e9bb3fe97866e2f2ced28ca8004ce1d1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 7/66 (Scanned on 2022-01-14 15:01:01) Cynet: Malicious (score: 100)
APEX: Malicious
Rising: Ransom.PornoAsset!8.6AA (CLOUD)
McAfee-GW-Edition: BehavesLike.Win64.Trickbot.vc
Antiy-AVL: Trojan/Generic.ASBOL.C5E3
Malwarebytes: Malware.AI.2821123881
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 e9bb3fe97866e2f2ced28ca8004ce1d1
SHA1 fba06994a1a0eda3d0de8a9a8d891a36a76ee779
SHA256 354c078ec9dfcb2172c4e12da35df29984f6b63b6414103b0548d1b26e17c49c
SHA3 23239cc675a42c8a2f23ae9f58517912346bcf2331e7cdb3f92cca58a056f1c6
SSDeep 49152:dTeW5wXcLmP3xaYnM/VmdeAqOreCCqZGOVEU6RtkYm89aLFDgeTz2kNyMdGAIxZ:tb5acLG3cYnM/Qp/lGjUsb9apDggKkN
Imports Hash 6ed4f5f04d62b18d96b26d6db7c18840

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x6d6000
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x2dd000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x422000
AddressOfEntryPoint 0x00000000006FF7C0 (Section: UPX1)
BaseOfCode 0x423000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x701000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x422000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 9f06e7d416f988bfdba0b5188bf6f2d1
SHA1 e6703709eb1c267bf2b5c9418803dac988881c19
SHA256 df62f7bf0e1b256b9d4f7da604338fc642ab89b5132deff6897024fdd002ffbd
SHA3 88357fcb2599d39db24515deb791bdbeb8928039d348b5a08d14e69cc5aeac57
VirtualSize 0x2dd000
VirtualAddress 0x423000
SizeOfRawData 0x2dca00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.88836

UPX2

MD5 1efce85efe893427d7b812fb7786c09d
SHA1 6144f742137bc36adedac4e4db80af9a7f8c2c8c
SHA256 270355abd01b2b94f0dcab35b016e31527015004454bc3f3494ca2e50e56a45f
SHA3 d629f6fdd57940dd773f0ebd16146ff89dc64fe03cd057d6f22d6cb4778947ec
VirtualSize 0x1000
VirtualAddress 0x700000
SizeOfRawData 0x200
PointerToRawData 0x2dcc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.28263

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->