e91fa8296b55acea94ac7b4d43800043

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Sep-15 11:54:23

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • http://www.smartassembly.com
  • http://www.smartassembly.com/webservices/Reporting/
  • http://www.smartassembly.com/webservices/Reporting/UploadReport2
  • http://www.smartassembly.com/webservices/UploadReportLogin/
  • http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
  • smartassembly.com
  • www.smartassembly.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious The file contains overlay data. 15720 bytes of data starting at offset 0x43800.
The overlay data has an entropy of 7.98882 and is possibly compressed or encrypted.
Malicious VirusTotal score: 21/67 (Scanned on 2020-09-15 10:37:35) Elastic: malicious (high confidence)
Sangfor: Malware
Cybereason: malicious.f9410a
Invincea: Generic ML PUA (PUA)
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Kaspersky: HEUR:Backdoor.MSIL.NetWiredRC.gen
Avast: Win32:RATX-gen [Trj]
DrWeb: Trojan.PackedNET.276
FireEye: Generic.mg.e91fa8296b55acea
Ikarus: Trojan.MSIL.SmartAssembly
Microsoft: Trojan:Win32/Woreflint.A!cl
ZoneAlarm: HEUR:Backdoor.MSIL.NetWiredRC.gen
ESET-NOD32: a variant of MSIL/Packed.SmartAssembly.AZ
SentinelOne: DFI - Malicious PE
eGambit: Unsafe.AI_Score_98%
Fortinet: MSIL/Kryptik.SHS!tr
BitDefenderTheta: Gen:NN.ZemsilF.34242.rm2@aO7BNtd
AVG: Win32:RATX-gen [Trj]
CrowdStrike: win/malicious_confidence_100% (D)
Qihoo-360: HEUR/QVM03.0.F16E.Malware.Gen

Hashes

MD5 e91fa8296b55acea94ac7b4d43800043
SHA1 b51bed4f9410a8c6db0e60083369f6e68019dc4e
SHA256 026bd73fce61c5177854904260c7aadb7eedaab416ea11d6c12b6a87f75d39f4
SHA3 ca358fbc8e705b8b79c2bfe1a42e01fcc39984f0079e523059ddb9b3d3e1fe8b
SSDeep 3072:wj12CnpWsqVA4osZaBbtVyc9g5GQtjtKduS39rZmOldMiYUNtpTM2iaMwByjUX1:yhTHbbXycYGQtjtKdTl5tI2AebX1
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Sep-15 11:54:23
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x40600
SizeOfInitializedData 0x3000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000425F7 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x44000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4a000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f69fac17a57e44f2aae5cbc793461c3b
SHA1 70eb4a3c87e80d33b3aef05e75bda9a30f33278a
SHA256 b0c56ad35788d007f8f2004187b006b40fcfe4c15b06fb6f8eab11bfdd989680
SHA3 a0367f16c064a7adf9acee1ffefdd4c71302f8a5405314062331dc59c105ebc5
VirtualSize 0x405fd
VirtualAddress 0x2000
SizeOfRawData 0x40600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.10036

.rsrc

MD5 d98b9c03a01eed22e35bf441611fd64e
SHA1 9ec8bb8cc6fb534290a77089ee2cd0119b0d815a
SHA256 0c2a52f7de3410693100b9330795db51bd8c3e5508fb942f2494f44e6c212e9b
SHA3 e745be5ea6e6159f7039c802f8caab298aebb6733f4317a19d0dc20fb9b40972
VirtualSize 0x2cea
VirtualAddress 0x44000
SizeOfRawData 0x2e00
PointerToRawData 0x40800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.57317

.reloc

MD5 133375d138e3827984d7cd00103dbabf
SHA1 0e4f07caa73263bcfa0c7bfcf52cc4b903117fec
SHA256 df09760540369fe6b47936413ca737f46db8ac1b68c06f014bf77388095bf6b4
SHA3 363e51518d5f1fe77a414cacfa6c03a28621b3ea54701efc78ed3b915b42bf22
VirtualSize 0xc
VirtualAddress 0x48000
SizeOfRawData 0x200
PointerToRawData 0x43600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1b8e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.83901
Detected Filetype PNG graphic file
MD5 c88936dd1a7d59c4403d6babb04dd87e
SHA1 cc33904defad90d05ccec92b7fff7d5902941795
SHA256 ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47
SHA3 28528f7316cb893a622c6611bbd967fcc40de2bf615e7332dee0fbd31997398e

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.29968
MD5 092bef43014ecb8adbaf06131ce5e40b
SHA1 1b15bd67961afbecb0cbbd1183c2d0dc9ed9e7cf
SHA256 f50850ec3e997252b5533691868d04c15e923efe4f694c0ea8126f612e60404c
SHA3 cab0b87867861997a7a03b362811b9052b40dea25bcd54a88c60956b6f6e9968

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.6735
MD5 3a69266d6258e81e65a29138c95fe2a8
SHA1 606560abf36b292f238d7ad4aa6c09ec8a21f8a3
SHA256 bc1cb94bcc63c8541ff535da88ed153ff3346db3fb93fc27fe87d414b2038dc4
SHA3 4204359c479df05357b6bf705b0d2961c1a4317d43977784fcf2835e25209f54

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.73746
MD5 75705b8eedfc400d14f7ae9c8f40935b
SHA1 ebecc73c1403107ce631cc21a6c4262a4c0ee1aa
SHA256 c433628ee32bb8698e81f2ebb23d615e4bcf34ba954055410c64c3638c95503c
SHA3 3b0525e50fdad680ebf6318fef60a34ffd36ae26a82fa7bb4675d27b0227a0e2

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.69265
MD5 76b057741da4577549a4b9ef8f585bb3
SHA1 4d4f6f821507639f8214bae9aa2be1f480b7e844
SHA256 b008246dad106e522b98810ce6bc1212c8f12e78a6f77506283782438ea5b65d
SHA3 acce4c5df16010fce31dd43cfe4645d11a9aadc7ccd5da162bdbd154c1ac9b78

1000

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.78538
Detected Filetype Icon file
MD5 53975c41e7520296015f9db3f16a6c74
SHA1 03aad254664361f296e2c982968d4afb537a573e
SHA256 4041084c14f8f142bf7919feedf1437c9bdb5c3040db4a2bd2b0cf387f006fcf
SHA3 79879cd09c0a4a1d24967b53fe230d9ae0fc1613299a75561402de6ad65509c7

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x324
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41199
MD5 1995c6684c046eae7c01a93147e1746a
SHA1 cb925fb4cb8db49567ca1c4675a677ea7256f6d8
SHA256 149a812d77b0553dc00b153623252938d0fa94e6475f8e53b1ef15da4fa0a273
SHA3 684c5afd1042eeb64085439802f608472e66f88a3f32ee686e1c298147d80933

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO! [!] Error: Could not read a VS_FIXED_FILE_INFO! [*] Warning: Could not parse a VERSION_INFO resource!