ee4804677eaf5c76511bd843178691ec

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jan-19 18:47:21
Debug artifacts C:\Users\sh\documents\visual studio 2015\Projects\Axees\Axees\obj\Release\Axees.pdb
Comments Console Window Host
CompanyName
FileDescription confhost
FileVersion 1.0.0.0
InternalName Axees.exe
LegalCopyright Copyright © 2017
LegalTrademarks
OriginalFilename Axees.exe
ProductName
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • Programs\StartUp
Malicious VirusTotal score: 9/67 (Scanned on 2018-01-14 17:37:10) Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9959
TrendMicro-HouseCall: Suspicious_GEN.F47V0102
Tencent: Win32.Trojan.Spy.Amce
Emsisoft: Trojan.Keylogger (A)
Avira: TR/Spy.Gen
AegisLab: Troj.Spy.Gen!c
Ikarus: Trojan.Spy
Cybereason: malicious.637573
CrowdStrike: malicious_confidence_100% (W)

Hashes

MD5 ee4804677eaf5c76511bd843178691ec
SHA1 203650963757313023db3c4266489426f2c3b9e3
SHA256 85e58a8d1a1ec7ece3c83fd11c1ddf918d662dd7f0ae2199c9d4e0f31385b64b
SHA3 b35eec8a84c2f5615b0b9421922fbb072402ed54dff96333eca0a0aeaeb16b4d
SSDeep 192:6VK0JwO8y1C7EteGap9QKy9k6zk4WzfiK8stYcF0Kc03KY:CzwRy1qGapWKy9J6riKptYcF0Kc03K
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Jan-19 18:47:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x1c00
SizeOfInitializedData 0x1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00003A4E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d5365bb85603254c09b698f6058a817d
SHA1 fe1c309a28e8358ba6d4d79068194012ef0af18d
SHA256 e2f211e09021aba2cd450fe9d1d0f0dddcb0aef9b4cf3ecaf987e1b68257b469
SHA3 5dc8ccbaab349844d944034ff9801d8d6c4d9cfa888db27fa9ff49078000c06c
VirtualSize 0x1a54
VirtualAddress 0x2000
SizeOfRawData 0x1c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.15422

.rsrc

MD5 b4985de8df5b10164d2d74f0ebb56ff0
SHA1 6692a307e4eaf832615e29f72e9ebc1a54b74d84
SHA256 343c6637e430e078a85ea64e1567ec27ae4c822d0312091723970c69fbb6c1ef
SHA3 8cc6e7b3473216177fba04ebf9719d9229cbdc57b04d6d255f07d58dac370106
VirtualSize 0x1020
VirtualAddress 0x4000
SizeOfRawData 0x1200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7621

.reloc

MD5 b87a985be2149fe920e4e22543f2d2e4
SHA1 43d4536c7e04fca22ed8cbd74766c2225e7ad99f
SHA256 ba23c143832eed1157b6de7ad61388c43e7f2b40583df66bdf0afc3530f09fb4
SHA3 c1a6efc05c138240fbb4258ea0817540e4e6b408065dd08a503ca60492c83b93
VirtualSize 0xc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x320
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28377
MD5 71da504cb6f13835253d6107c05e916c
SHA1 4ba47c74465ad5d6dce9affe8590516a630b5aab
SHA256 701d810bf1ba9c654124479fb55a06a447349c5c4743874786cf8f2bf4e1affa
SHA3 33d4eb59e688475a97c14253dce2f4e9527fdbd67068981a6ff5b003ab2e6005

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xc5b
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00684
MD5 49278a34b5990f1d5a6c94a998a49f47
SHA1 b70474c513b42820f00f95ae3db8cbaf00d45acc
SHA256 51ac86fb532fb5883231be4ef7538255e6875d63fa62c8035d72f4d65c0ec114
SHA3 459a18c96cfb740f79e79ca5b205bb8ed0ae8569ec2196922c7ea0bb308953f5

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Console Window Host
CompanyName
FileDescription confhost
FileVersion (#2) 1.0.0.0
InternalName Axees.exe
LegalCopyright Copyright © 2017
LegalTrademarks
OriginalFilename Axees.exe
ProductName
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Jan-19 18:47:21
Version 0.0
SizeofData 284
AddressOfRawData 0x38e0
PointerToRawData 0x1ae0
Referenced File C:\Users\sh\documents\visual studio 2015\Projects\Axees\Axees\obj\Release\Axees.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->