d4cc7936dc45bd19f9d0763c84fda367

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Dec-21 20:59:46

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found:
Unusual section name found:
Unusual section name found: .zero
The PE only has 9 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Suspicious The PE is possibly a dropper. Resource DLL is possibly compressed or encrypted.
Resources amount for 90.9556% of the executable.
Malicious VirusTotal score: 51/72 (Scanned on 2025-01-21 22:08:38) ALYac: Gen:Variant.Application.Patcher.10
APEX: Malicious
AVG: Win32:MiscX-gen [PUP]
AhnLab-V3: Trojan/Win.Generic.R435334
Antiy-AVL: Trojan[Packed]/Win32.Blackmoon
Arcabit: Trojan.Application.Patcher.10
Avast: Win32:MiscX-gen [PUP]
Avira: TR/Crypt.XPACK.Gen
BitDefender: Gen:Variant.Application.Patcher.10
Bkav: W32.AIDetectMalware
CAT-QuickHeal: Trojan.Ghanarava.1733043036fda367
CTX: exe.trojan.patcher
CrowdStrike: win/malicious_confidence_70% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: a variant of Win32/HackTool.Patcher.AD potentially unsafe
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.Patcher.10 (B)
F-Secure: Trojan.TR/Crypt.XPACK.Gen
FireEye: Generic.mg.d4cc7936dc45bd19
Fortinet: Riskware/Patcher
GData: Gen:Variant.Application.Patcher.10
Google: Detected
Gridinsoft: Trojan.Heur!.022124A1
Ikarus: Dropper.SuspectCRC
K7AntiVirus: Unwanted-Program ( 004b8dd41 )
K7GW: Unwanted-Program ( 004b8dd41 )
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.1530106395
MaxSecure: Trojan.Malware.316887860.susgen
McAfee: Artemis!D4CC7936DC45
McAfeeD: ti!C75DFF972762
MicroWorld-eScan: Gen:Variant.Application.Patcher.10
Microsoft: Trojan:Win32/BlackMon!MSR
Paloalto: generic.ml
Panda: Trj/CI.A
Rising: Trojan.Kryptik@AI.100 (RDML:doFyRhwFzsbjttn5KSVtBg)
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win32.Dropper.nc
Sophos: Mal/Dropper-O
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.high.ml.score
TrendMicro: Trojan.Win32.BLACKMON.USBLCM24
TrendMicro-HouseCall: Trojan.Win32.BLACKMON.USBLCM24
VIPRE: Gen:Variant.Application.Patcher.10
Varist: W32/ABTrojan.VZAT-8353
Xcitium: TrojWare.Win32.Agent.WFN@4t5srs
Yandex: Trojan.GenAsa!+V7EyyfQ22g
Zillya: Tool.Patcher.Win32.46162

Hashes

MD5 d4cc7936dc45bd19f9d0763c84fda367
SHA1 1bf506bcab7b5ebf499fbf78c744c4db3d748794
SHA256 c75dff97276272634e5b4822911b5c31479c1b8c95294913e30ce73854c3428a
SHA3 9e6e2fa51850acfa2ff28774ea92d634bc9553d15caf3ffc770434c6c2391a6e
SSDeep 768:svI8pAwMDxUDr0BS8NDd+EPJ2weQzGQ7q6:5KAwM/NBb0we5N6
Imports Hash cdf5bbb8693f29ef22aef04d2a161dd7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2012-Dec-21 20:59:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x800
SizeOfInitializedData 0x8112
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000151A (Section: )
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0xe000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

Section_1

MD5 ef8878c3bf65737a14246f474a970a7a
SHA1 355a1ca36fea5c3d20f3c43e712e4754288015a1
SHA256 6adee92b47aa977d88b5f072e19412b1d2eb8151acc480fdf922156a218eb62d
SHA3 201c5d538b1feb989401f7ec318bd1269565af9e42c6ff4c45b4bc7b36358cc6
VirtualSize 0x3000
VirtualAddress 0x1000
SizeOfRawData 0x800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.44641

.rsrc

MD5 a633e3e0c8638e5eb384317e4f56767c
SHA1 1986c98c1f404c56e3f4496f24cda0a121d09e7e
SHA256 d1bd275f280620950a24791321cf51c57018b81b8e40c3fb82c3495407d83078
SHA3 ba71c68256710896b76231efbc8dbc69d676bf9ff9bde5305e851045a5795f31
VirtualSize 0x8000
VirtualAddress 0x4000
SizeOfRawData 0x8000
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.58729

Section_3

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero

MD5 70912ee8814685156c7204c3c4d3a3e5
SHA1 b4041346c3c259e22c0bf110125978cda6213440
SHA256 31ce6d5fc6ce430668607a41abbc5d34b8bd360f3f91a59f9ce9feb9fc1913f0
SHA3 b9538215cba65faace9ffed864f91970b11fa317033fa26b93b9ca6f8d1931e3
VirtualSize 0x112
VirtualAddress 0xd000
SizeOfRawData 0x112
PointerToRawData 0x8a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.78274

Imports

user32.dll MessageBoxA
wsprintfA
kernel32.dll ExitProcess
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
LoadLibraryA

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x16e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.64663
MD5 fa3abdf2e327abefac189cba0c714989
SHA1 714ddac10bdc9dc21656d4de29126c948af461bc
SHA256 bcd78900c24351554d0697427fd6fe75956975d52a3bcfc6ebdf31de20fe2113
SHA3 b06f2b90bdf1f6cccb9c6f0070707df8a7960300ec5301cd53b37bfdbc2e49b5

DLL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6400
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99272
MD5 71648f47f2d0b37d858796d0398b0094
SHA1 79f991c5c32d20b77a673b3bf7c371da0937d7c3
SHA256 8551e995a5b0a7e30baae3c49981b6c70e65f567668c82a01feaacf452e36386
SHA3 38b9bc276eb73161edea22d1318daf86226ff4f231fc42db56fd4c3f8a1863a4

500

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 eb29f4cade38a72f1e06ec2cb756b4e1
SHA1 2b04f140b78112ca7acee3c70c8a484e5b7aab75
SHA256 b36dc2f1a8aabfd1b61ac6f69aa76f32b4bbf9457abfea97416bed9c8b778f0e
SHA3 fb21ff75396a5405921eb58562224c5c2a8fb56290cdd8e31f40a5c023e51643

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x382
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85663
MD5 3d015c7d35d5e650f594c23c7368cd6f
SHA1 b5fdca6e0c5847a306b43553ce96c7c37a40c680
SHA256 3e11f55df49746534018ddcb81f928559124029992dfaa0adb67318b2d41df15
SHA3 94d9e3898971601d603eb374856eca2677a11d61314d956b1f82e18cd60c9b4c

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section has a size of 0!
<-- -->