Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2019-Jul-30 08:52:08 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. |
Resource 3193C7F1D798469D95E04174D4F0921F is possibly compressed or encrypted.
Resources amount for 93.3082% of the executable. |
Malicious | VirusTotal score: 19/70 (Scanned on 2021-05-10 19:05:56) |
FireEye:
Generic.mg.c701444da19a0c59
McAfee: Artemis!C701444DA19A Zillya: Trojan.Generic.Win32.922194 Alibaba: TrojanDropper:BAT/Tiggre.b1fa0dad Cybereason: malicious.8fabd8 Symantec: Trojan.Gen.2 ESET-NOD32: BAT/TrojanDropper.Agent.NFY APEX: Malicious Rising: Dropper.Agent!8.2F (CLOUD) Sophos: ML/PE-A McAfee-GW-Edition: BehavesLike.Win64.Trojan.tc Ikarus: Trojan.Win32.Tiggre Antiy-AVL: Trojan/Generic.ASMalwS.2BB2C00 AegisLab: Trojan.Win32.Cryrar.tqFl Cynet: Malicious (score: 100) Fortinet: PossibleThreat.PALLASNET.H AVG: FileRepMalware Avast: FileRepMalware CrowdStrike: win/malicious_confidence_60% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2019-Jul-30 08:52:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x16a00 |
SizeOfInitializedData | 0x1ae000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001000 (Section: .code) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x1c9000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
memset
wcsncmp memmove wcsncpy wcsstr _wcsnicmp _wcsdup free _wcsicmp wcslen wcscpy wcscmp wcscat memcpy tolower malloc |
---|---|
KERNEL32.dll |
GetModuleHandleW
HeapCreate GetStdHandle SetConsoleCtrlHandler HeapDestroy ExitProcess WriteFile GetTempFileNameW LoadLibraryExW EnumResourceTypesW FreeLibrary RemoveDirectoryW EnumResourceNamesW GetCommandLineW LoadResource SizeofResource FreeResource FindResourceW GetShortPathNameW GetSystemDirectoryW EnterCriticalSection CloseHandle LeaveCriticalSection InitializeCriticalSection WaitForSingleObject TerminateThread CreateThread Sleep WideCharToMultiByte HeapAlloc HeapFree LoadLibraryW GetProcAddress GetCurrentProcessId GetCurrentThreadId GetModuleFileNameW PeekNamedPipe TerminateProcess GetEnvironmentVariableW SetEnvironmentVariableW GetCurrentProcess DuplicateHandle CreatePipe CreateProcessW GetExitCodeProcess RtlLookupFunctionEntry RtlVirtualUnwind RemoveVectoredExceptionHandler AddVectoredExceptionHandler HeapSize MultiByteToWideChar CreateDirectoryW SetFileAttributesW GetTempPathW DeleteFileW GetCurrentDirectoryW SetCurrentDirectoryW CreateFileW SetFilePointer TlsFree TlsGetValue TlsSetValue TlsAlloc HeapReAlloc DeleteCriticalSection GetLastError SetLastError UnregisterWait GetCurrentThread RegisterWaitForSingleObject |
SHELL32.DLL |
ShellExecuteExW
SHGetFolderLocation SHGetPathFromIDListW |
WINMM.DLL |
timeBeginPeriod
|
OLE32.DLL |
CoInitialize
CoTaskMemFree |
SHLWAPI.DLL |
PathAddBackslashW
PathRenameExtensionW PathQuoteSpacesW PathRemoveArgsW PathRemoveBackslashW |
USER32.DLL |
CharUpperW
CharLowerW MessageBoxW DefWindowProcW GetWindowLongPtrW GetWindowTextLengthW GetWindowTextW EnableWindow DestroyWindow UnregisterClassW LoadIconW LoadCursorW RegisterClassExW IsWindowEnabled GetSystemMetrics CreateWindowExW SetWindowLongPtrW SendMessageW SetFocus CreateAcceleratorTableW SetForegroundWindow BringWindowToTop GetMessageW TranslateAcceleratorW TranslateMessage DispatchMessageW DestroyAcceleratorTable PostMessageW GetForegroundWindow GetWindowThreadProcessId IsWindowVisible EnumWindows SetWindowPos |
GDI32.DLL |
GetStockObject
|
COMCTL32.DLL |
InitCommonControlsEx
|