f0a0d6f098b381bbc8c3b48cd0d8f88f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Jul-27 12:06:01
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
MASM/TASM - sig2(h)
Info Interesting strings found in the binary: Contains domain names:
  • https://www.linkedin.com
  • https://www.linkedin.com/in/reha-yilmazlar/
  • linkedin.com
  • www.linkedin.com
Suspicious The PE is possibly packed. The PE only has 9 import(s).
Malicious VirusTotal score: 4/71 (Scanned on 2022-11-13 14:34:12) Bkav: W32.AIDetect.malware2
APEX: Malicious
Trapmine: malicious.moderate.ml.score
Cynet: Malicious (score: 100)

Hashes

MD5 f0a0d6f098b381bbc8c3b48cd0d8f88f
SHA1 381e8d852f48413e4dc89f572e554445871b7700
SHA256 7ab741b5c536b32def7a70b8a3b03b413ce1210a21f5ac97c8231b87ac1b5bee
SHA3 34bfa30815b7ad454e20586e5aceb2a865ac3416a8238c5489a99cd4bdd6c618
SSDeep 96:36Zi4dnOvUXmj4pPYaaaaaZggxaaaaajlEZ1Z8mwp:OOMiggg0lEZf
Imports Hash a693b0a4006ab57574bf126f4b8d1320

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2022-Jul-27 12:06:01
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x400
SizeOfInitializedData 0x1800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 4.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0xc353
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8c4a15827800f45f172366863079b949
SHA1 a2b343c7bb382ce80d8cde45144e8c440fd34449
SHA256 cad349279f79c5987db7ef6ca7276d8a8bdb28cd37a5ee5ff677111688d5cd33
SHA3 7e0407b39a537db48c31b2547b1f5aa9a1acee143ab7bbc6356954391355c33d
VirtualSize 0x23e
VirtualAddress 0x1000
SizeOfRawData 0x400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.71756

.rdata

MD5 658f89bab593a01c33588e20a4057667
SHA1 4fbfd0057a857f8eaf357bcd90c01a77da907b90
SHA256 bfff17afdb631cd76f1fd2f735e920a33647980d04a9f60407705ab056adc9ae
SHA3 bf4f3431d8a184d0cba13461954c1eb787bf5e8e7b63f8078435ce5702843ee3
VirtualSize 0x16a
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.22737

.data

MD5 6cf524ce853e237ea77a88ca6869b3a6
SHA1 5226f54ed7fa34de79023e51ef6c8658dd9701e8
SHA256 dd580e48cd219669c9b6d3db4b1b16894d47f54a2a309c40a14fa735ccbe6594
SHA3 da049ff727a553e5472802c6f9de0e64db090246c843e8a6b90a481750e9477d
VirtualSize 0x18c
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.59374

.rsrc

MD5 04d96ae778afd2cd395798e2ed365450
SHA1 9e987378de4f2d914c87c1e922b962ea74f8e9a6
SHA256 1af49e7740373d7007c250b44c735dc51fb379f73ab27b5ade04b337c8b41f30
SHA3 343515ce8c943c57cf0fe6a6286f2deeacd34d309c3ce08d6834c4742337260a
VirtualSize 0x1330
VirtualAddress 0x4000
SizeOfRawData 0x1400
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.12825

Imports

kernel32.dll GetModuleHandleA
ExitProcess
user32.dll EndDialog
MessageBoxA
SendMessageA
DialogBoxParamA
LoadIconA
GetDlgItemTextA
comctl32.dll InitCommonControls

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.34105
MD5 83be608738c56e4a2a020282cb8b448a
SHA1 1b72986a1aea5a62aa10b8538f139fb25df0659d
SHA256 eaf5ad1b317fe52043e112f0d9f009c1a5dd6fae5d64f1025d853b1e0696aca9
SHA3 28dfc47e527e7d71899ff833984162bd1f0868decf3b5f62d93eb32674d06924

101

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x17a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19559
MD5 5e2fdae83ffe843269cb70c9ec4d8d9b
SHA1 e0ad85dded1bf3a6c76baa0e908b87a1ee320426
SHA256 55f0bde1a0e0fb3c402c0a1fbb312798f0fe2f10c523116c99dfcaa7dc221967
SHA3 a91ce82c64a906d7e8cc122aac3754717451adfa452cfd2eda1d238f80fbe172

100

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.7815
Detected Filetype Icon file
MD5 3c68f77c35c26ff079a1c410ee44fa62
SHA1 0b40150c95fc2c6414c90d44ee78b8d8814b3393
SHA256 a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0
SHA3 590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xa80d83ba
Unmarked objects 0
19 (8078) 16
18 (8444) 1
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->