Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Aug-01 04:39:46 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
15674098 bytes of data starting at offset 0x43c00.
The overlay data has an entropy of 7.99588 and is possibly compressed or encrypted. Overlay data amounts for 98.2603% of the executable. |
Malicious | VirusTotal score: 39/67 (Scanned on 2021-11-29 17:35:55) |
MicroWorld-eScan:
Trojan.GenericKD.47461715
CAT-QuickHeal: Trojanransom.Python McAfee: Artemis!D03848A6760A Cylance: Unsafe K7AntiVirus: Trojan ( 0058abe71 ) BitDefender: Trojan.GenericKD.47461715 K7GW: Trojan ( 0058abe71 ) Cyren: W64/S-d6d7eeed!Eldorado Symantec: W32.Beapy ESET-NOD32: Python/Filecoder.JH APEX: Malicious Paloalto: generic.ml Kaspersky: Trojan-Ransom.Python.Agent.av Tencent: Python.Trojan-ransom.Agent.Av Ad-Aware: Trojan.GenericKD.47461715 Emsisoft: Trojan.GenericKD.47461715 (B) Comodo: TrojWare.Win32.Agent.fpyqf@0 Zillya: Trojan.Disco.Win32.1337 TrendMicro: TROJ_FRS.0NA103KM21 McAfee-GW-Edition: BehavesLike.Win64.Ransom.wc FireEye: Trojan.GenericKD.47461715 Sophos: Mal/Generic-R + Troj/Ransom-GLB Webroot: W32.Trojan.Gen Antiy-AVL: Trojan/Generic.ASMalwS.34493BB Kingsoft: Win32.Troj.Undef.(kcloud) Microsoft: Trojan:Win64/Malgent!MSR Gridinsoft: Ransom.Win64.Agent.sa Arcabit: Trojan.Generic.D2D43553 GData: Trojan.GenericKD.47461715 VBA32: TrojanRansom.Python ALYac: Trojan.Ransom.Filecoder MAX: malware (ai score=100) Malwarebytes: Trojan.Dropper.Python Panda: Trj/CI.A TrendMicro-HouseCall: TROJ_FRS.0NA103KM21 Fortinet: PossibleThreat.PALLASNET.H AVG: FileRepMalware Avast: FileRepMalware CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2021-Aug-01 04:39:46 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x23600 |
SizeOfInitializedData | 0x20200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000A87C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x58000 |
SizeOfHeaders | 0x400 |
Checksum | 0xf38063 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
CreateWindowExW
MessageBoxW MessageBoxA SystemParametersInfoW DestroyIcon SetWindowLongPtrW GetWindowLongPtrW GetClientRect InvalidateRect ReleaseDC GetDC DrawTextW GetDialogBaseUnits EndDialog DialogBoxIndirectParamW MoveWindow SendMessageW |
---|---|
COMCTL32.dll |
#380
|
KERNEL32.dll |
GetOEMCP
GetACP IsValidCodePage GetFileAttributesExW FlushFileBuffers GetCurrentDirectoryW GetCPInfo GetEnvironmentStringsW GetModuleHandleW MulDiv GetLastError SetDllDirectoryW GetModuleFileNameW GetProcAddress GetCommandLineW FreeEnvironmentStringsW SetEnvironmentVariableW ExpandEnvironmentStringsW CreateDirectoryW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW FreeLibrary LoadLibraryExW CloseHandle GetCurrentProcess LoadLibraryA LocalFree FormatMessageW MultiByteToWideChar WideCharToMultiByte GetStringTypeW GetProcessHeap GetTimeZoneInformation HeapSize HeapReAlloc WriteConsoleW SetEndOfFile GetEnvironmentVariableW RtlUnwindEx RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree RaiseException GetCommandLineA ReadFile CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindClose FindFirstFileExW FindNextFileW SetStdHandle SetConsoleCtrlHandler DeleteFileW GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc CompareStringW LCMapStringW |
ADVAPI32.dll |
OpenProcessToken
GetTokenInformation ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidW |
GDI32.dll |
SelectObject
DeleteObject CreateFontIndirectW |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Aug-01 04:39:46 |
Version | 0.0 |
SizeofData | 656 |
AddressOfRawData | 0x33a80 |
PointerToRawData | 0x32480 |
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140037018 |
XOR Key | 0x646b2763 |
---|---|
Unmarked objects | 0 |
C objects (27412) | 11 |
ASM objects (27412) | 7 |
C++ objects (27412) | 188 |
253 (28518) | 4 |
C++ objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 38 |
C objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 17 |
ASM objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 9 |
Imports (27412) | 11 |
Total imports | 136 |
C objects (VS2019 Update 9 (16.9.4) compiler 29914) | 19 |
Linker (VS2019 Update 9 (16.9.4) compiler 29914) | 1 |