Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1970-Jan-01 00:00:00 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Suspicious | The PE is possibly packed. | Unusual section name found: .symtab |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 34/69 (Scanned on 2023-03-17 14:31:53) |
Lionic:
Hacktool.Win64.Vilers.tsbi
Elastic: malicious (high confidence) McAfee: Artemis!E191AB598DC7 VIPRE: Generic.Gonana.A.0A7A2D4D Sangfor: Trojan.Win32.Agent.Vodc BitDefender: Generic.Gonana.A.0A7A2D4D CrowdStrike: win/malicious_confidence_70% (D) Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of WinGo/Kryptik.AX APEX: Malicious Paloalto: generic.ml Cynet: Malicious (score: 100) Alibaba: VirTool:Win32/Myrddin.45e07a42 MicroWorld-eScan: Generic.Gonana.A.0A7A2D4D Avast: Win64:Trojan-gen Emsisoft: Generic.Gonana.A.0A7A2D4D (B) TrendMicro: TROJ_GEN.R002C0DCG23 McAfee-GW-Edition: BehavesLike.Win64.Trojan.vh FireEye: Generic.Gonana.A.0A7A2D4D Sophos: ATK/Magent-H GData: Generic.Gonana.A.0A7A2D4D Avira: TR/Redcap.glncu MAX: malware (ai score=88) Arcabit: Generic.Gonana.A.0A7A2D4D Microsoft: VirTool:Win32/Myrddin.D Google: Detected AhnLab-V3: Trojan/Win.Myrddin.C5317087 ALYac: Generic.Gonana.A.0A7A2D4D TrendMicro-HouseCall: TROJ_GEN.R002C0DCG23 Rising: Trojan.Kryptik!8.8 (CLOUD) Ikarus: Trojan.Win64.Obfus MaxSecure: Trojan.Malware.300983.susgen Fortinet: W32/Kryptik.AX!tr AVG: Win64:Trojan-gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0x4 |
e_cparhdr | 0 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0x8b |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 1970-Jan-01 00:00:00 |
PointerToSymbolTable | 0xaef000 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 3.0 |
SizeOfCode | 0x67b600 |
SizeOfInitializedData | 0x6d200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000005B1C0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.1 |
ImageVersion | 1.0 |
SubsystemVersion | 6.1 |
Win32VersionValue | 0 |
SizeOfImage | 0xb5d000 |
SizeOfHeaders | 0x600 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
WriteFile
WriteConsoleW WaitForMultipleObjects WaitForSingleObject VirtualQuery VirtualFree VirtualAlloc SwitchToThread SuspendThread SetWaitableTimer SetUnhandledExceptionFilter SetProcessPriorityBoost SetEvent SetErrorMode SetConsoleCtrlHandler ResumeThread PostQueuedCompletionStatus LoadLibraryA LoadLibraryW SetThreadContext GetThreadContext GetSystemInfo GetSystemDirectoryA GetStdHandle GetQueuedCompletionStatusEx GetProcessAffinityMask GetProcAddress GetEnvironmentStringsW GetConsoleMode FreeEnvironmentStringsW ExitProcess DuplicateHandle CreateWaitableTimerExW CreateThread CreateIoCompletionPort CreateFileA CreateEventA CloseHandle AddVectoredExceptionHandler |
---|