d57e611100e868935599c65c44032ad0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2095-Sep-11 03:01:38
Debug artifacts c:\project\karloson2\carloson\obj\Release\BookingSoft.pdb
Comments Booking soft tm
CompanyName Booking
FileDescription Booking
FileVersion 2.2.0.4
InternalName BookingSoft.exe
LegalCopyright Copyright @ 2019
LegalTrademarks @
OriginalFilename BookingSoft.exe
ProductName Softtm
ProductVersion 2.2.0.4
Assembly Version 2.2.0.3

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Suspicious The PE is possibly a dropper. Resources amount for 98.2021% of the executable.
Malicious VirusTotal score: 32/70 (Scanned on 2019-08-06 08:13:01) MicroWorld-eScan: Trojan.GenericKD.32214125
McAfee: Artemis!D57E611100E8
TrendMicro: TROJ_GEN.R020C0WH519
Symantec: Trojan.Gen.MBT
APEX: Malicious
Avast: Win32:Malware-gen
Kaspersky: HEUR:Trojan-PSW.MSIL.Azorult.gen
BitDefender: Trojan.GenericKD.32214125
AegisLab: Trojan.MSIL.Azorult.i!c
Emsisoft: Trojan.GenericKD.32214125 (B)
F-Secure: Trojan.TR/PSW.Azorult.rrfdc
McAfee-GW-Edition: Artemis
Trapmine: suspicious.low.ml.score
FireEye: Generic.mg.d57e611100e86893
Sophos: Mal/Generic-S
Webroot: W32.Malware.Gen
Avira: TR/PSW.Azorult.rrfdc
Fortinet: MSIL/Azorult!tr.pws
Arcabit: Trojan.Generic.D1EB8C6D
ZoneAlarm: HEUR:Trojan-PSW.MSIL.Azorult.gen
Microsoft: Trojan:Win32/Occamy.C
ALYac: Trojan.GenericKD.32214125
MAX: malware (ai score=100)
Ad-Aware: Trojan.GenericKD.32214125
Malwarebytes: Spyware.PasswordStealer
TrendMicro-HouseCall: TROJ_GEN.R020C0WH519
SentinelOne: DFI - Suspicious PE
GData: Trojan.GenericKD.32214125
AVG: Win32:Malware-gen
Panda: Trj/GdSda.A
CrowdStrike: win/malicious_confidence_80% (W)
Qihoo-360: Win32/Trojan.PSW.a72

Hashes

MD5 d57e611100e868935599c65c44032ad0
SHA1 584f8699d0191c7e53d2cc3db8495289cb2ceee1
SHA256 c8c21e477235d5675e29ac87b25f55393e40834059cc208fb0fc367e71c30df5
SHA3 f2114a73c58b19fb5b18dec24de2d67f31922717ce9866b2084799f0c217cf81
SSDeep 6144:2/AQCrhJbEuvvvG2jcz85nlEZxw4dHliM/dDQApR4DtgNbtnh8zbXvYk+:2JCrrxvWxisyuQ+DQA+DcKnL+
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2095-Sep-11 03:01:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x1400
SizeOfInitializedData 0x5bc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000322E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x62000
SizeOfHeaders 0x200
Checksum 0x68cc3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 61f6ce57a259e6f76885c8b73cd14c67
SHA1 177b3c36d536f95aa4d63572b9f584e6c1320945
SHA256 d0a579e3fe891a739b8e835bff4a695789bec5001ce3a8491fc2c2ed2c3ae160
SHA3 c2888fe52509c0b75a0c9a857ad938216ffa76a4af375d6a3c19f39ea7692510
VirtualSize 0x1234
VirtualAddress 0x2000
SizeOfRawData 0x1400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.06637

.rsrc

MD5 2988c1dda4d381c2a3634da8272c00aa
SHA1 50fdc7ad1fe0ebb802d764dfe31004cf61a5e82f
SHA256 8b9517823ec5d4b276d9128c2be61f51251f1f7053308de7c290e9743727fa70
SHA3 1f662b6252e7815046c05f0cf73de31d59ff5bec971dbdb9efb198960550d64b
VirtualSize 0x5b9ba
VirtualAddress 0x4000
SizeOfRawData 0x5ba00
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.92551

.reloc

MD5 421deee52b791879880ad4447dd78a36
SHA1 1cadf06f7fb0b13468ff13d94429baaccd47632f
SHA256 d0893d16d8dda71310dadd5f2765fbc19332d9665682ef70ebc476661292c3c9
SHA3 b6ce67ea388b90b9fcd5bbe084d2faa1b3a542bba7417936361df50efb991e2b
VirtualSize 0xc
VirtualAddress 0x60000
SizeOfRawData 0x200
PointerToRawData 0x5d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0776332

Imports

mscoree.dll _CorExeMain

Delayed Imports

BRAND1

Type PNG
Language UNKNOWN
Codepage UNKNOWN
Size 0x58a7e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95435
Detected Filetype PNG graphic file
MD5 b8f38cd59cca22547051dec4876db022
SHA1 694391cdbdb3d27a506e6be252d68c978053828f
SHA256 4f4432c6e2780f8376fa314837454f18a44f63c02c6b08486e93ab97ab01edc3
SHA3 033c9c3006784e151ace287e6a586db5208c69dbe5756dcb3185ffc8a04410b1

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76602
MD5 152a3f563e9208a9239b1d241ab0d26c
SHA1 be2917fc71b9223ab1ab27cacdfa04b4b56c8044
SHA256 30e0efdfc2d6374462f22990f548afff601294a9e05a67b25b25c53ac65e20aa
SHA3 3a52ad258a0fd7c9ab51038b5036f695bf7c738e7d3843d9658f359276863e0f

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.13669
MD5 7f671fb029fdc73ff0aaf9d4c9a0eb22
SHA1 b58d125dc59775f37065596812fe4691aabfb434
SHA256 015b0c89610312e19a2b47d9726339957e7f5faf1791aa57cd9bcddeb070a153
SHA3 6628b0566bc98aed9437ffdd56d503fd4974b54311b47067b0cd86df1fbca5ad

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.91985
MD5 8e57f060e41b38e45c767d11e88a4190
SHA1 78a7c8a0b36f3f1a1f4f5825cfeb8530882e69e9
SHA256 39766b84390993bd7bd0500d6a6514b05ffc6c70e2c533baa1958da6fb60ea68
SHA3 1da44af14566e6d435ca9bc27a1f1d6c5faedb8dca2d4edf8b49de515570780e

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.83772
MD5 40de3ee2e0bb364a37b4eb44f7011e90
SHA1 d85c8eea73c830f9ba260464891eef6b25821e57
SHA256 cd4cf407a50b78f07901b05c18a390c777c51a2fb43af6cdb066679473cc74ef
SHA3 d379887edc9b0d700796a046cc7575deed249f77cb18d7afd85017a3e8787fc2

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.68656
MD5 d18e59c05d26d4b562cf97d9687711e7
SHA1 c32306412fd34121e253807a75cd8ccf7503deea
SHA256 4229a0f6126b48229abe2a5399c989e9c8f2b245bd8d13cb52ad123d73dadc6b
SHA3 ed03141a65781446a4276ec48977cce67e3ecadb61cd624aeb20fe8ea6f5888d

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.50268
MD5 ff28b71061677f8a539fe1279effe72f
SHA1 23710b8ed8052053d820d7611aae0d1f0ee335f6
SHA256 d792c721c4e7603328e3a211566735d0dc47c6352ba886467f17a5a1e304e4df
SHA3 6c9a77aa30081d0545baa75f5137921bb5f52ffc94b97a4126238a82d25762c7

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86669
Detected Filetype Icon file
MD5 8eccd4bb74ab8d4072546feaebba6c85
SHA1 80416b2fd0673aaa025e5e2f2cce21799b43cead
SHA256 31240252f32b1b84fb851ed232b8fcd208edda2f957204963ca1d23788048194
SHA3 1120c3b5418192c5c26688f5b9b176be6ddc289ecc4a2caa0037f447134f2d28

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x344
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35381
MD5 89997de8a84616a69160ddd121a621e1
SHA1 3e42a5e88e385bb4001a20e3e9f0b4cda56d0941
SHA256 180f5cb4fc7e863edf5b0eda9abb3668cd6f593bdcc0a2eec18f3f9118b6bcbd
SHA3 e1acefcb9344914f856047b18b9adaff6a2d99b473dadc0781a68ff0af2768d2

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.2.0.4
ProductVersion 2.2.0.4
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Booking soft tm
CompanyName Booking
FileDescription Booking
FileVersion (#2) 2.2.0.4
InternalName BookingSoft.exe
LegalCopyright Copyright @ 2019
LegalTrademarks @
OriginalFilename BookingSoft.exe
ProductName Softtm
ProductVersion (#2) 2.2.0.4
Assembly Version 2.2.0.3
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2028-Jul-06 06:39:14
Version 0.0
SizeofData 82
AddressOfRawData 0x3188
PointerToRawData 0x1388
Referenced File c:\project\karloson2\carloson\obj\Release\BookingSoft.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->