f1a8cce5f97ca84013a322c27af8cf64

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jan-14 21:27:15
Comments My Love Details
CompanyName My Love Details
FileDescription My Love
FileVersion 0.0.0.0
InternalName Folder+.exe
LegalCopyright Copyright My Love Details 2016
LegalTrademarks My Love Details
OriginalFilename Folder+.exe
ProductName My Love Details
ProductVersion 0.0.0.0
Assembly Version 0.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious The file contains overlay data. 1000 bytes of data starting at offset 0xcbe48.
Info The PE is digitally signed. Signer: My Love
Issuer: My Love
Malicious VirusTotal score: 43/66 (Scanned on 2019-07-23 09:16:18) MicroWorld-eScan: Trojan.GenericKD.40996453
FireEye: Generic.mg.f1a8cce5f97ca840
CAT-QuickHeal: TrojanDropper.MSIL
ALYac: Trojan.GenericKD.40996453
Cylance: Unsafe
K7AntiVirus: Trojan ( 005467131 )
BitDefender: Trojan.GenericKD.40996453
K7GW: Trojan ( 005467131 )
Cybereason: malicious.5f97ca
Arcabit: Trojan.Generic.D2718E65
Cyren: W32/Trojan.LANV-0725
ESET-NOD32: MSIL/Agent.BTZ
Paloalto: generic.ml
GData: Trojan.GenericKD.40996453
Kaspersky: HEUR:Trojan-Dropper.MSIL.Scrop.gen
Alibaba: TrojanDropper:MSIL/Scrop.05217374
NANO-Antivirus: Trojan.Win32.Mlw.fmresz
Avast: Win32:Trojan-gen
Tencent: Msil.Trojan-dropper.Scrop.Ecjw
Ad-Aware: Trojan.GenericKD.40996453
Sophos: Mal/Generic-S
Comodo: Malware@#1umamot7comtp
F-Secure: Trojan.TR/Dropper.Gen
Qihoo-360: Win32/Trojan.Dropper.a3f
Invincea: heuristic
McAfee-GW-Edition: Artemis!Trojan
Emsisoft: Trojan.GenericKD.40996453 (B)
SentinelOne: DFI - Malicious PE
Avira: TR/Dropper.Gen
Antiy-AVL: Trojan[Dropper]/MSIL.Scrop
Microsoft: Trojan:Win32/Occamy.C
Endgame: malicious (high confidence)
ZoneAlarm: HEUR:Trojan-Dropper.MSIL.Scrop.gen
McAfee: Artemis!F1A8CCE5F97C
MAX: malware (ai score=100)
Malwarebytes: Trojan.Dropper.MSIL
Yandex: Trojan.Agent!D32plSelmWM
Ikarus: Trojan.Dropper
eGambit: PE.Heur.InvalidSig
Fortinet: MSIL/Agent.BTZ!tr
AVG: Win32:Trojan-gen
Panda: Generic Malware
CrowdStrike: win/malicious_confidence_100% (D)

Hashes

MD5 f1a8cce5f97ca84013a322c27af8cf64
SHA1 4754a92c5fb46cc01036f104c9a29588499c55a5
SHA256 959e1a9b59901e1d2ef5e576a326eac6a06c869a2237f940cfe139669870295f
SHA3 c4d43390ff0830dcd7461858e6cef9f16b945ae59f6e3931554feefda203921d
SSDeep 12288:OQZw6b4b0/adpaq3mxE5IMHvp1BW8fkDdF2z:NkOu5VB1BWAXz
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Jan-14 21:27:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xb0000
SizeOfInitializedData 0x1a800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000B1E9E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xd0000
SizeOfHeaders 0x200
Checksum 0xd952e
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5e89cfdc558971ede381eeaca9eea7eb
SHA1 8500ac3b27b451416e4bbd806e7006d5b9303148
SHA256 5934ee7d9620e8338119ea54171c4ba311d2ead93e6ad0e30e9be848429ab9ae
SHA3 11712440936a07e86ddef1bf9f36da44d04ae32202d459b023a835e31f1290a4
VirtualSize 0xafea4
VirtualAddress 0x2000
SizeOfRawData 0xb0000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.63288

.rsrc

MD5 c86775a5e1301b9622476c4a0230f0eb
SHA1 d6042bbafae07d725dcb7dede6298f998527466b
SHA256 d4ef2382f9b13df2682e1e199d9abe1728d18b8c8625249d80f594306433c801
SHA3 8f9394be919c56a8fdf532ea7a0f18fb9d40c3952302f1f7d8ede2c9a7072e9b
VirtualSize 0x1a458
VirtualAddress 0xb2000
SizeOfRawData 0x1a600
PointerToRawData 0xb0200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.25607

.reloc

MD5 46493430eb99b3489dfe7466509a7683
SHA1 45ee93d474d82796f38b49fb790d3adcdf585e74
SHA256 4a8295ccea2e097c946318f8c7a78887d60af0cd850ed3092a15011e13879ec4
SHA3 bbb3c83798ff51153b0bea464c54e3430d2c0073a9e7792d3c477f7e7fdfb520
VirtualSize 0xc
VirtualAddress 0xce000
SizeOfRawData 0x200
PointerToRawData 0xca800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.63324
MD5 645f519c518ab353ee42100b9d6df3fc
SHA1 62f6e9f7a18f6467787cda0fe1f7652a870f5eaa
SHA256 694ac473aafea31c1a62f1cd83ce496a9c0b9b2342b05990fc006438583fd4e3
SHA3 fe564efa8b980985e4c7e4ab345e6e0a9f28b1f6b08d2c6b5c6b9129a0ddb118

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x9763
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98611
Detected Filetype PNG graphic file
MD5 029a01c2d18ab8c41b2eb02c92ae49ad
SHA1 385cff137f7ce07c67d94a395f54d9b331594585
SHA256 2381a9c3a68ceb4f05861a4ebb5c944ed4cb52ebd5e4addf3bf0fae916d740f9
SHA3 dcb870b14d344d0f31bc3e3eb9d83e8e8cc1a917055074f121f46fee31f2bee8

A

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.19569
Detected Filetype Icon file
MD5 13849ec20d5acfc45947ec353aafe752
SHA1 32ed5a08301c2266053e471a7ae6c729fdb71d5d
SHA256 d46c39b4b8fceda0a3bec98f4a7ce7535d5c2c1912c544a58f8a59bacf401039
SHA3 602b2088129ceb6cfbc25c7dd0129bc97642ffb9decd11b902bb758c54d124e9

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x38c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31313
MD5 0d415877bd03ebfad2bf107ba9b2311d
SHA1 5ec912d97efdac2a65b97fcfa8734ecc436a6f16
SHA256 59b7d564db0a944ff970654e07dbd926a01d73ffef199d726a282c9b13065a2f
SHA3 023db56ed76987bf77d345d59a9fdce55174c8c7d76a242a6ac2d05382c90a5f

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments My Love Details
CompanyName My Love Details
FileDescription My Love
FileVersion (#2) 0.0.0.0
InternalName Folder+.exe
LegalCopyright Copyright My Love Details 2016
LegalTrademarks My Love Details
OriginalFilename Folder+.exe
ProductName My Love Details
ProductVersion (#2) 0.0.0.0
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors