Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Dec-16 00:50:47 |
Detected languages |
English - United States
|
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
8137101 bytes of data starting at offset 0xc600.
The overlay data has an entropy of 7.99982 and is possibly compressed or encrypted. Overlay data amounts for 99.3809% of the executable. |
Malicious | VirusTotal score: 5/70 (Scanned on 2021-01-15 06:45:29) |
Bkav:
W32.AIDetectVM.malware1
APEX: Malicious McAfee-GW-Edition: BehavesLike.Win32.ICLoader.wc Microsoft: Trojan:Win32/Wacatac.B!ml SentinelOne: Static AI - Suspicious PE |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xc8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Dec-16 00:50:47 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6400 |
SizeOfInitializedData | 0x22a00 |
SizeOfUninitializedData | 0x800 |
AddressOfEntryPoint | 0x000033C4 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4c000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetEnvironmentVariableW
SetFileAttributesW Sleep GetTickCount GetFileSize GetModuleFileNameW GetCurrentProcess CopyFileW SetCurrentDirectoryW GetFileAttributesW GetWindowsDirectoryW GetTempPathW GetCommandLineW GetVersion SetErrorMode lstrlenW lstrcpynW GetDiskFreeSpaceW ExitProcess MoveFileW CreateThread GetLastError CreateDirectoryW CreateProcessW RemoveDirectoryW lstrcmpiA CreateFileW GetTempFileNameW WriteFile lstrcpyA MoveFileExW lstrcatW GetSystemDirectoryW GetProcAddress GetModuleHandleA GetExitCodeProcess WaitForSingleObject lstrcmpiW lstrcmpW GetFullPathNameW GetShortPathNameW SearchPathW CompareFileTime SetFileTime CloseHandle ExpandEnvironmentStringsW GlobalFree GlobalLock GlobalUnlock GlobalAlloc DeleteFileW FindFirstFileW FindNextFileW FindClose SetFilePointer ReadFile MulDiv lstrlenA WideCharToMultiByte MultiByteToWideChar WritePrivateProfileStringW FreeLibrary GetPrivateProfileStringW GetModuleHandleW LoadLibraryExW |
---|---|
USER32.dll |
GetWindowRect
GetSystemMenu SetClassLongW IsWindowEnabled SetWindowPos GetSysColor GetWindowLongW SetCursor LoadCursorW CheckDlgButton GetMessagePos CallWindowProcW IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard OpenClipboard TrackPopupMenu ScreenToClient EnableMenuItem GetDlgItem SetDlgItemTextW GetDlgItemTextW MessageBoxIndirectW CharPrevW CharNextA wsprintfA DispatchMessageW PeekMessageW GetDC ReleaseDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint GetClientRect FillRect SystemParametersInfoW EndDialog RegisterClassW DialogBoxParamW CreateWindowExW GetClassInfoW DestroyWindow CharNextW ExitWindowsEx SetWindowTextW LoadImageW SetTimer ShowWindow PostQuitMessage wsprintfW SetWindowLongW FindWindowExW IsWindow CreatePopupMenu AppendMenuW GetSystemMetrics DrawTextW EndPaint CreateDialogParamW SendMessageTimeoutW SetForegroundWindow |
GDI32.dll |
SelectObject
SetTextColor SetBkMode CreateFontIndirectW CreateBrushIndirect DeleteObject GetDeviceCaps SetBkColor |
SHELL32.dll |
ShellExecuteExW
SHGetPathFromIDListW SHGetSpecialFolderLocation SHGetFileInfoW SHFileOperationW SHBrowseForFolderW |
ADVAPI32.dll |
AdjustTokenPrivileges
RegCreateKeyExW RegOpenKeyExW SetFileSecurityW OpenProcessToken LookupPrivilegeValueW RegEnumValueW RegDeleteKeyW RegDeleteValueW RegCloseKey RegSetValueExW RegQueryValueExW RegEnumKeyW |
COMCTL32.dll |
ImageList_Create
ImageList_AddMasked #17 ImageList_Destroy |
ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
XOR Key | 0xd25650e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 164 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |