ee4804677eaf5c76511bd843178691ec

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jan-19 18:47:21
Debug artifacts C:\Users\sh\documents\visual studio 2015\Projects\Axees\Axees\obj\Release\Axees.pdb
Comments Console Window Host
CompanyName
FileDescription confhost
FileVersion 1.0.0.0
InternalName Axees.exe
LegalCopyright Copyright © 2017
LegalTrademarks
OriginalFilename Axees.exe
ProductName
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • Programs\StartUp
Malicious VirusTotal score: 4/66 (Scanned on 2017-12-30 12:37:48) Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9959
Avira: TR/Spy.Gen
Cybereason: malicious.637573
CrowdStrike: malicious_confidence_100% (D)

Hashes

MD5 ee4804677eaf5c76511bd843178691ec
SHA1 203650963757313023db3c4266489426f2c3b9e3
SHA256 85e58a8d1a1ec7ece3c83fd11c1ddf918d662dd7f0ae2199c9d4e0f31385b64b
SHA3 fdc226941c540d0341a02508f7cbd884ae7919e407431d25ed9fdb0463b709a5
SSDeep 192:6VK0JwO8y1C7EteGap9QKy9k6zk4WzfiK8stYcF0Kc03KY:CzwRy1qGapWKy9J6riKptYcF0Kc03K
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Jan-19 18:47:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x1c00
SizeOfInitializedData 0x1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x3a4e (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d5365bb85603254c09b698f6058a817d
SHA1 fe1c309a28e8358ba6d4d79068194012ef0af18d
SHA256 e2f211e09021aba2cd450fe9d1d0f0dddcb0aef9b4cf3ecaf987e1b68257b469
SHA3 059f55da3708c7c5d4373186dd6bc94a2b267c2a5d22c516a182fb2837c1e419
VirtualSize 0x1a54
VirtualAddress 0x2000
SizeOfRawData 0x1c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.15422

.rsrc

MD5 b4985de8df5b10164d2d74f0ebb56ff0
SHA1 6692a307e4eaf832615e29f72e9ebc1a54b74d84
SHA256 343c6637e430e078a85ea64e1567ec27ae4c822d0312091723970c69fbb6c1ef
SHA3 0d5acfdc94e3db8525c5cdcd93a78a7907e9da0e4df7565f248544476f104132
VirtualSize 0x1020
VirtualAddress 0x4000
SizeOfRawData 0x1200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7621

.reloc

MD5 b87a985be2149fe920e4e22543f2d2e4
SHA1 43d4536c7e04fca22ed8cbd74766c2225e7ad99f
SHA256 ba23c143832eed1157b6de7ad61388c43e7f2b40583df66bdf0afc3530f09fb4
SHA3 803ddbe0a11a4758a7423d1f99ae63a135339a985b338c4b642b44334e3207fd
VirtualSize 0xc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x320
Entropy 3.28377
MD5 71da504cb6f13835253d6107c05e916c
SHA1 4ba47c74465ad5d6dce9affe8590516a630b5aab
SHA256 701d810bf1ba9c654124479fb55a06a447349c5c4743874786cf8f2bf4e1affa
SHA3 3d1d26fa47f802fdcf76d50a9fe2469490026d1d0db0c7029ecec6a456f0ffc1

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xc5b
Entropy 5.00684
MD5 49278a34b5990f1d5a6c94a998a49f47
SHA1 b70474c513b42820f00f95ae3db8cbaf00d45acc
SHA256 51ac86fb532fb5883231be4ef7538255e6875d63fa62c8035d72f4d65c0ec114
SHA3 42573b9a86bb7ef7fea3db0fec02a51a032b804a0c1a8f9c826c01e38999f80e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Console Window Host
CompanyName
FileDescription confhost
FileVersion (#2) 1.0.0.0
InternalName Axees.exe
LegalCopyright Copyright © 2017
LegalTrademarks
OriginalFilename Axees.exe
ProductName
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Jan-19 18:47:21
Version 0.0
SizeofData 284
AddressOfRawData 0x38e0
PointerToRawData 0x1ae0
Referenced File C:\Users\sh\documents\visual studio 2015\Projects\Axees\Axees\obj\Release\Axees.pdb

TLS Callbacks

Load Configuration

Errors