e2b75c862bb136d9a9168929a6c9a00a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: PE Spin v0.4x
Suspicious The PE is possibly packed. Unusual section name found: .wkt0
Section .wkt0 is both writable and executable.
Unusual section name found: .wkt0
Section .wkt0 is both writable and executable.
Unusual section name found: .wkt0
Section .wkt0 is both writable and executable.
Section .rsrc is both writable and executable.
Unusual section name found: .wkt0
Section .wkt0 is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Info The PE's resources present abnormal characteristics. Resource 100 is possibly compressed or encrypted.
Resource 100 is possibly compressed or encrypted.
Malicious VirusTotal score: 48/67 (Scanned on 2023-02-04 12:24:54) Bkav: W32.AIDetectNet.01
Lionic: Riskware.Win32.Generic.1!c
MicroWorld-eScan: Application.KeyGen.FO
FireEye: Generic.mg.e2b75c862bb136d9
CAT-QuickHeal: Trojan.IGENERIC
ALYac: Backdoor.Sdbot.gen
Malwarebytes: Injector.Trojan.MSIL.DDS
Sangfor: Trojan.Win32.Crypt.agl
K7AntiVirus: Riskware ( 0040eff71 )
BitDefender: Application.KeyGen.FO
K7GW: Riskware ( 0040eff71 )
Cybereason: malicious.62bb13
Arcabit: Application.KeyGen.FO
BitDefenderTheta: Gen:NN.ZexaF.36252.euWaa4PZqt
VirIT: Backdoor.Win32.Generic.BHET
Cyren: W32/Heuristic-162!Eldorado
Symantec: Backdoor.Sdbot
Elastic: malicious (high confidence)
ESET-NOD32: Win32/Keygen.KL potentially unsafe
APEX: Malicious
Paloalto: generic.ml
ClamAV: Win.Trojan.Agent-1370532
ViRobot: Trojan.Win32.Z.Sdbot.71168
VIPRE: Application.KeyGen.FO
TrendMicro: HKTL_KEYGEN
McAfee-GW-Edition: BehavesLike.Win32.Generic.kc
Trapmine: malicious.high.ml.score
Sophos: Mal/Packer
Ikarus: HackTool.KeyMaker
Jiangmin: Trojan/Generic.bhnuj
Webroot: W32.Packed.Heur
Google: Detected
Antiy-AVL: Trojan/Win32.BTSGeneric
Gridinsoft: Trojan.Win32.Agent.dg
Xcitium: Malware@#3ukv4t94np0qz
SUPERAntiSpyware: Hack.Tool/Gen-KeyGen
GData: Application.KeyGen.FO
Cynet: Malicious (score: 100)
AhnLab-V3: Unwanted/Win.Keygen.C4549946
Acronis: suspicious
McAfee: RDN/Generic Downloader.x
MAX: malware (ai score=99)
Panda: PUP/DownloadAssistant
Zoner: Probably Heur.ExeHeaderL
TrendMicro-HouseCall: HKTL_KEYGEN
Yandex: Trojan.Igent.bUwF4S.31
SentinelOne: Static AI - Malicious PE
Fortinet: W32/Generic.AC.8D68A!tr

Hashes

MD5 e2b75c862bb136d9a9168929a6c9a00a
SHA1 cf200b6759a3429159fa6aaaff239042cadc8bd7
SHA256 e1d78799d1cd43dc5a9c3c7306439b04d6c5ac99fa9adc3fd1fd5032676e1077
SHA3 afd649d005c3944a85eae560ce18f98fab1bf83dd54ebf9608b32bc80d8af711
SSDeep 1536:9/IKEJRjZa7NdUYjolwbxrtoE2sTe07UI:SKEJRdkTNjKI6fg7
Imports Hash 820ab24e53af2dbafc74d24f87e40262

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0x1800
SizeOfInitializedData 0xb800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000100D4 (Section: .wkt0)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x19710
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.wkt0

MD5 35d5661be30f80cf965d54bba3c49f5b
SHA1 af1dadc385655a6224070504a506547d06c61dbd
SHA256 a38806d7a87a43fea428eee0785652680ec974b479d1f5e313f6a5428c95b48a
SHA3 61a8ad10f6bcd90a2e72eb6466906547c09b4e1880813341db5b5b456fc01804
VirtualSize 0x2000
VirtualAddress 0x1000
SizeOfRawData 0xc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.93107

.wkt0 (#2)

MD5 2508d6fbe6f167d386a218b1146dcf3e
SHA1 c03c1dc89cc67e733303751591f82f5844d9c481
SHA256 d5ab9ca16a00a6c53bde36155e9ec37744d627ac7304901315cb377fe35b2bbd
SHA3 ac01071b1eaa3930443053f91fe18427f804224c76fa916d066e073166ed5daa
VirtualSize 0x1000
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.83078

.wkt0 (#3)

MD5 9379ae555bc64bb5acbbe537a07d1345
SHA1 3051e816019d48217b0c70dc3aceb8938cbddcb8
SHA256 c4b92ecaaa4f1edc98fdf1467ceaa34b41f54844b6a4d7bee757a26db0b95f6a
SHA3 11c0c59434e90821dab5bf8085ef398de5a9527f07c82424b5b8acf697cc3d7e
VirtualSize 0x3000
VirtualAddress 0x4000
SizeOfRawData 0x1400
PointerToRawData 0x1400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.96055

.rsrc

MD5 1e7de1a6623c82dfa6699961c0ef7957
SHA1 9abaa8f8188ec73fce3e5f9cc8aa4593cb6a8390
SHA256 f6ad18578dd016d9c61802e13260cb873719ff5f5c29476c94020b780240f323
SHA3 70cfb8c4960f06557058c3f6508d6c5fb506082adbb3ea8a2906f0061d643449
VirtualSize 0x9000
VirtualAddress 0x7000
SizeOfRawData 0x5600
PointerToRawData 0x2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.69095

.wkt0 (#4)

MD5 f3ea31c6a3c0bad3166c94afbf037a2c
SHA1 837ac5a3be411c8fd10acebade610601961579e2
SHA256 f340ce72c10a3a606cbf2eb1af1f3a0798b38a0fed9c21571b10762cfd20c75e
SHA3 e0deb185066d56f32cf649dd7bc340eeeba7e458a07a502602fe39063456db12
VirtualSize 0x9710
VirtualAddress 0x10000
SizeOfRawData 0x9800
PointerToRawData 0x7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.49007

Imports

USER32.DLL MessageBoxA
COMCTL32.DLL InitCommonControls
KERNEL32.dll LoadLibraryA
GetProcAddress

Delayed Imports

100

Type IMAGE
Language UNKNOWN
Codepage UNKNOWN
Size 0x409a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.80383
MD5 7f15b57639ee658b015cbf7ad72e9b29
SHA1 1c2d8187b17fc297fb8d9e663a4daf494d4f3f23
SHA256 d3f30540cb167657c2956dd495e6a2a26084044a8b58d10230d5953c01df1924
SHA3 012dca9ef7916442849c3a5896a0388a43b184a6b3b32ff34a534c032935e6b0

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36409
MD5 2b1f9592fe322027ef8dde04cbe4aa33
SHA1 b2df0840b7b17e2334d6b8b9b3d0537e5a2c77fe
SHA256 21c7f9a74144aafc8edf81c97e568433fba72dfedb1dffa87230eb479580f612
SHA3 52f74c96e6a1143382341cd78747c9344470abcd55d778c49a0447228d30b57b

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76023
MD5 19736009143ef608072c0e65a8cf23a3
SHA1 3b02cbc715f545ae807dfb095856ac0f0dd16e93
SHA256 bbfc3101e60615566b844a2bd11d303217c1c29be4842db6ab29375458b1c516
SHA3 aed811e07108a51a349a95034d01ca5e9505e09354778285dd61e3ccb40e1afc

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.80922
MD5 fe1dfd76ada151349c74b98519bd00b1
SHA1 0ef2d307a3010aafddecba8016a66b144ef35b9b
SHA256 1994ed37c823e3979b51dd141f99d79380b3d315e2f34adc7433356dfea39ea1
SHA3 68c0e7d42e5aede646912ec5d1736295eb2454cfd98da798518051678fc61ae9

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.80481
MD5 d636692cf3bb05cdc1fbe3b434bf2df9
SHA1 0643eeb24cf4ebaa09d26f468e83ed564af04e8f
SHA256 14c3891f5aec886d7b498a925bb06d3efb62217df1036724792ae28e37d4d053
SHA3 0dabd0850ee7efbd2be33cb57afcbf8ea0817376e3a027bb6fdf4c32bb61f5af

100 (#2)

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x140
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.33147
MD5 4ddd56513f854a625456b10d6c185198
SHA1 dc448ea5a63cb5a301cbf8ed42d9b90301e5ad7c
SHA256 b0be034c0b48396417cf2cc9d5947cc55d8294b632ebf25234470ec05d703438
SHA3 4f34e320701793b0e45705c4e294af30da543765e4147d2d92247925642ef8c6

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62308
Detected Filetype Icon file
MD5 1867677010a8b98518bbad5053c9f3fb
SHA1 c4d90dd338b5979f1a2169d51e745fe40c46c082
SHA256 ad4a5aad6219f3a1fce97f7b45e787ca6947e9af37c4ee39698934208aeffa45
SHA3 ec26aaf4edf47dc5260ae3a572008e5c42369b759cb3b88213411d67399ee6a9

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x259
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.9714
MD5 25772bec0f450d0b51e499433668a2b6
SHA1 24fdfb8f7d2acd33930110b2ac081edd58da79cf
SHA256 d9f067eabeebc77f358fa374a8953ab2b4011793d2f118910ea2cd8dc7b63679
SHA3 b69582a3a6e53a8d19cdbb7393d5408030286f31b2be06c7757ee1b8a4c19dd0

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x90b9d827
Unmarked objects 0
19 (8078) 68
Total imports 9
Imports (VS2003 (.NET) build 4035) 3
18 (8444) 5
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->