e9727e6899a4b36eb2c7e27a2348e779

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Dec-26 02:29:36

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Can access the registry:
  • RegCreateKeyExA
  • RegOpenKeyExA
  • RegQueryValueExA
  • RegSetValueExA
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessA
Malicious VirusTotal score: 23/66 (Scanned on 2022-06-22 00:44:31) Cylance: Unsafe
Sangfor: Trojan.Script.Phonzy.A
CrowdStrike: win/grayware_confidence_90% (W)
K7AntiVirus: Riskware ( 0040eff71 )
BitDefenderTheta: Gen:NN.ZexaF.34742.gyW@a4vqSIk
Cyren: W32/Trojan.DFYT-0672
APEX: Malicious
Paloalto: generic.ml
Tencent: Pua:Adware.Win32.Generic.16000204
Comodo: ApplicUnwnt@#2u4ioc2wh6g8f
McAfee-GW-Edition: GenericRXNG-KB!E9727E6899A4
Sophos: Mal/Generic-S (PUA)
Webroot: W32.Trojan.Gen
Gridinsoft: Malware.Win32.GenericMC.cc
Microsoft: Trojan:Script/Phonzy.A!ml
AhnLab-V3: Malware/Win32.RL_Generic.R362709
McAfee: GenericRXNG-KB!E9727E6899A4
VBA32: BScope.Trojan.Wacatac
Malwarebytes: RiskWare.Loader
TrendMicro-HouseCall: TROJ_GEN.R002H06HM21
MaxSecure: Trojan.Malware.108789982.susgen
Fortinet: W32/GenericRXNG.KB!tr
Panda: Trj/GdSda.A

Hashes

MD5 e9727e6899a4b36eb2c7e27a2348e779
SHA1 366a62749ce3e2246fb7b88da5a0f10ff1185d8f
SHA256 7ca3065396a815639cd413de0618cbed6d79c97509f561b58beb87555c59f6e4
SHA3 ba482d3ffa2032b176b4a39c4f36832a07579ab563bfad90e3dc78b1192cb1d3
SSDeep 3072:yEtNoNSxsDShk2KJXARQ/ElHtRtsOsBicmdxejafbKCe:yuMrDIgKe/0sLEuE5e
Imports Hash 68df222207fef7f231e00c449b19c09b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2020-Dec-26 02:29:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xfe00
SizeOfInitializedData 0xa000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001E13 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x11000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1e000
SizeOfHeaders 0x400
Checksum 0x1cc62
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 392f44ea832a2522d0041c4c81ba3b18
SHA1 226f257dcecb088ca83e8ff3a6902b141bc131d5
SHA256 82be19f731cace6775542ea05f47047ae56a5a8f66fecfd6c53be92f3f878bc2
SHA3 51fcc85d1156fd95c193ceadb72cdc30a3e1002732d222d03e2566d354a19a0a
VirtualSize 0xfd0b
VirtualAddress 0x1000
SizeOfRawData 0xfe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.63028

.rdata

MD5 afe01973eeff1828c684c1d971a6410b
SHA1 5b98f55f04d51882d835185655245706863d5916
SHA256 49403a51d1dab9b7799d5c24df4de68e3119d3e595bfb27df81f60cffc729f7c
SHA3 98c1b8a54e60a4917e3c2205a4df9a1d993beadf9f4754a68ae86e05f516ab33
VirtualSize 0x66be
VirtualAddress 0x11000
SizeOfRawData 0x6800
PointerToRawData 0x10200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.27245

.data

MD5 63d524ce67e89744109eb85e89e01d33
SHA1 dcaac1481faca206dbcaecca4f25e10917fd6e8d
SHA256 681510c71118d8a143b03eb8ae54857d81b2a26c6d90f90516caac66a090a438
SHA3 69bb566b87ea798c6b6d26f232dde838457fc0f9613dd9e278e7f32855f69e23
VirtualSize 0x13b8
VirtualAddress 0x18000
SizeOfRawData 0xa00
PointerToRawData 0x16a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.8124

.gfids

MD5 8695c3183ee740e2ced5cf29ce0d0dd9
SHA1 bf6b805ac138f76df62790f66041288522f04bab
SHA256 180755d9c5daf5446b67af5efef738c8c148896cb5cc7c5226deab6b4cc82ab8
SHA3 eff6f8d237b4e594ba25682b26d14ebfaa426ea076dc8c14c1c2423f601e8dc8
VirtualSize 0xb0
VirtualAddress 0x1a000
SizeOfRawData 0x200
PointerToRawData 0x17400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.909243

.reloc

MD5 c275dfe808a6e1277c3dd66c4ec37c65
SHA1 8c04b40784b9be2c289fb29ed3c3c6105b0b8f59
SHA256 19d508040a808009ad6c1862f08797b63060fe8b328fde51835c7eb447206036
SHA3 cc43adad736ffca499e3074985eacd990d9d2d706935079b3a12f0a7e7c6aab8
VirtualSize 0xf4c
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x17600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.46587

.rsrc

MD5 36bb5719bd1bc3a3acd56843311fcbf4
SHA1 9fc2b53960533b12c29e9e30aac3cbda33bed03c
SHA256 92ac51e41c8b526397fb06485877459aebb2f6a21afd99b4dd57c3b6866f2dc5
SHA3 85255bd3559e2d0c7bbdaacb19bfa88e1a3908ed9ddde3b8b5be50cdb914a569
VirtualSize 0x11b0
VirtualAddress 0x1c000
SizeOfRawData 0x1200
PointerToRawData 0x18600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.13603

Imports

ADVAPI32.dll RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
USER32.dll MessageBoxA
KERNEL32.dll WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetFileAttributesA
GetFullPathNameA
CloseHandle
WaitForSingleObject
GetCurrentProcessId
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
GetModuleFileNameA
GetModuleHandleA
lstrcpyA
lstrlenA
GetPrivateProfileStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
RaiseException

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.974653
MD5 cb949fb08b308102fa320bfd843882a5
SHA1 0479976c6e55dd1acdb003beea19b1724aa0259b
SHA256 091c244665328050014a4d644ee1e2b7aa6eac871e13c636900aaa8f535923cc
SHA3 2aaef6d5d5467c7f90f720d6dfa2b712c4ee83097793f5d3aa18564baf7da4ab

B5BC598FF05B09AA89C0A0976327CA508F658FF0

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.7815
Detected Filetype Icon file
MD5 3c68f77c35c26ff079a1c410ee44fa62
SHA1 0b40150c95fc2c6414c90d44ee78b8d8814b3393
SHA256 a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0
SHA3 590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Dec-26 02:29:36
Version 0.0
SizeofData 636
AddressOfRawData 0x1690c
PointerToRawData 0x15b0c

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x418004
SEHandlerTable 0x416900
SEHandlerCount 3

RICH Header

XOR Key 0x7f35f26c
Unmarked objects 0
ASM objects (26213) 9
C++ objects (26213) 138
C objects (26213) 18
ASM objects (24237) 16
C++ objects (24237) 29
C objects (24237) 17
Imports (26213) 7
Total imports 97
C++ objects (24245) 1
Linker (24245) 1

Errors

<-- -->