f82d92979dd88d7443d8cd13c48f8508

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2099-Oct-18 00:32:21
Debug artifacts C:\Users\Dell\visualstudio\source\repos\RiseLauncher\RiseLauncher\obj\Release\RiseLauncher.pdb
Comments
CompanyName
FileDescription RiseLauncher
FileVersion 1.0.0.0
InternalName RiseLauncher.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename RiseLauncher.exe
ProductName RiseLauncher
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info Interesting strings found in the binary: Contains domain names:
  • https://client.craftrise.network
  • https://client.craftrise.network/api/launcher/hashs.php
Info The PE is digitally signed. Signer: \x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x00M\x00V\x00T\x00H\x001\x000\x00M\x00\\x00y\x00u\x00n\x00u\x00s
Issuer: \x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x00M\x00V\x00T\x00H\x001\x000\x00M\x00\\x00y\x00u\x00n\x00u\x00s
Malicious VirusTotal score: 5/67 (Scanned on 2020-09-17 20:13:08) CrowdStrike: win/malicious_confidence_60% (W)
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
SentinelOne: DFI - Malicious PE
Cybereason: malicious.d4fa9a

Hashes

MD5 f82d92979dd88d7443d8cd13c48f8508
SHA1 3d161dad4fa9a430633cecd94c42d63430abffae
SHA256 0c17dd44f1f445c273223d761e947950dc461ebede2b31748865f5d4c39f64a5
SHA3 6de4cbb23c4642fdbd9c9748d30f582cd68bd8e371f9d707fb53e2bbc9d05cce
SSDeep 12288:XWnIMFkL4Rtpmrc93BpzNK1xD6s4y2O1IwMDMVqfBdcmDBREAOi:FekkRrmrcdHzECs4y2OcMVqJdcrM
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2099-Oct-18 00:32:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0xbc800
SizeOfInitializedData 0x8800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000BE7BE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xcc000
SizeOfHeaders 0x200
Checksum 0xc8034
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e8a9b64823e9ef1091eb36cfe55fd782
SHA1 050de9491e300cd2de1caaa9ae472e92703ae4aa
SHA256 4de2573586dee0325e01a69bb9f34e2e3864cc8faa422e7e0bfce0673f7c7ac8
SHA3 e1a7df9df45103085ebec175d0f46ffbc2d8261f1b30bc73bcf74389a7faa707
VirtualSize 0xbc7c4
VirtualAddress 0x2000
SizeOfRawData 0xbc800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.98716

.rsrc

MD5 236cf043dcd34387bdda9a5371831f4a
SHA1 2f272acd83e7c83393e31c9a5e40cedb22a371ef
SHA256 17eaab0107ecfbbf48486c61d77505e92bd21437d6f3e121c174c22416f9ba9d
SHA3 2de39d0c332c75079696c79ad1e972c28d0fdd85f3b078e8f6a5a54cb764a67f
VirtualSize 0x8418
VirtualAddress 0xc0000
SizeOfRawData 0x8600
PointerToRawData 0xbca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.87335

.reloc

MD5 5e8775485205dcb508ff8c3b43a9aef2
SHA1 978299929ef37b68b6d6b9bbaa039fa3a8c60921
SHA256 b3fc01e7c158308b7d876db8013a9f4739ad3ff38a20f8b9e6ee087a525a7e7d
SHA3 144e2f922a96f9d16b4b8404724d78444679fa54b87651ce217c0fbed9db9d66
VirtualSize 0xc
VirtualAddress 0xca000
SizeOfRawData 0x200
PointerToRawData 0xc5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x7fdb
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.96891
Detected Filetype PNG graphic file
MD5 b0123442f46ee6d7129a9848eaf9d40d
SHA1 e317a3fbf8ec385e2fde93f8c90582befc1568b6
SHA256 bbe159cee6456eab5dc4ba5e5d1132cadbb9465f48ba1fb5f3a720e9fa116c5d
SHA3 923f895af7a7c1bbf043122ba8c8668af609edb80d42a489b048c14d3bce4091

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.51664
Detected Filetype Icon file
MD5 e7dd1ca12461a23cdc45022150dd2408
SHA1 dbe1ea9b3081ef133e661f6d090bab560d41b11f
SHA256 0672b4f74cc928a109f7b30b21cdf8ee10c11712a517f16ecf7ba63c6357dcc5
SHA3 ee160a9cf67533e84083cce7e2654a7113c6336f4fa9097f17816b8f232850c9

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x33c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25718
MD5 2928cfb2ffe3f45d0cb53b053d24cc7e
SHA1 031df8f3c3831031ef8ce763e8806cceab5071b0
SHA256 2c891bba4d490a666b81b05b96046ad765290fc4fac11ddb260367e058ec27e9
SHA3 83703887210efdfab860eae79554f68728af463936341680978c4a56f2b11e65

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription RiseLauncher
FileVersion (#2) 1.0.0.0
InternalName RiseLauncher.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename RiseLauncher.exe
ProductName RiseLauncher
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2099-Oct-18 00:32:21
Version 0.0
SizeofData 119
AddressOfRawData 0xbe6f4
PointerToRawData 0xbc8f4
Referenced File C:\Users\Dell\visualstudio\source\repos\RiseLauncher\RiseLauncher\obj\Release\RiseLauncher.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0xbc96b

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->