MD5 ff0e11f00616932cb0a66276a25b7954
SHA1 151a35fdf00ca57bf2018bf9dd5fe3ecd3a895d8
SHA256 700c074d5daeb9f1b435a8fcb2f01284856ccf4a16b2c08ae1ab2c6c37cdc920
SHA3 3deb700e5198b4293d7e7e51cf432ca53a26cf70ced410a76ca10602e32e6a0d
VirtualSize 0xfa44
VirtualAddress 0x29000
SizeOfRawData 0xfc00
PointerToRawData 0x27c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.50947

.data

MD5 f0a44668d4d971386f6f0bfb0659fdbf
SHA1 b2f21c7d2e7d32149f12035f58c1de7784efbe8f
SHA256 16dddb167dbb7c749e35ed089f4a47cea195e33c66e7e738924cb7afb7ce1af3
SHA3 b7b4744bda45d200e2de88ba8aa275529f0e4ce401f78720091be2ef49297587
VirtualSize 0x2080
VirtualAddress 0x39000
SizeOfRawData 0x1000
PointerToRawData 0x37800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.25752

.00cfg

MD5 5717faf0b294cfc395e3da760652765a
SHA1 40930fd1d6f2249b85763c7d71a4f7e676129f8a
SHA256 5001c61db1b2d500d99b7ff0d78d4aa4af4b422880ca73e6f7abfceff5d550d3
SHA3 0492744bc412ee2ae90e49f812a3d13a0a27e4b1060102bd74660f2d7a83c31c
VirtualSize 0x4
VirtualAddress 0x3c000
SizeOfRawData 0x200
PointerToRawData 0x38800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0611629

.voltbl

MD5 1333aac70e78ff516bf05bc3f96d1b41
SHA1 48f574f7a030aa1b95116e443b5f449b097f2c86
SHA256 8c2eecbbc4698bc0cd6a7e49a401f3f0ea3f471ccc9eb63c958097da79cab0ff
SHA3 09ed92fa796e18f46d093fae5cb645dd6913c3c471bacf2887fdab8e6387d6df
VirtualSize 0x137
VirtualAddress 0x3d000
SizeOfRawData 0x200
PointerToRawData 0x38a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics (EMPTY)
Entropy 4.41952

.rsrc

MD5 c9674cecf1c2f256d61f18a3bab3f05c
SHA1 c5eb1123e287e2557c6120ff392eba46f00d3ec3
SHA256 6778af4143d0683d6e0f0dbd2bb2672f88b850a0286500a3598d18122d83e1c3
SHA3 e8e03c425c74f5dcea29b08a4ccb9cebffe97fe55e0496a3db7f97387c952e9e
VirtualSize 0x5338
VirtualAddress 0x3e000
SizeOfRawData 0x5400
PointerToRawData 0x38c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.54567

.reloc

MD5 6697df3e3308346ba96f0db62cd4ec3f
SHA1 74957caf9758c4bb390753556cd9b8a5a6307a74
SHA256 48e3e1647383553bfc139030ea2bdbf80afab9ebd097d4a60318aac2e8e12455
SHA3 c5ecddde9bb3668d53771192a445d8555ef422f2b3cdac89373643aea8dfc3a1
VirtualSize 0x23fc
VirtualAddress 0x44000
SizeOfRawData 0x2400
PointerToRawData 0x3e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.58789

Imports

KERNEL32.dll CloseHandle
CompareStringW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadResource
LockResource
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAllocExNuma
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
USER32.dll ShowWindow

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04973
MD5 19bc4817e835b57d5df4addef86cfe66
SHA1 d99945aae610c8b0b971c222f65cbd45455e84b3
SHA256 f3431ee79e6a5d0d74342550abad2cfbae0e904602420de5abe67c03009e4e14
SHA3 cd7102cd9a30155e3991f69dc9ec96f51dca01a619952da15aef701e1155c20b

101

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0xe5e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.22904
Detected Filetype Bitmap graphic
MD5 2149d5766c183a8f5b9f1aa6b9af780a
SHA1 0ab4cf3bcb8aace815d0e48b0fca85565c8b5cd0
SHA256 d2bc571ca397bf60292a6388b5d2c7d34f07c9fe069dcc5ba4c0229a97965b81
SHA3 a5d127f555e4cc0683768f819a96c6405462000f27276e6a1aa3db40ba78fbba

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 3e1d980f0dc747eec9d946c155cb1498
SHA1 15414ced0202f709d400c957d441a8856dde8479
SHA256 027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd
SHA3 11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x143
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.71208
MD5 9ce8c70178061cc4cf4a6bb1e291df93
SHA1 dc9804dd3aa348fb0c05f53c53c698518af514a0
SHA256 6f88bc7cb02ccb2dbc26b5f4ce53e355b331e31bb920b2ba8cbbcd1b5d4cd5a0
SHA3 9492809889cb617928395fd8b46fc6dd11eeb9b1101175bd478b7c4ca5bc10e1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Mar-20 20:22:13
Version 0.0
SizeofData 73
AddressOfRawData 0x36ac2
PointerToRawData 0x356c2
Referenced File C:\Users\lold\source\repos\lold\Release\lold.pdb

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4394b4
SEHandlerTable 0x436b0b
SEHandlerCount 52

RICH Header

Errors

<-- -->