e191ab598dc7f9bb75c214fb6808f94b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • .hash.net
  • Inf-Inf.bat.cmd.com
  • Inf.bat.cmd.com
  • bat.cmd.com
  • birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com
  • dedis.ch
  • genretrucklooksValueFrame.net
  • github.com
  • go.dedis.ch
  • golang.org
  • http://www.C
  • http://www.a
  • http://www.css
  • http://www.hortcut
  • http://www.icon
  • http://www.interpretation
  • http://www.language
  • http://www.style
  • http://www.text-decoration
  • http://www.w3.org
  • http://www.w3.org/shortcut
  • http://www.wencodeURIComponent
  • http://www.years
  • https://127.0.0.1
  • https://www.World
  • https://www.recent
  • thing.org
  • type..eq.net
  • type..hash.net
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Malicious VirusTotal score: 34/69 (Scanned on 2023-03-17 14:31:53) Lionic: Hacktool.Win64.Vilers.tsbi
Elastic: malicious (high confidence)
McAfee: Artemis!E191AB598DC7
VIPRE: Generic.Gonana.A.0A7A2D4D
Sangfor: Trojan.Win32.Agent.Vodc
BitDefender: Generic.Gonana.A.0A7A2D4D
CrowdStrike: win/malicious_confidence_70% (D)
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of WinGo/Kryptik.AX
APEX: Malicious
Paloalto: generic.ml
Cynet: Malicious (score: 100)
Alibaba: VirTool:Win32/Myrddin.45e07a42
MicroWorld-eScan: Generic.Gonana.A.0A7A2D4D
Avast: Win64:Trojan-gen
Emsisoft: Generic.Gonana.A.0A7A2D4D (B)
TrendMicro: TROJ_GEN.R002C0DCG23
McAfee-GW-Edition: BehavesLike.Win64.Trojan.vh
FireEye: Generic.Gonana.A.0A7A2D4D
Sophos: ATK/Magent-H
GData: Generic.Gonana.A.0A7A2D4D
Avira: TR/Redcap.glncu
MAX: malware (ai score=88)
Arcabit: Generic.Gonana.A.0A7A2D4D
Microsoft: VirTool:Win32/Myrddin.D
Google: Detected
AhnLab-V3: Trojan/Win.Myrddin.C5317087
ALYac: Generic.Gonana.A.0A7A2D4D
TrendMicro-HouseCall: TROJ_GEN.R002C0DCG23
Rising: Trojan.Kryptik!8.8 (CLOUD)
Ikarus: Trojan.Win64.Obfus
MaxSecure: Trojan.Malware.300983.susgen
Fortinet: W32/Kryptik.AX!tr
AVG: Win64:Trojan-gen

Hashes

MD5 e191ab598dc7f9bb75c214fb6808f94b
SHA1 b3f3e4087d973d3ecd52bb47de46a15d64c9c1e4
SHA256 39ac269fc5055f91ffb00a7ca107f421430edd62b340bb5bc9b81c6cfc03dc0b
SHA3 5bdb25c1eaa721f9b5475bb08d78a56d6c3576c4d8dc458aed4578c7e4db6133
SSDeep 49152:ZRRKtC4qfZQR2rb/TMvO90d7HjmAFd4A64nsfJ5BnTtI9fy/jsZi0w+DD/H4cRO:cEXuJYEVj91QxXhXEUNeIhGIm2
Imports Hash 9cbefe68f395e67356e2a5d8d1b285c0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0xaef000
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x67b600
SizeOfInitializedData 0x6d200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000005B1C0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0xb5d000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 000f83e7690bd277feb31811c86a83a7
SHA1 a5908f0cba257615c5955364ff390bb1129780ad
SHA256 94e6a2e53c4bdf92fadb901c7a15d54c0dc0fdbafee9fb7b04e2077c1bdfe2d6
SHA3 92a5f93342dfb392c31145ebfdb31d77b1cdfd94aae3bf654f4e6035d56adeab
VirtualSize 0x67b4fd
VirtualAddress 0x1000
SizeOfRawData 0x67b600
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.18132

.rdata

MD5 efeddbc51cc15941f9d0dc249d316709
SHA1 6a66e571219710be323825941cdac2800a74e8e9
SHA256 9a6f38c01dbbe29b483bf5dd5790b3cda2d985d80d6073b447d84c02285bf1fa
SHA3 8944f0ec46557e0a069cd014afadfd8eef37016625fb8404b26bd5e24fa94646
VirtualSize 0x3f06d8
VirtualAddress 0x67d000
SizeOfRawData 0x3f0800
PointerToRawData 0x67bc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.59265

.data

MD5 d6d47c6adff7b84471ff5289c1e156ae
SHA1 6cfee42e4f3d2b101488a4e1ab4f5184c24f60a7
SHA256 0754a8f2d1658d79b1d6612fbd0122a8a05222f662fda7f6b33f356c9a966217
SHA3 ea0a54e68b69a87adb0533ff443c0e3692de987e6f7b1fa543ab1b228582a6c3
VirtualSize 0xd6958
VirtualAddress 0xa6e000
SizeOfRawData 0x6d200
PointerToRawData 0xa6c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.9127

.idata

MD5 0fe147e53575becdb9d943d8a7eb6dc2
SHA1 fb122370b101c9beee55e0449532180757f9f1a3
SHA256 ce67a5e5bb78d9902f3903e9aefa97204a3129033b61d812935fe064215ca016
SHA3 730cc79470eefd9a52788d1861d3f3db0b867054a91bf5082be7b48d383f8ecd
VirtualSize 0x47c
VirtualAddress 0xb45000
SizeOfRawData 0x600
PointerToRawData 0xad9600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.53669

.reloc

MD5 3bfa2fdacf28e96ef14ebf90367f1940
SHA1 2d53cdd720f68335ba4c6340c9e41341ecc397ab
SHA256 c597e490419aa21be22451a9d6a95f2ec1e737cf62b8e9bbb4ae2ebfee510198
SHA3 db5c9d5754db6f3563ea538131417c54cb20bff465968577a3247c935a2b5089
VirtualSize 0x15216
VirtualAddress 0xb46000
SizeOfRawData 0x15400
PointerToRawData 0xad9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.44508

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0xb5c000
SizeOfRawData 0x200
PointerToRawData 0xaef000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->