d1e75b274211a78d9c5d38c8ff2e1778

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-May-18 21:47:17
Detected languages English - United States
Debug artifacts C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VMWare presence:
  • ba 58 56 00 00 ed 81 fb 68 58 4d 56
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Malicious This program contains valid cryptocurrency addresses. Contains a valid Bitcoin address:
  • 17XajwHHeWbfKfNwn57sHRMAEXxvQUUGNd
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyA
  • RegGetValueA
  • RegCreateKeyExA
  • RegSetValueExA
  • RegOpenKeyExA
  • RegDeleteValueA
 Possibly launches other programs:
  • WinExec
  • CreateProcessA
 Can create temporary files:
  • CreateFileA
  • GetTempPathA
  • CreateFileW
 Has Internet access capabilities:
  • URLDownloadToFileA
 Enumerates local disk drives:
  • GetLogicalDriveStringsA
  • GetDriveTypeA
Malicious VirusTotal score: 38/56 (Scanned on 2016-05-26 05:53:28) MicroWorld-eScan: Trojan.GenericKD.3257805
nProtect: Trojan.GenericKD.3257805
CAT-QuickHeal: TrojanRansom.Crypren.r6
McAfee: Artemis!D1E75B274211
Malwarebytes: Ransom.FileLocker
Zillya: Trojan.Crypren.Win32.282
K7AntiVirus: Riskware ( 0040eff71 )
BitDefender: Trojan.GenericKD.3257805
K7GW: Riskware ( 0040eff71 )
Cyren: W32/Trojan.FJKG-4300
Symantec: Trojan.Gen
ESET-NOD32: Win32/Filecoder.FO
TrendMicro-HouseCall: Ransom_ZCRYPT.A
Avast: Win32:Malware-gen
GData: Trojan.GenericKD.3257805
Kaspersky: Trojan-Ransom.Win32.Crypren.acrj
Ad-Aware: Trojan.GenericKD.3257805
Sophos: Troj/Agent-ARXC
F-Secure: Trojan.GenericKD.3257805
DrWeb: Trojan.Encoder.4645
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: Ransom_ZCRYPT.A
McAfee-GW-Edition: BehavesLike.Win32.Adware.bh
Emsisoft: Trojan.GenericKD.3257805 (B)
Jiangmin: Trojan.Crypren.br
Avira: TR/Samca.qqhi
Arcabit: Trojan.Generic.D31B5CD
AegisLab: Uds.Dangerousobject.Multi!c
Microsoft: Trojan:Win32/Dynamer!ac
AhnLab-V3: Malware/Gen.Generic
ALYac: Trojan.GenericKD.3257805
AVware: Trojan.Win32.Generic!BT
Rising: Malware.Undefined!8.C-bPKooEeCa7Q (Cloud)
Ikarus: Win32.SuspectCrc
Fortinet: W32/Crypren.ACRJ!tr
AVG: Ransom_r.NG
Panda: Trj/GdSda.A
Qihoo-360: HEUR/QVM10.1.Malware.Gen

Hashes

MD5 d1e75b274211a78d9c5d38c8ff2e1778
SHA1 d14954a7b9e0c778909fe8dcad99ad4120365b2e
SHA256 bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
SHA3 8cbfb7b36b5f8f462308c9a3a354c1e879df46f6ece5b83f0eb94b5048bdabbc
SSDeep 24576:l2RNuxIAdOx6mNoGSyGMjc6XaMAy9xg5tMZ/Z3RPpEYrTQAU:rIG+lbGuntxktM15RPpEYrTQAU
Imports Hash 2d8de30988c616184b86c1e6bb106b6c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2016-May-18 21:47:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x80200
SizeOfInitializedData 0x48400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0005E883 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x82000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xcd000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5b291f3ba1b8b2b641aec3a9393c8527
SHA1 b68cfcdaef9892b380a44e52098fe8c07dc12037
SHA256 c36f6edb71ef14f1ac7e85484ec5ed49beae181d935bb83fdbebac83339c508b
SHA3 535f73c0aab6e594fd2812e77a02ae637f57dac2c047acee092c1f749e77237d
VirtualSize 0x801ec
VirtualAddress 0x1000
SizeOfRawData 0x80200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.60305

.rdata

MD5 af865c6397539232f14cb01b76c9e0c3
SHA1 bfaaac825167040e9cc52d767424556733823a11
SHA256 2f73ba6d818a515713ac0effaf59dde885f16b394c6018d97f1e9217e5a1ff5e
SHA3 90041358f79199a3439161552c7696d72d9538007094c106709e84fa34cf12dd
VirtualSize 0x37656
VirtualAddress 0x82000
SizeOfRawData 0x37800
PointerToRawData 0x80600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.69709

.data

MD5 37628cdeaac03f6eba24d4c239153323
SHA1 1f28e9c3dcefb6b033193df821835e57245d02b1
SHA256 3827dc8a8c72edc7b7f83547f87b0fd2702874e04c85b5f01b5a95dd3a321844
SHA3 a04086253b3fc4715ee46b4d15f65650a91364b59af6d17c1d7cdfc60bcfc43f
VirtualSize 0x8644
VirtualAddress 0xba000
SizeOfRawData 0x5a00
PointerToRawData 0xb7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.89082

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0xc3000
SizeOfRawData 0x200
PointerToRawData 0xbd800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 e1b64ef6cf28a4ee43171d87de37258c
SHA1 51c6e7245d218de482ff416d8abe9432e0f00bcb
SHA256 757cf3695e0cae496b407639a157b037c6ba0dd50d1fea2172806dd215e45d24
SHA3 5c0f232e348526c83d80224147ad8ccb3606da09372c3b13fb6dd3c003054843
VirtualSize 0x1e0
VirtualAddress 0xc4000
SizeOfRawData 0x200
PointerToRawData 0xbda00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 b45af0bde3ed3916346b5746ec305a0c
SHA1 fae3edabd95bb73b8d6aad54620ef615979e86bb
SHA256 5bfc4ec3c795367216123ae071b59a00a14064b8532359aace53559ac777d416
SHA3 b9c5b5c965583336e2e709325ca8856f8d0c08f57534d0c07a50747d774dfe6c
VirtualSize 0x7fe8
VirtualAddress 0xc5000
SizeOfRawData 0x8000
PointerToRawData 0xbdc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.50754

Imports

KERNEL32.dll SetFileAttributesA
GetLogicalDriveStringsA
GetProcAddress
GetFileSize
ExitProcess
WinExec
lstrcmpiA
CreateProcessA
GetTempFileNameA
GetComputerNameA
GetLastError
CloseHandle
LocalFree
GetTickCount
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushFileBuffers
GetACP
MultiByteToWideChar
SetEndOfFile
HeapSize
WriteConsoleW
DeleteFileA
LoadLibraryA
CreateFileA
GetFileAttributesA
OpenMutexA
CopyFileA
CompareStringA
Sleep
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateMutexA
FindClose
SetFilePointer
ExpandEnvironmentStringsA
FindNextFileA
GetDriveTypeA
ExpandEnvironmentStringsW
WriteFile
GetCurrentProcess
ReadFile
FindFirstFileA
GetModuleFileNameA
FindFirstFileExA
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetProcessHeap
CreateFileW
SetStdHandle
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
SetConsoleCtrlHandler
GetConsoleCP
USER32.dll MessageBoxA
GetUserObjectInformationW
SystemParametersInfoA
GetProcessWindowStation
ADVAPI32.dll DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegOpenKeyA
RegGetValueA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
SystemFunction036
SHELL32.dll SHGetFolderPathA
ole32.dll CoInitialize
CoCreateInstance
OLEAUT32.dll #9
SHLWAPI.dll PathFindExtensionA
PathFileExistsA
urlmon.dll URLDownloadToFileA
WININET.dll DeleteUrlCacheEntry

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-May-18 21:47:17
Version 0.0
SizeofData 94
AddressOfRawData 0xb6c5c
PointerToRawData 0xb525c
Referenced File C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2016-May-18 21:47:17
Version 0.0
SizeofData 20
AddressOfRawData 0xb6cbc
PointerToRawData 0xb52bc

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2016-May-18 21:47:17
Version 0.0
SizeofData 1008
AddressOfRawData 0xb6cd0
PointerToRawData 0xb52d0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2016-May-18 21:47:17
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x4c3000
EndAddressOfRawData 0x4c3008
AddressOfIndex 0x4c1af0
AddressOfCallbacks 0x48229c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4bebe8
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0x636e8d6d
Unmarked objects 0
241 (40116) 14
243 (40116) 169
242 (40116) 28
ASM objects (23013) 25
C++ objects (23013) 62
C objects (23013) 65
C objects (65501) 2
208 (65501) 2
Imports (65501) 27
Total imports 193
C objects (VS2015 build 23026) 332
265 (VS2015 build 23026) 2
ASM objects (VS2015 build 23026) 2
Resource objects (VS2015 build 23026) 1
Linker (VS2015 build 23026) 1

Errors

<-- -->