d5f28e20103a305059fba38f33f207ce

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Nov-09 14:44:36
FileDescription
FileVersion 1
InternalName Valorant Account Cracker V5.exe
LegalCopyright
OriginalFilename Valorant Account Cracker V5.exe
ProductVersion 1
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX Protector v1.0x (2)
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • HARDWARE\Description\System
  • Hardware\Description\System
Looks for VMWare presence:
  • VMWare
  • VMware
  • vmware
Looks for VirtualBox presence:
  • SOFTWARE\Oracle\VirtualBox Guest Additions
Looks for Qemu presence:
  • qemu
May have dropper capabilities:
  • CurrentVersion\Run
Contains another PE executable:
  • This program cannot be run in DOS mode.
Contains domain names:
  • cdn.discordapp.com
  • discord.com
  • discordapp.com
  • github.com
  • githubusercontent.com
  • http://ip-api.com
  • https://cdn.discordapp.com
  • https://cdn.discordapp.com/avatars/
  • https://discord.com
  • https://discordapp.com
  • https://i.imgur.com
  • https://i.imgur.com/vgxBhmx.png
  • https://ip4.seeip.org
  • https://raw.githubusercontent.com
  • https://raw.githubusercontent.com/Stanley-GF/PirateStealer/main/src/Injection/injection
  • https://www.countryflags.io
  • https://www.countryflags.io/
  • i.imgur.com
  • imgur.com
  • ip-api.com
  • ip4.seeip.org
  • raw.githubusercontent.com
  • roblox.com
  • seeip.org
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Malicious VirusTotal score: 37/66 (Scanned on 2021-11-10 15:47:46) Elastic: malicious (high confidence)
Cynet: Malicious (score: 99)
CAT-QuickHeal: Trojan.MsilFC.S22016763
ALYac: Gen:Variant.Razy.490172
Cylance: Unsafe
CrowdStrike: win/malicious_confidence_80% (D)
BitDefender: Gen:Variant.Razy.490172
Cyren: W32/MSIL_Kryptik.CRY.gen!Eldorado
ESET-NOD32: a variant of MSIL/Kryptik.PSV
APEX: Malicious
ClamAV: Win.Packed.Bulz-9868353-0
Kaspersky: Backdoor.Win32.DarkKomet.aagt
MicroWorld-eScan: Gen:Variant.Razy.490172
Ad-Aware: Gen:Variant.Razy.490172
Emsisoft: Gen:Variant.Razy.490172 (B)
Comodo: TrojWare.MSIL.Boilod.MFC@7j93d6
DrWeb: Trojan.DownLoader27.11135
McAfee-GW-Edition: Packed-PM!D5F28E20103A
FireEye: Generic.mg.d5f28e20103a3050
Sophos: Generic ML PUA (PUA)
Ikarus: Trojan.MSIL.Krypt
GData: Gen:Variant.Razy.490172
Avira: TR/PSW.Discord.ulxio
Arcabit: Trojan.Razy.D77ABC
Microsoft: Trojan:MSIL/Remcos.PH!MTB
McAfee: Packed-PM!D5F28E20103A
MAX: malware (ai score=85)
VBA32: TScope.Trojan.MSIL
Malwarebytes: Malware.AI.3851524634
Rising: Stealer.Mercurial!1.D7B6 (CLASSIC)
SentinelOne: Static AI - Malicious PE
eGambit: Trojan.Generic
Fortinet: MSIL/CoinMiner.DTL!tr
BitDefenderTheta: Gen:NN.ZemsilF.34266.um0@aG9C6uo
AVG: Win32:TrojanX-gen [Trj]
Avast: Win32:TrojanX-gen [Trj]
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 d5f28e20103a305059fba38f33f207ce
SHA1 848cbb4fc2a773b1f71e18ce145de4642a52f544
SHA256 0384e24eb5b8080b4744d234bd659e1f9d57793deb2a0bf5bcceb022bb8e2e48
SHA3 3ea9b8cf4b0523b58a57e97b5e9ead6623f74a51c67eef300525b614e5260ff5
SSDeep 6144:H9Nd06cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37ahs:H9Nd06cW7KEZlPzCy37au
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2021-Nov-09 14:44:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x4e400
SizeOfInitializedData 0x4200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0005035E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x52000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x58000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1acd1b1dffbc46f5d64f9b2cd7f9f45f
SHA1 4af45e22c2155e2a4633f2a9c1895fb473d724dd
SHA256 1037f6498b0a08d8d0e9b1f86add2b8a07c12d335518995ce0fa871bdfe13125
SHA3 802fffb301f291b0c2c762bea137b1a430650b4bc430c975d9e6cfbac0253f9b
VirtualSize 0x4e364
VirtualAddress 0x2000
SizeOfRawData 0x4e400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.66126

.rsrc

MD5 2371df50ee9510326da10226c54e7464
SHA1 d220deed04cb1c569c75047bd4a0a5f673bedfee
SHA256 4e04644f824a1f47e00113e4545318ab3949b989895baa368b16c6101eda03bf
SHA3 0ebabbefdcd87d07e60d191ae2c7d4e4e5406476e6865413fce355681d2d16af
VirtualSize 0x3eb0
VirtualAddress 0x52000
SizeOfRawData 0x4000
PointerToRawData 0x4e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.58805

.reloc

MD5 6de1a9e6a1ae1c5480e5526f2f4c31f2
SHA1 52a2920d50bda79e0083e3fafc25d417d9f3f205
SHA256 f5fe75dfe5852e23466be92d2786835fc0c7f5f212eae498b47b03fd74091460
SHA3 0f5940e03605c6c9acf2e8950df714a22b2410ef70eb68085a145cca3a6b5747
VirtualSize 0xc
VirtualAddress 0x56000
SizeOfRawData 0x200
PointerToRawData 0x52600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.64577
MD5 17f1b07d306f4aa7c58f4d67b98fa53d
SHA1 ab8b94b1cd4f47a6b44a82fd1683fffcf7eaacc7
SHA256 a38846b98a219a336897c158001b5a64631256220ccf870f1d87abbf8866fb03
SHA3 6f7b9abef3c21a6ef48ed1e04c7554581d07be7d623b75cda8e311454fa69843

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.27917
MD5 314742f84e0d857b5f789d98f469ef1c
SHA1 3e245e9763ff4568a4f2b56b42f2c68790cd47e7
SHA256 36339e2be40a57eaaa889e36e4c1ef8909fa3658d847c27831d675aaabaff204
SHA3 19f8282e5ed4f6dbd52e34c6e606f01473c62364293529e68bdf1d07193f2ca8

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21732
MD5 899263984658f57cd6169831617f4709
SHA1 012a40916bb546655da0a671cc9d7506e3ab4a38
SHA256 0a1c56a09a265a2e94a11f4485233b1cfb2251e92e7b7030b29ac6420462dc52
SHA3 b2bb3e984d115dfd1b0571038c701ee534d8707dd018d6117d875decd1e562ca

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.49203
Detected Filetype Icon file
MD5 07c0f77a1c885d62e8422263fa1db0d5
SHA1 cf41fd2184e3ed55d5be792f537e61f96b4d2ef6
SHA256 8e839fb7cba6c11370b0bec18e654af7dd77155552c3a309e09c4a41e572ac8e
SHA3 13cf42b33da00938f87e0986407b465fda46fcca73d1bbb49962eb9048552d56

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x27c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.24911
MD5 c9e352dc761a67dba9f78fd92203b1a9
SHA1 01e28ec6beac4ecae0b373d206a1bdcb28a19a92
SHA256 747b509671edff32c5e5b9b1a2bfa949aacaea3e73bd81d0de1d161083982e19
SHA3 0523949a2285572020f265d1cc4461d5b3401b457ba72a5342c4d7521a676b93

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileDescription
FileVersion (#2) 1
InternalName Valorant Account Cracker V5.exe
LegalCopyright
OriginalFilename Valorant Account Cracker V5.exe
ProductVersion (#2) 1
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->