cb85617125124f3fc945c7f375349de3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Apr-24 12:49:55
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 0 import(s).
Malicious VirusTotal score: 23/69 (Scanned on 2020-09-17 23:37:59) Bkav: W32.AIDetectVM.malware2
Elastic: malicious (high confidence)
MicroWorld-eScan: Trojan.GenericKDZ.70043
FireEye: Generic.mg.cb85617125124f3f
ALYac: Trojan.GenericKDZ.70043
Arcabit: Trojan.Generic.D1119B
Invincea: Generic ML PUA (PUA)
Cyren: W32/Trojan.ONQR-1327
TrendMicro-HouseCall: TROJ_GEN.R002H09IE20
BitDefender: Trojan.GenericKDZ.70043
AegisLab: Trojan.Win32.Generic.4!c
Avast: Win32:Malware-gen
Ad-Aware: Trojan.GenericKDZ.70043
Emsisoft: Trojan.GenericKDZ.70043 (B)
Ikarus: Trojan.Win32.Claretore
GData: Trojan.GenericKDZ.70043
McAfee: Artemis!CB8561712512
Cylance: Unsafe
APEX: Malicious
eGambit: Unsafe.AI_Score_99%
Fortinet: PossibleThreat.PALLAS.H
AVG: Win32:Malware-gen
CrowdStrike: win/malicious_confidence_90% (W)

Hashes

MD5 cb85617125124f3fc945c7f375349de3
SHA1 fdd445057a5ce73444fc5c5ac50ac10ab0b44466
SHA256 e30ed00a2763403bc0040f3eb5f6b22874892d9a79bce5f4239404d6b9009b42
SHA3 1a29769a0ae472b8ed15d64118dda828390bc400601f21cf70c36d19af9b5093
SSDeep 768:ey2me3ArVXfOua4fodtgyqz+5DDZX9enaR8ltk7XaeJKfUsicWPJYcZJTvszNUPE:ey2XwrVXfj1fozgyqK5p9m4g8si1BYwY
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Apr-24 12:49:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xa000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0xe000
AddressOfEntryPoint 0x00018760 (Section: UPX1)
BaseOfCode 0xf000
BaseOfData 0x19000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 999cc1476fd627c89c94e780e8e231fe
SHA1 3edcde178c086a1b7e34a5693b91cbd87a210857
SHA256 5f2dd6cd808973eb9ad5dde71f17862fa5f57e42d3c1dcff6ad64c73551704fb
SHA3 3545a8d00fb949d946be413d377d597cff105ace6ebd287e0b5bf04cd35ca848
VirtualSize 0xa000
VirtualAddress 0xf000
SizeOfRawData 0x9a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87245

.rsrc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0x19000
SizeOfRawData 0x400
PointerToRawData 0x9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

Imports

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89431
MD5 9ca712e73be23059b8ab2934c7fcfe1b
SHA1 4a350e7638fa3a0b17d5e6d95500683960dc8206
SHA256 991da4060dcb5b705dd5860f760c25cdd938d5379e25410a2d3ad3a74d52975e
SHA3 1783c5762dffbdc44879fed6deb06b6c7ba6c58f500c98a88c1e2f149e3282e9

Version Info

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x413004
SEHandlerTable 0x411bf0
SEHandlerCount 3

RICH Header

XOR Key 0x41f31910
Unmarked objects 0
ASM objects (26715) 10
C++ objects (26715) 138
C objects (26715) 18
C++ objects (27521) 37
C objects (27521) 17
ASM objects (27521) 17
Imports (26715) 5
Total imports 82
265 (VS2019 Update 1 (16.1) compiler 27702) 1
Resource objects (VS2019 Update 1 (16.1) compiler 27702) 1
Linker (VS2019 Update 1 (16.1) compiler 27702) 1

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR. [!] Error: Could not read an IMAGE_BASE_RELOCATION! [*] Warning: Section UPX0 has a size of 0! [*] Warning: Section .rsrc is larger than the executable! [*] Warning: Section .rsrc is larger than the executable! [*] Warning: Section .rsrc is larger than the executable!