d9e80958e631496ad165e2326162f956

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Malicious VirusTotal score: 8/72 (Scanned on 2019-10-31 21:29:52) Cybereason: malicious.b3bd3e
Symantec: Hacktool.Sliver
McAfee-GW-Edition: BehavesLike.Win64.VirRansom.wm
Jiangmin: Trojan.Generic.dyfbv
Microsoft: Trojan:Win32/Zpevdo.B
McAfee: Artemis!D9E80958E631
APEX: Malicious
AVG: FileRepMalware

Hashes

MD5 d9e80958e631496ad165e2326162f956
SHA1 ad74b8eb3bd3ec17b96d450a731b76a3866d92c6
SHA256 ebf8020d148db05193c7ba5878569eb70b06e24903ed6ae0bff52a8de32c9b39
SHA3 71fec85c154c6f748aee7cb5b5d3e974f9b7f5a84a781227ef34e36f3c19b26e
SSDeep 98304:lOp2gi4DPjmvFPGAexnxbXmO1idzVxFX:4p2gi4DCvFPGAWxb2uidH
Imports Hash f0070935b15a909b9dc00be7997e6112

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x7c7000
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x391200
SizeOfInitializedData 0x36400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000059A00 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7ec000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 62a2e8faf618936d92f6d85eebe5d7cd
SHA1 1ebb5010984addfb76e84eb862815e0f7370e993
SHA256 4b141dfe01fb0f7d45ab55a9917c758bc7aa98fbf61749f7d443ce6aba0e1ae9
SHA3 ccb84c0d11f45d50330b35395c264cdee902f45dd67c5cbf1ee51bbcc47c2b1f
VirtualSize 0x391025
VirtualAddress 0x1000
SizeOfRawData 0x391200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.86203

.rdata

MD5 df54fa0e200f4a78e3e01cd921d89c17
SHA1 2ce4413a13f4ad643596fd985edb221e4517bd79
SHA256 037c7b9cc68960c5ffc57262c463362b541c2515816be8a064f45cd1389613f6
SHA3 e71f70f74f2afd4a53ff8b22a2b1e517d3723eb19ac3f104f5056e6b3dd35e17
VirtualSize 0x3fefaf
VirtualAddress 0x393000
SizeOfRawData 0x3ff000
PointerToRawData 0x391800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.38733

.data

MD5 f332c28fb37c5a49bc1aa292beb1580a
SHA1 3bd0adf6f76efa3575c0db193fb1b9ebd4d79184
SHA256 d43a79b40322c115cd99a20651aa29fb29cecfcd39f7d0807b3605e62a47d5bd
SHA3 3e19d686f46b5ecc7d32ac30e90decb77995733d312ed519f3136ddf02726e58
VirtualSize 0x578f8
VirtualAddress 0x792000
SizeOfRawData 0x36400
PointerToRawData 0x790800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.45247

.idata

MD5 f81a692e7aebd8abdf9864c875a55143
SHA1 583af72a335d6bc2f16af34e046a8a9071b54e92
SHA256 c2e4b80b94ab4a1e7beefd80fba4456930f20cd3dd208de0e6ca469fa1fa0ff5
SHA3 fefc804705c9d6d6df4d7640a3ac15ee7e23efac76080c31965fc02fc2aaac5b
VirtualSize 0x392
VirtualAddress 0x7ea000
SizeOfRawData 0x400
PointerToRawData 0x7c6c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.97574

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x7eb000
SizeOfRawData 0x200
PointerToRawData 0x7c7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->