e76c1b8c9badae7954ef2c20b8d22bef

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Dec-11 11:56:39
Detected languages Italian - Italy
Debug artifacts C:\libujalemedufajikigo_yetebavakadefa28 belideribet_luv.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious PEiD Signature: UPolyX V0.1 -> Delikon
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExW
 Can access the registry:
  • RegQueryValueExW
  • RegQueryValueExA
  • RegQueryValueA
  • RegOpenKeyExA
  • RegCreateKeyA
  • RegCloseKey
 Memory manipulation functions often used by packers:
  • VirtualAllocEx
  • VirtualProtect
 Deletes entries from the event log:
  • ClearEventLogA
Malicious VirusTotal score: 54/71 (Scanned on 2019-10-12 16:47:14) MicroWorld-eScan: Trojan.GenericKD.32571738
FireEye: Generic.mg.e76c1b8c9badae79
CAT-QuickHeal: Ransom.Stop.MP4
Qihoo-360: Win32/Trojan.d41
McAfee: RDN/Generic.grp
Zillya: Trojan.Chapak.Win32.84496
K7AntiVirus: Trojan ( 005592da1 )
Alibaba: Trojan:Win32/Chapak.c9ccb97c
K7GW: Trojan ( 005592da1 )
Arcabit: Trojan.Generic.D1F1015A
TrendMicro: TROJ_GEN.R002C0PJ919
F-Prot: W32/Kryptik.AIY.gen!Eldorado
Symantec: Trojan.Gen.MBT
APEX: Malicious
Paloalto: generic.ml
Kaspersky: Trojan.Win32.Chapak.eail
BitDefender: Trojan.GenericKD.32571738
NANO-Antivirus: Trojan.Win32.Chapak.gcjgli
AegisLab: Trojan.Win32.Generic.4!c
Rising: Trojan.Kryptik!1.BD98 (CLASSIC)
Endgame: malicious (high confidence)
Sophos: Mal/GandCrab-G
Comodo: Malware@#3j99a69ptro73
F-Secure: Trojan.TR/AD.Chapak.lwxgs
VIPRE: Trojan.Win32.Generic!BT
Invincea: heuristic
McAfee-GW-Edition: RDN/Generic.grp
Fortinet: W32/Kryptik.GXCI!tr
Emsisoft: Trojan.GenericKD.32571738 (B)
SentinelOne: DFI - Malicious PE
Cyren: W32/Trojan.KJQS-7837
Webroot: W32.Malware.Gen
Avira: TR/AD.Chapak.lwxgs
MAX: malware (ai score=84)
Antiy-AVL: Trojan/Win32.Chapak
Microsoft: TrojanDownloader:Win32/Bandit.MS!MTB
ZoneAlarm: Trojan.Win32.Chapak.eail
AhnLab-V3: Trojan/Win32.RL_MalPe.R293851
Acronis: suspicious
ALYac: Trojan.GenericKD.32571738
VBA32: Trojan.Chapak
Malwarebytes: Trojan.MalPack.GS
Panda: Trj/GdSda.A
ESET-NOD32: a variant of Win32/Kryptik.GXAV
TrendMicro-HouseCall: TROJ_GEN.R002C0PJ919
Tencent: Win32.Trojan.Chapak.Akfc
Ikarus: Trojan.Win32.Crypt
eGambit: Unsafe.AI_Score_54%
GData: Trojan.GenericKD.32571738
Ad-Aware: Trojan.GenericKD.32571738
AVG: Win32:Trojan-gen
Avast: Win32:Trojan-gen
CrowdStrike: win/malicious_confidence_100% (W)
MaxSecure: Trojan.Malware.74620382.susgen

Hashes

MD5 e76c1b8c9badae7954ef2c20b8d22bef
SHA1 90ade91f1d8f88065c085d6118b35b9d3b5de744
SHA256 7e268467aec50b2d146c0b09eae1c6759ae508bc5b293e65b97a3cca14fe9311
SHA3 b3e523dd16a6e1145b44830361d6ea5b08b883273af56f112ff5b95203a142b1
SSDeep 6144:m8fbifzS7h2XL3z4ngymCf+FUaQtKJHv8zYLefO3jOTSIOzK5+v0GJB5eW5QzX:VfbifA2XL3zQgy1Wy7Klv8/mDIDe0Hz
Imports Hash fb656f157320223be0ae15e5a26bc41b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2018-Dec-11 11:56:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x14a00
SizeOfInitializedData 0x2077e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002A9C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x16000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x2092000
SizeOfHeaders 0x400
Checksum 0x6e692
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ad8d782b72f6663438dccfcfeecf2a26
SHA1 646297e74dcf4c7bd94818bf12e74f8d9b44746e
SHA256 bc7f1a33985bae80ed01834cee5439f010a7b73439d97aa05ffaa3741a7281f9
SHA3 5c71228d8903c5ce26f5c95e3a5eaf3e45273f87b2e96f6813b55c206caca404
VirtualSize 0x148a5
VirtualAddress 0x1000
SizeOfRawData 0x14a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.66674

.rdata

MD5 c0adc06cc60e34f7cf148ca3a1d1d066
SHA1 9837ee90dc6a9d0711a3f13de755f1fcb35da777
SHA256 66b1cfdb5842f4f22da780eff08b74860fa0a0d148365b05409dcd73e1d40b03
SHA3 dab42806e5531d3afc95f71c33fef88d97fcc913c68d45546126dec4b12c1762
VirtualSize 0x729a
VirtualAddress 0x16000
SizeOfRawData 0x7400
PointerToRawData 0x14e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.25995

.data

MD5 dd816dc9136120b8247835312b2166a7
SHA1 371a111fa24f73f896d25221a7277d4f1f9ebd83
SHA256 aeff33952a128eaf80e3f996011e5741299e648413a32b8c48d24b3024724ee4
SHA3 524f6eb76ac36507832caf3b46d0aee9ce29d53db55e3ed2cd0e6add49d4156b
VirtualSize 0x206daf8
VirtualAddress 0x1e000
SizeOfRawData 0x41000
PointerToRawData 0x1c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.15708

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x9
VirtualAddress 0x208c000
SizeOfRawData 0x200
PointerToRawData 0x5d200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.gfids

MD5 ad0bab8a9f153981aa51b3a9559a487c
SHA1 e6a024d7b76124740d882d43a6321f8249a49eb9
SHA256 54673119f37c596caa5583265bcb2954b16347d76d485e49e9c3c06fdc799890
SHA3 12315c04726189553721c5da3cdaa872b4b20e2432b54b950cdded0377529abb
VirtualSize 0x11c
VirtualAddress 0x208d000
SizeOfRawData 0x200
PointerToRawData 0x5d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.08924

.rsrc

MD5 8d892da11bc1cce67d3a14c985f40cef
SHA1 e6089ca1f1cfec9aa7a19c9a0ddbf08d46e2f0c2
SHA256 a11a6ec0b63fa9336ffbf45c1fc3479f2cb34e7c9845c3d060f41f12c44f0495
SHA3 b3af06c707f601e848a213e760fc26600eca37faf02c016eb6be70ac969541a9
VirtualSize 0x1560
VirtualAddress 0x208e000
SizeOfRawData 0x1600
PointerToRawData 0x5d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.50388

.reloc

MD5 caeeba90893f93f5dad66b860d60d611
SHA1 07878096f96ac0a3cfe5b373240a1b51cec8ddd6
SHA256 29aaf97708aa31d35464edf74d00b91f924580aaf395f374873ab9584e1bb58e
SHA3 2b9caa32b3b9fc36da89e415d561d10bc819d38e718d7db8adfb40cbe7c13c89
VirtualSize 0x124c
VirtualAddress 0x2090000
SizeOfRawData 0x1400
PointerToRawData 0x5ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.31003

Imports

KERNEL32.dll LoadLibraryA
LoadLibraryW
GetModuleFileNameW
GetFirmwareEnvironmentVariableW
FindResourceExW
EndUpdateResourceW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetCurrentDirectoryW
CreateDirectoryExA
DefineDosDeviceW
GetFileAttributesExW
DeleteFileW
CopyFileA
IsBadStringPtrA
GetDefaultCommConfigA
OpenSemaphoreA
UnregisterWait
OpenJobObjectW
SetInformationJobObject
ReleaseActCtx
GetCalendarInfoA
SetCalendarInfoW
EnumDateFormatsA
GetUserDefaultLangID
ReadConsoleInputA
AllocConsole
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
lstrlenA
lstrcmpW
GetMailslotInfo
PeekNamedPipe
GetSystemTimes
GetFileTime
RequestDeviceWakeup
LockFile
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsW
TerminateProcess
HeapWalk
HeapAlloc
VirtualAllocEx
VirtualProtect
LocalAlloc
GetDefaultCommConfigW
GlobalUnlock
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapReAlloc
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetProcessHeap
CloseHandle
SetStdHandle
GetStringTypeW
FlushFileBuffers
DecodePointer
USER32.dll GetMenu
CallMsgFilterA
ShowWindowAsync
CallWindowProcW
GetMonitorInfoW
ADVAPI32.dll RegisterServiceCtrlHandlerW
RegQueryValueExW
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
GetFileSecurityW
SetSecurityDescriptorControl
AddAccessDeniedAceEx
DeleteAce
AreAnyAccessesGranted
IsValidSid
ObjectPrivilegeAuditAlarmW
ImpersonateNamedPipeClient
NotifyChangeEventLog
ClearEventLogA
StartServiceW

Delayed Imports

1

Type RT_ICON
Language Italian - Italy
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.9213
MD5 ebed628ac66cdcf322d82ffc9b40e4f8
SHA1 7590d0c580b570b73fa1f126ce4c21f35a567d8f
SHA256 4c34ff1b863f7c1a9be3797ee877b02a5e33446e72b2c768e7de68ff0ce23c6e
SHA3 d8adac54bc9553e5d6683e009ce2417a9df3b47d694d3ee5cc70f9ca32d72bf8

20

Type RT_STRING
Language Italian - Italy
Codepage UNKNOWN
Size 0x264
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20617
MD5 5f0cb88ce708bcd241b07a5dc97f760f
SHA1 bdf3e42d3d757a62596a1472874cba01c66e3bb4
SHA256 eda95fc03f1607a43c7d963084771f6cf589f84a997da44a9c05cc739fa97d94
SHA3 668039a9955f792c803e2ee975d505963f3f4b64018a72127a0e05bca09d1ceb

750

Type RT_ACCELERATOR
Language Italian - Italy
Codepage UNKNOWN
Size 0x28
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.91096
MD5 cfc0224cd96e205ad168285c382c8698
SHA1 4b58c59bb97f3bcde6ebb617f60720e7737e79ac
SHA256 23225ed32d0619a046a002a765c2052640b3bb699bc254b636fb1d563a85af53
SHA3 894636ecee630166b6091cb8d0a3ed39564bd176a521b33f525eb2745a396a0c

116

Type RT_GROUP_ICON
Language Italian - Italy
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.7815
Detected Filetype Icon file
MD5 3c68f77c35c26ff079a1c410ee44fa62
SHA1 0b40150c95fc2c6414c90d44ee78b8d8814b3393
SHA256 a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0
SHA3 590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396

328

Type UNKNOWN
Language Italian - Italy
Codepage UNKNOWN
Size 0xa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.32193
MD5 55b708509e91ee1e46bb796e738b23bb
SHA1 c1b7883bbc114254d54703f3b1f37b01e5d12abb
SHA256 91b984368e86f685f20ac17df0b9623827985ac588ed61898e288e7609467e9f
SHA3 28bd95e4fcc71c8566f4967b29d242d511989922527b67b26e2ec7ac57f19287

329

Type UNKNOWN
Language Italian - Italy
Codepage UNKNOWN
Size 0xa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.32193
MD5 f1228f837bb20d4b31da36d6859bbf70
SHA1 f0765426cd3881dc6dd9eaff5cd3be81a9792bd1
SHA256 5f9b54a7214e4e7998fa23cf541c5f71313d0b34ac97b31c31d7bd2d7ef18e84
SHA3 abfb6b1be9120c337ac7b748c568b04d96cc3cec00494babd984f0b96fee604a

330

Type UNKNOWN
Language Italian - Italy
Codepage UNKNOWN
Size 0xa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.32193
MD5 d34870c59be02ca56da04a2c0d303e50
SHA1 71a18579fb2b413bb1b21d022a13b7712e8fe5f4
SHA256 356e49ddb4180b4e68630af6c1b7a689a030a2d5363c0b4bae995edf1bbe6e54
SHA3 7359aa34142df5cf4c12ae8ac2c129929e5b9269f0ec67c9daf33a4e8b81b460

String Table contents

Lep
Loroyecososo weledanac hayimetenuwevac fikuvuciyor rikov canu
Zilaligevep duxuwogib mupex hix hadu menovexofi lebigurul noliwe wupinez
Cowicawipozub lixozexi tewiboxigay sede kemocenugel basi
Rohokefirit jonefozisiwola gufemuca zezecoku yifih
Zijizaru lobonefi kitafakejavazu yixawisemucohip

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Apr-15 19:44:29
Version 0.0
SizeofData 101
AddressOfRawData 0x1bbdc
PointerToRawData 0x1a9dc
Referenced File C:\libujalemedufajikigo_yetebavakadefa28 belideribet_luv.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Oct-07 20:00:08
Version 0.0
SizeofData 20
AddressOfRawData 0x1bc3c
PointerToRawData 0x1aa3c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Oct-07 20:00:08
Version 0.0
SizeofData 860
AddressOfRawData 0x1bc50
PointerToRawData 0x1aa50

TLS Callbacks

StartAddressOfRawData 0x248c000
EndAddressOfRawData 0x248c008
AddressOfIndex 0x248b0f4
AddressOfCallbacks 0x416240
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x45e584
SEHandlerTable 0x432260
SEHandlerCount 41

RICH Header

XOR Key 0xbb77029e
Unmarked objects 0
241 (40116) 9
243 (40116) 123
242 (40116) 24
ASM objects (VS2015 UPD3 build 24123) 19
C objects (VS2015 UPD3 build 24123) 18
C++ objects (VS2015 UPD3 build 24123) 38
Imports (VS2008 SP1 build 30729) 7
Total imports 148
C++ objects (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->