Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-May-18 21:47:17 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for VMWare presence:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Malicious | This program contains valid cryptocurrency addresses. |
Contains a valid Bitcoin address:
|
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 38/56 (Scanned on 2016-05-26 05:53:28) |
MicroWorld-eScan:
Trojan.GenericKD.3257805
nProtect: Trojan.GenericKD.3257805 CAT-QuickHeal: TrojanRansom.Crypren.r6 McAfee: Artemis!D1E75B274211 Malwarebytes: Ransom.FileLocker Zillya: Trojan.Crypren.Win32.282 K7AntiVirus: Riskware ( 0040eff71 ) BitDefender: Trojan.GenericKD.3257805 K7GW: Riskware ( 0040eff71 ) Cyren: W32/Trojan.FJKG-4300 Symantec: Trojan.Gen ESET-NOD32: Win32/Filecoder.FO TrendMicro-HouseCall: Ransom_ZCRYPT.A Avast: Win32:Malware-gen GData: Trojan.GenericKD.3257805 Kaspersky: Trojan-Ransom.Win32.Crypren.acrj Ad-Aware: Trojan.GenericKD.3257805 Sophos: Troj/Agent-ARXC F-Secure: Trojan.GenericKD.3257805 DrWeb: Trojan.Encoder.4645 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Ransom_ZCRYPT.A McAfee-GW-Edition: BehavesLike.Win32.Adware.bh Emsisoft: Trojan.GenericKD.3257805 (B) Jiangmin: Trojan.Crypren.br Avira: TR/Samca.qqhi Arcabit: Trojan.Generic.D31B5CD AegisLab: Uds.Dangerousobject.Multi!c Microsoft: Trojan:Win32/Dynamer!ac AhnLab-V3: Malware/Gen.Generic ALYac: Trojan.GenericKD.3257805 AVware: Trojan.Win32.Generic!BT Rising: Malware.Undefined!8.C-bPKooEeCa7Q (Cloud) Ikarus: Win32.SuspectCrc Fortinet: W32/Crypren.ACRJ!tr AVG: Ransom_r.NG Panda: Trj/GdSda.A Qihoo-360: HEUR/QVM10.1.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2016-May-18 21:47:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x80200 |
SizeOfInitializedData | 0x48400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0005E883 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x82000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xcd000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetFileAttributesA
GetLogicalDriveStringsA GetProcAddress GetFileSize ExitProcess WinExec lstrcmpiA CreateProcessA GetTempFileNameA GetComputerNameA GetLastError CloseHandle LocalFree GetTickCount GetStdHandle GetFileType GetCurrentThreadId GetModuleHandleA QueryPerformanceCounter GetCurrentProcessId FreeLibrary GlobalMemoryStatus FlushConsoleInputBuffer FlushFileBuffers GetACP MultiByteToWideChar SetEndOfFile HeapSize WriteConsoleW DeleteFileA LoadLibraryA CreateFileA GetFileAttributesA OpenMutexA CopyFileA CompareStringA Sleep GetTempPathA SetCurrentDirectoryA GetCurrentDirectoryA CreateMutexA FindClose SetFilePointer ExpandEnvironmentStringsA FindNextFileA GetDriveTypeA ExpandEnvironmentStringsW WriteFile GetCurrentProcess ReadFile FindFirstFileA GetModuleFileNameA FindFirstFileExA GetCommandLineW GetCommandLineA SetEnvironmentVariableA HeapFree HeapReAlloc HeapAlloc SetConsoleMode ReadConsoleInputA FreeEnvironmentStringsW GetEnvironmentStringsW GetOEMCP IsValidCodePage GetProcessHeap CreateFileW SetStdHandle ReadConsoleW SetFilePointerEx EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetConsoleMode WideCharToMultiByte EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer SetLastError InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW CompareStringW LCMapStringW GetLocaleInfoW GetStringTypeW GetCPInfo SetEvent ResetEvent WaitForSingleObjectEx UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW InitializeSListHead RtlUnwind RaiseException LoadLibraryExW GetModuleFileNameW GetModuleHandleExW SetConsoleCtrlHandler GetConsoleCP |
---|---|
USER32.dll |
MessageBoxA
GetUserObjectInformationW SystemParametersInfoA GetProcessWindowStation |
ADVAPI32.dll |
DeregisterEventSource
ReportEventA RegisterEventSourceA RegCloseKey RegOpenKeyA RegGetValueA RegCreateKeyExA GetUserNameA RegSetValueExA RegOpenKeyExA RegDeleteValueA SystemFunction036 |
SHELL32.dll |
SHGetFolderPathA
|
ole32.dll |
CoInitialize
CoCreateInstance |
OLEAUT32.dll |
#9
|
SHLWAPI.dll |
PathFindExtensionA
PathFileExistsA |
urlmon.dll |
URLDownloadToFileA
|
WININET.dll |
DeleteUrlCacheEntry
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-May-18 21:47:17 |
Version | 0.0 |
SizeofData | 94 |
AddressOfRawData | 0xb6c5c |
PointerToRawData | 0xb525c |
Referenced File | C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-May-18 21:47:17 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0xb6cbc |
PointerToRawData | 0xb52bc |
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-May-18 21:47:17 |
Version | 0.0 |
SizeofData | 1008 |
AddressOfRawData | 0xb6cd0 |
PointerToRawData | 0xb52d0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-May-18 21:47:17 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x4c3000 |
---|---|
EndAddressOfRawData | 0x4c3008 |
AddressOfIndex | 0x4c1af0 |
AddressOfCallbacks | 0x48229c |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4bebe8 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |
XOR Key | 0x636e8d6d |
---|---|
Unmarked objects | 0 |
241 (40116) | 14 |
243 (40116) | 169 |
242 (40116) | 28 |
ASM objects (23013) | 25 |
C++ objects (23013) | 62 |
C objects (23013) | 65 |
C objects (65501) | 2 |
208 (65501) | 2 |
Imports (65501) | 27 |
Total imports | 193 |
C objects (VS2015 build 23026) | 332 |
265 (VS2015 build 23026) | 2 |
ASM objects (VS2015 build 23026) | 2 |
Resource objects (VS2015 build 23026) | 1 |
Linker (VS2015 build 23026) | 1 |