| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 91.7969% of the executable.
|
| Suspicious |
VirusTotal score: 2/70 (Scanned on 2019-02-01 10:13:46) |
Cylance:
Unsafe
Jiangmin:
Trojan.Heur.aom
|
| MD5 |
f071ca9204e5d46bcb9f3574aab924a6
|
| SHA1 |
b81446a3b4bc8af39cdee5f03c3f0fc1106273a9
|
| SHA256 |
7728a57be48c9572eddf3fa724cd4c735b60178c5f2368e7a709900fea70960d
|
| SHA3 |
fc07fd16ad6076162ee0743382c8a6ece5f6e950b857cce9871374fb88681df3
|
| SSDeep |
3072:ppAZAszjnmQOZgYzmaIu/yB4v0NNCrfMEZfgjzgen:XAZAsoZgYzmaIu6B4nbM8fg42
|
| Imports Hash |
99c7d7362e48495cd32aa3eca4b48100
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
8
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1c00
|
| SizeOfInitializedData |
0x2f000
|
| SizeOfUninitializedData |
0x600
|
| AddressOfEntryPoint |
0x000014C0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x3000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x35000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x22d5a
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
755d2db4e20f70a564950a332b8ae7b0
|
| SHA1 |
424187df4e7ded8702612d01d551b972437230c0
|
| SHA256 |
77c589de2443149df5d0829c9c42c6ac5b37f3ff6bae0040896b64933cd54337
|
| SHA3 |
fa4c74ff8405e9ea3788b968353dfb0437cb4ef795ea039b9e3a898e156d6e25
|
| VirtualSize |
0x1ba4
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1c00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.95228
|
| MD5 |
9854a3d458f5ccae16ca4f8702c438a8
|
| SHA1 |
c42c407c6fb5d80ca120b5feb152049f94601266
|
| SHA256 |
f82940b8977fa962e6d9d9ed030b239ecae3575b7a43c7aaf11f20f7d90fa00a
|
| SHA3 |
8e51cc34ee4ff9786936887728f386410c16b41197caa59d83f6102f417e708b
|
| VirtualSize |
0x30
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.536302
|
| MD5 |
64c52704d1d0ee36a4a008234112795c
|
| SHA1 |
dab215f0a0e55b50bc56688724f7f9e6148f01a9
|
| SHA256 |
580964579b22d38fb771c6c3030bec0fdadb491b4eff1feec25e92fd41140adf
|
| SHA3 |
28cf8047035c33fe74c74b1fa0b4726cf334718c3666769b1eccc86d1c509872
|
| VirtualSize |
0x57c
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.60896
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x450
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
53dff3479068b5080313dcc028f1869b
|
| SHA1 |
b5d23468f5a74a64c808d3122c9fd6c62b79680a
|
| SHA256 |
97da04bfa52aebd5c9a3e58eb8cbaef9b9d669cc0404d841b2629b0038c00881
|
| SHA3 |
74c932cd1c959ce60acd1456a38ca2632c1a692d484cdf4f7b7771bdfc246f83
|
| VirtualSize |
0x68c
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.03385
|
| MD5 |
033d761f8a37ebb9f2c04b21e824d0c0
|
| SHA1 |
54a603f3a9ecd11654f077ffc99a3a7a29fdff0c
|
| SHA256 |
a26939ddaf9c20af5f6ff7f7db5014e83ad8a1497cade33307e8d7148986c303
|
| SHA3 |
9ba0d6c4dea7524728cc0c2c40e80011cb5f7f73983cca4786a386fffdd022ee
|
| VirtualSize |
0x34
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.267208
|
| MD5 |
f1db91b86ca0c56dfcbb593282af3f7b
|
| SHA1 |
8bdd29cb91729b0044df1aca9fd0c934961a6c6f
|
| SHA256 |
bd4a931d3d6593020d5d50934fcd5c631399ec99b07cccb1b7babf9c8ed20dbc
|
| SHA3 |
78ff7fe0edbcafde750bb5253f7e9cc172051e31617bc1ba6090230c13b83bf5
|
| VirtualSize |
0x20
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.204488
|
| MD5 |
cb8d6cdc95dafde59a570046847111e0
|
| SHA1 |
9ef08e1ffa0e49a6825debe6cc652200a8d2817f
|
| SHA256 |
ddc4aa315dd1815dcfa94cd2169ce47eb27ce5513048c03d161641b1c7383855
|
| SHA3 |
4773df14a4cb25727b66255c140bbbc1e566b6a82d625cdb3e242d86c22da007
|
| VirtualSize |
0x2c000
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x2c000
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.91754
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
_wexecv
abort
vfprintf
wcscat
wcscpy
wcslen
wprintf
_wcsdup
|
| USER32.dll |
MessageBoxW
wsprintfW
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x2b5e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.87035
|
| MD5 |
33642c314171026fec0cb29882bcb60a
|
| SHA1 |
ab0c27a2d776d23bd99a74942cf7012861f15098
|
| SHA256 |
4ee8c7fb392fc333b31b701084b0064d27a8ecd03d8ca82e8be170aa4b289c96
|
| SHA3 |
fcb5c1b10a429ec6f7627638ac40e76650472d8dac64e448467e6af8da1648a1
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.26096
|
| Detected Filetype |
Icon file
|
| MD5 |
ffcf5fd79ada3ff17b95b0f07ffc291c
|
| SHA1 |
b9cfe2b67c4e2eaf284970e7b1320728a4c6a4f3
|
| SHA256 |
bb9f6d77de3ca77a9688a4be97412eb683d50fa8f474bbecb27c096a0851c3ff
|
| SHA3 |
4fe9d5673e277db864632f52a21a98fde380f50221df429fac76e74f5e042202
|
| StartAddressOfRawData |
0x408000
|
| EndAddressOfRawData |
0x40801c
|
| AddressOfIndex |
0x40502c
|
| AddressOfCallbacks |
0x407020
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00401940
0x004018F0
|
[*] Warning: Section .bss has a size of 0!
f071ca9204e5d46bcb9f3574aab924a6