d5b8ac0d80c99e7dda0d9df17c159f3d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Oct-30 04:08:38
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Info Interesting strings found in the binary: Contains domain names:
  • jrsoftware.org
Malicious VirusTotal score: 50/72 (Scanned on 2024-10-31 09:26:49) APEX: Malicious
AVG: Win32:Malware-gen
AhnLab-V3: Trojan/Win.Generic.C5606423
Alibaba: Trojan:MSIL/Heracles.fdfbc2b2
Antiy-AVL: Trojan/MSIL.Heracles
Arcabit: Trojan.Generic.D4711C42
Avast: Win32:Malware-gen
Avira: TR/Kryptik.gnquu
BitDefender: Trojan.GenericKD.74521666
Bkav: W32.AIDetectMalware.CS
CTX: exe.trojan.msil
ClamAV: Win.Packed.Lazy-10036699-0
CrowdStrike: win/malicious_confidence_100% (D)
Cylance: Unsafe
DeepInstinct: MALICIOUS
DrWeb: Trojan.Siggen29.61577
ESET-NOD32: a variant of MSIL/Kryptik.AMFK
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.74521666 (B)
F-Secure: Trojan.TR/Kryptik.gnquu
FireEye: Generic.mg.d5b8ac0d80c99e7d
Fortinet: MSIL/Kryptik.AMFK!tr
GData: MSIL.Trojan-Stealer.WhiteSnake.G3UFDK
Google: Detected
Gridinsoft: Malware.Win32.Gen.tr
Ikarus: Trojan.MSIL.Crypt
K7AntiVirus: Trojan ( 005b9c511 )
K7GW: Trojan ( 005b9c511 )
Kaspersky: HEUR:Trojan-PSW.MSIL.Stealer.gen
Kingsoft: MSIL.Trojan-PSW.Stealer.gen
Lionic: Trojan.Win32.Heracles.i!c
Malwarebytes: Trojan.Crypt.MSIL
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!D5B8AC0D80C9
McAfeeD: Real Protect-LS!D5B8AC0D80C9
MicroWorld-eScan: Trojan.GenericKD.74521666
Microsoft: Trojan:MSIL/Heracles.CXCF!MTB
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Rising: Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:/Z8+wfR9Xq5qEiBU15WnXQ)
SentinelOne: Static AI - Malicious PE
Skyhigh: Artemis!Trojan
Sophos: Mal/MSIL-VX
Symantec: ML.Attribute.HighConfidence
Tencent: Malware.Win32.Gencirc.141f6731
Trapmine: malicious.moderate.ml.score
Varist: W32/ABTrojan.VFXG-3780
VirIT: Trojan.Win32.MSIL_Heur.A
Xcitium: Malware@#34jvooy0emziy
alibabacloud: Trojan[stealer]:MSIL/Heracles.CDI93DGW

Hashes

MD5 d5b8ac0d80c99e7dda0d9df17c159f3d
SHA1 ae1e0aeb3fbba55999b74047ee2b8bb4e45f108a
SHA256 c330322b774eb263b008178ff707e13b843fd7df62445cca3c52356509c26f78
SHA3 06d1a6b4ba230c1cc161275e9fcdc727acb1cf3a07e0cff3d8b14c1cb4bdbc8b
SSDeep 6144:+MW2MDA5DDzwLLoMC9YsbxE0UyRtXpJldoopDIrhi7m:EREZELLoMeYkxEgJzTp
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2024-Oct-30 04:08:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x3ea00
SizeOfInitializedData 0xe600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00040929 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x42000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x54000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2bdbe9f6c652fc19d48b5cc1242a4e20
SHA1 40f5505ac59226bfa86c1ca02dcd0a0ef1abe510
SHA256 823b1d9b616dad4157d064f525b0c40bb35841cf8aeedf242d5e15d80e317b56
SHA3 33aa65d49ccf765c4067564e5e9f75b739021af26a44ac4ff39ddefb04887362
VirtualSize 0x3e92f
VirtualAddress 0x2000
SizeOfRawData 0x3ea00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.92698

.rsrc

MD5 5f49f94e89367157a32ad3441ce31ada
SHA1 6baddbeeaa6dd81a23b73cbba18344aa786483dd
SHA256 bdfb75ff01f53e9b7633596513431f05acb23cffa6de0d1067810600cfce87c2
SHA3 2266fdc3bcdcf61fcfb86f45407ad1f002c3dbe68e752886ae0dbfbb1c17ea5b
VirtualSize 0xe2f1
VirtualAddress 0x42000
SizeOfRawData 0xe400
PointerToRawData 0x3ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.36987

.reloc

MD5 52e40c31d7518491c819d662123eac07
SHA1 59090206411a30b600a920a3da5d68053cbf82a1
SHA256 18100c671f8c3b9e6f8ee6b4afd87522eb60b396f67955c0fd053dc5df766fc2
SHA3 54b95bd7e7cc39a995823a52fb82e0e66ef19039e902380e4355458cb3c1a660
VirtualSize 0xc
VirtualAddress 0x52000
SizeOfRawData 0x200
PointerToRawData 0x4d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xa68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.74641
MD5 2073a3bce01223d897c6e67e18e677e7
SHA1 f12d3ad97307acd4b6283883ff2535a1162b847f
SHA256 dadedca04ae6f15e735054a8844a0bb8c303e28e6a20a7b54393218ac9dac901
SHA3 e46bdf2c29fbea8826e7fbe4a23b787838298a2c57522375d89b84e0dadafb64

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98658
MD5 54aab9687517924a6f0872d3db85eefa
SHA1 62922bb6f27fbb4249513a00d0249079706901df
SHA256 49e1fd7235582a5fcda21ad7019a28f07be0bf5758e58ce433622ad2c186890f
SHA3 f088eafbfb352a9b54edad9f0b94b7222fb44a8593945940d99d3dd13d26e8dc

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01586
MD5 57086a45c3525554f76a843b8ea0ceb0
SHA1 bb3b05066884d9c430e0b242802c280ac263b894
SHA256 aaa0ec91899e3916e363e4670f8073cdd5de32024c330183e3e06a5c402ee7ae
SHA3 c79a0a88119906e5258eff43faafc4b86f3f5b6bb2871cce6de3d9cf379d4c66

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.1704
MD5 c9113f4798daee1ff04397b4699fee20
SHA1 04a77a02cdada1d0adb3af383475cf77ed177e76
SHA256 029b2163ec401f4b713e6870760f636551fab3fa800dbb940d4b0c547a922072
SHA3 47db69117d269446375dfe691c9444c7f9bbd176e1d529ba1748f54262d34cb9

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1628
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.912
MD5 a3ecd0150aa90c103ffd60e970a79b04
SHA1 155aa3f218939e3accb8578679c03dcbc88f5e52
SHA256 5426a3cf123eedfefc4fc0e764de1bd8c8f69edf6e0c68af1984438b28074de3
SHA3 212acca720a6b223f41cece9fd8589bbd1a13bbda47f2594ef695cac349254ba

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.8663
MD5 c519cde0a3de8b3fae65ec263d0211f2
SHA1 b5ec2ab4e4b832bbce774c34b575512f417dbea1
SHA256 aaa4217a07f23dc3124979542a8e1105ae36b6bd6e2951fd33e37fb66bfa6e97
SHA3 d126ff50d5c59f801cea6ba3220990d077af1349152fea03feb60a7e4fe71b0d

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.49649
MD5 07484b7d7d2de97ae274c997b13fcd95
SHA1 505d59bc4593dc34851764ff10e31a163db98f2d
SHA256 eab50ea5ff7abfa5e9c64cc691ea9cce1cac6d3a913a599902f486a05ce951e6
SHA3 fe754e115793dab307b8d9c1cf7eed88457e4fbe84d43324f4ad20d29dbb95dc

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.972379
MD5 d4e7ffb2c44d42dd0361bdf025ddc1cf
SHA1 b2f0d88ce66caf4e0efca16007174289977cf11b
SHA256 37265ae581f5649902228e063059ee88f390f5b67176020840d586a5cd55bd24
SHA3 0f814a879813c5f3705704e6b19fa66a7839ebf98df1941ad9e76825050843d9

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x12e5
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.68913
Detected Filetype PNG graphic file
MD5 2bdb3ce74738954decb4aa7784bc1dad
SHA1 7c1a93a6508fd2ab9998c87735e2e4cefebfdfef
SHA256 463eae02434b126bc01fc4aa5b1efd88fcb53313b05d180a199bfe064273cefd
SHA3 974d364c75b622f15c6c3f9f6fe645353b7aeaaf881f9285c1a568181ea6512d

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.03031
MD5 2f8da60b986b88d85ae9bf8741138629
SHA1 35b96991f3c9de50adc6a854314d7c4b3b762b4c
SHA256 83e1da080a4c85ba6c53a8b73a88a43bda96f0af2f63565aeacc8020c57fb711
SHA3 422e7d3d156266b34b571d202b0d2dcd4c42ebf317ab5755e4d4ab84837f5ed4

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.4506
MD5 b7a61dbaf8fed9e8fd55586271a7a2fe
SHA1 1bf83736a9459f39e8ad4415a8a55f0fd03031d9
SHA256 1b9e2b76fb8a6306d71a58e8277e61cf775b329f259833b48539dabc55564dde
SHA3 ad3d753b9786fa2d2920812cb8dfb9cc077f392df40690a3dcf584e51d55b6e9

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25978
MD5 74fa412d3b673173879e1694849b16fe
SHA1 fd666f6bd32077a3b3ad97d4591ed6e170179911
SHA256 e1cdcfc343bd2be7111edf269de89a61f6bed13a5780a79fec57110350d2b175
SHA3 59c23cb88d5b074c0e9d5dbc3af87739c0d65b11acab261f17e191f3575af7f4

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.88786
MD5 208b4b138664f95bc9c28daa5d6240b7
SHA1 79131678428163495ffee79cf6c3cd70a4622804
SHA256 c98be6a1843a183920435a4ebcfcd9e8b1595b05aa7eb74e646fde7e2a22145b
SHA3 5f193d529afeb126339e38e17cffc7868ea66de29a81db907d1c031d9c5822e3

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08095
Detected Filetype Icon file
MD5 ee0da5fbb3d343c27941fb3f8b77164a
SHA1 c2be29713ab52dcf391d34d14f367cbbab966cc0
SHA256 81341db39d8fdec0bd34960423a41a5e2ba5c5830b957f070d1563580b52011b
SHA3 f3d78fc2b713ea2475d919525d0e8019ea390471c9899df1b1345093fb558919

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x584
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80863
MD5 3fc91d51f9d09a682e8a2dfb9807abf3
SHA1 310dd1d0010b460df237700b38b23b411be7fa1d
SHA256 13708ca7e0948842e24c0a6f046d945f33abe29a16d2fce3afa21397d2ccf102
SHA3 3fc3a7b12a43a67f55641b5f869aa775318d266134ac36e29f0bf71a4b199cde

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO! [!] Error: Could not read a VS_FIXED_FILE_INFO! [*] Warning: Could not parse a VERSION_INFO resource!
<-- -->