Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1970-Jan-01 00:00:00 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Suspicious | The PE is possibly packed. | Unusual section name found: .symtab |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 8/72 (Scanned on 2019-10-31 21:29:52) |
Cybereason:
malicious.b3bd3e
Symantec: Hacktool.Sliver McAfee-GW-Edition: BehavesLike.Win64.VirRansom.wm Jiangmin: Trojan.Generic.dyfbv Microsoft: Trojan:Win32/Zpevdo.B McAfee: Artemis!D9E80958E631 APEX: Malicious AVG: FileRepMalware |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0x4 |
e_cparhdr | 0 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0x8b |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 5 |
TimeDateStamp | 1970-Jan-01 00:00:00 |
PointerToSymbolTable | 0x7c7000 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 3.0 |
SizeOfCode | 0x391200 |
SizeOfInitializedData | 0x36400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000059A00 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x7ec000 |
SizeOfHeaders | 0x600 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
WriteFile
WriteConsoleW WaitForSingleObject VirtualQuery VirtualFree VirtualAlloc SwitchToThread SetWaitableTimer SetUnhandledExceptionFilter SetProcessPriorityBoost SetEvent SetErrorMode SetConsoleCtrlHandler LoadLibraryA LoadLibraryW GetSystemInfo GetSystemDirectoryA GetStdHandle GetQueuedCompletionStatus GetProcessAffinityMask GetProcAddress GetEnvironmentStringsW GetConsoleMode FreeEnvironmentStringsW ExitProcess DuplicateHandle CreateThread CreateIoCompletionPort CreateEventA CloseHandle AddVectoredExceptionHandler |
---|