Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Dec-26 02:29:36 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 23/66 (Scanned on 2022-06-22 00:44:31) |
Cylance:
Unsafe
Sangfor: Trojan.Script.Phonzy.A CrowdStrike: win/grayware_confidence_90% (W) K7AntiVirus: Riskware ( 0040eff71 ) BitDefenderTheta: Gen:NN.ZexaF.34742.gyW@a4vqSIk Cyren: W32/Trojan.DFYT-0672 APEX: Malicious Paloalto: generic.ml Tencent: Pua:Adware.Win32.Generic.16000204 Comodo: ApplicUnwnt@#2u4ioc2wh6g8f McAfee-GW-Edition: GenericRXNG-KB!E9727E6899A4 Sophos: Mal/Generic-S (PUA) Webroot: W32.Trojan.Gen Gridinsoft: Malware.Win32.GenericMC.cc Microsoft: Trojan:Script/Phonzy.A!ml AhnLab-V3: Malware/Win32.RL_Generic.R362709 McAfee: GenericRXNG-KB!E9727E6899A4 VBA32: BScope.Trojan.Wacatac Malwarebytes: RiskWare.Loader TrendMicro-HouseCall: TROJ_GEN.R002H06HM21 MaxSecure: Trojan.Malware.108789982.susgen Fortinet: W32/GenericRXNG.KB!tr Panda: Trj/GdSda.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2020-Dec-26 02:29:36 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xfe00 |
SizeOfInitializedData | 0xa000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001E13 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x11000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1cc62 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCreateKeyExA
RegOpenKeyExA RegQueryValueExA RegSetValueExA RegCloseKey |
---|---|
USER32.dll |
MessageBoxA
|
KERNEL32.dll |
WriteConsoleW
CreateFileW SetEnvironmentVariableA GetFileAttributesA GetFullPathNameA CloseHandle WaitForSingleObject GetCurrentProcessId ExitProcess TerminateProcess ResumeThread CreateProcessA GetModuleFileNameA GetModuleHandleA lstrcpyA lstrlenA GetPrivateProfileStringA UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW RtlUnwind GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW GetStdHandle WriteFile GetModuleFileNameW GetModuleHandleExW HeapFree HeapAlloc GetFileType FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle GetStringTypeW LCMapStringW GetProcessHeap SetFilePointerEx HeapSize HeapReAlloc FlushFileBuffers GetConsoleCP GetConsoleMode DecodePointer RaiseException |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Dec-26 02:29:36 |
Version | 0.0 |
SizeofData | 636 |
AddressOfRawData | 0x1690c |
PointerToRawData | 0x15b0c |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x418004 |
SEHandlerTable | 0x416900 |
SEHandlerCount | 3 |
XOR Key | 0x7f35f26c |
---|---|
Unmarked objects | 0 |
ASM objects (26213) | 9 |
C++ objects (26213) | 138 |
C objects (26213) | 18 |
ASM objects (24237) | 16 |
C++ objects (24237) | 29 |
C objects (24237) | 17 |
Imports (26213) | 7 |
Total imports | 97 |
C++ objects (24245) | 1 |
Linker (24245) | 1 |