f99346cd02060b5c713271c593a016e1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2022-Jul-24 15:27:45
Detected languages English - United States

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains a XORed PE executable:
  • 98 a4 a5 bf ec bc be a3 ab be ad a1 ec af ad a2 a2 a3 b8 ec ...
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessA
Malicious VirusTotal score: 31/73 (Scanned on 2024-06-05 14:32:23) ALYac: Gen:Variant.Lazy.284735
APEX: Malicious
AVG: Win32:Malware-gen
Antiy-AVL: Trojan[Ransom]/Win32.Crypmod
Arcabit: Trojan.Lazy.D4583F
Avast: Win32:Malware-gen
BitDefender: Gen:Variant.Lazy.284735
Bkav: W64.AIDetectMalware
Cybereason: malicious.d02060
Cylance: Unsafe
DeepInstinct: MALICIOUS
Emsisoft: Gen:Variant.Lazy.284735 (B)
FireEye: Gen:Variant.Lazy.284735
Fortinet: W32/PossibleThreat
GData: Gen:Variant.Lazy.284735
Kaspersky: UDS:Trojan-Ransom.Win32.Crypmod.gen
Kingsoft: win32.troj.undef.a
Lionic: Trojan.Win32.Crypmod.4!c
MAX: malware (ai score=84)
MaxSecure: Trojan.Malware.300983.susgen
McAfee: Artemis!F99346CD0206
McAfeeD: ti!B51E22F97241
MicroWorld-eScan: Gen:Variant.Lazy.284735
Paloalto: generic.ml
Panda: Trj/RansomGen.A
Sangfor: Trojan.Win32.Agent.Vy7k
Skyhigh: Artemis
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
VIPRE: Gen:Variant.Lazy.284735
ZoneAlarm: UDS:Trojan-Ransom.Win32.Crypmod.gen

Hashes

MD5 f99346cd02060b5c713271c593a016e1
SHA1 ab1da4e1c0141c91db323a5b724159f1e661444c
SHA256 b51e22f97241d0709c7bba3a35490e17285e4b3479ddd918d960903777d0c32d
SHA3 167175f2673e2ed1e9286985022aa27b6ffd80e2094ffb505ccf180150ead8e2
SSDeep 384:aucz2wrBpqu3bdtjA1pQcBIF9S1wIdyv30A7htotSENN2JhqLJE4:aJh3bdhA1Y3Hv3zmDNwhqLG4
Imports Hash 6533f726c7fb14b59bec5a0cad278865

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2022-Jul-24 15:27:45
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2a00
SizeOfInitializedData 0x5800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002B50 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 380961079091f814f6326fd68c7c0173
SHA1 c7c3fd48f085cac9075ac93c2e02f95f7cb4de54
SHA256 4d598cf6155e6f41c8dae89f63d5be2e1b431a27be180b6bb7db38a5c09418cc
SHA3 12277c2aa6f1d3f6dc4353f007cd248018f3fa3aed13bb63f61a5bb1758d9ba0
VirtualSize 0x283e
VirtualAddress 0x1000
SizeOfRawData 0x2a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.52327

.rdata

MD5 ee62147bafd7d626a0551e8656a3da61
SHA1 9a18e3b2d5ddd898918fa48de6ef883f2e59e51f
SHA256 a3ddf8ae3cbbf1b933118ce15e16e61b24c906d14e979a0c93b71d3f7a2de002
SHA3 bc3e25e2f3b534a363e731b139f17876b5e36d24e6280bf0d9c4c89cb851f454
VirtualSize 0x1bfe
VirtualAddress 0x4000
SizeOfRawData 0x1c00
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.46895

.data

MD5 448b4be04c02b76c7c59f0f5d6305976
SHA1 e7378f58fed4029ce76e6fe0c2ffd39682f3daed
SHA256 5ddb097db5da465b2cbee0ddbfe475e0d9f951036bcd9c3bccb04a5bd26ea53e
SHA3 111a42e323a64346504576b549ffdaa9cb9ee278872506d4dd6e3b1c7f30ef24
VirtualSize 0x30d8
VirtualAddress 0x6000
SizeOfRawData 0x2c00
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.47579

.pdata

MD5 e3662701c4a00337772552378db50574
SHA1 cdf330239b6aa49036d8f582459a008e4c02151d
SHA256 602ef181e9a2dd499e8d9596400a9543a5b356e0f2b327847cae1236a7d892f9
SHA3 2f5bec9842f6c02ddf83baec45e1f878004dbb996a34dee629eb45d2dee22642
VirtualSize 0x450
VirtualAddress 0xa000
SizeOfRawData 0x600
PointerToRawData 0x7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.18208

.rsrc

MD5 ae46018e2eb1721187fc1aeee8663872
SHA1 bed55c6c4e207dfc859421b181d7e2e87adee5e7
SHA256 52107afac0fedd9b1320a4a153a8f9aea34925aa43b039839dedcf44e55843f6
SHA3 30588b77ae212fba5738bbf96aa465ab6e30cbb5c1aa0453ec285f01bb07ca46
VirtualSize 0x1e0
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x7c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 6be000eb886ceb6dd29f4f9a1c31c480
SHA1 5d3e256b1c2048579e1e7b2e04afe0f2438d9eef
SHA256 b8a47477a27c7bf1a962b97bf518096a634dfea9bbbe9fca187faf1fff6fc2bd
SHA3 e56a263a9b3c91d7d43000c3d3873e8954593e293af9b06260eb7f7c650438ed
VirtualSize 0x58
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.22629

Imports

KERNEL32.dll WaitForSingleObject
DeleteFileA
CloseHandle
CreateProcessA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext
MSVCP140.dll ?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?width@ios_base@std@@QEAA_J_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
memcpy
__std_exception_copy
memmove
memset
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0.dll fopen
fclose
__p__commode
_set_fmode
fwrite
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_c_exit
_invalid_parameter_noinfo_noreturn
_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
__p___argc
_initialize_narrow_environment
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
free
malloc
_callnewh
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Jul-24 15:27:45
Version 0.0
SizeofData 720
AddressOfRawData 0x4850
PointerToRawData 0x3650

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2022-Jul-24 15:27:45
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140006000

RICH Header

XOR Key 0xfeb7851b
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
C++ objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 25
C objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 10
ASM objects (VS2022 Update 2 (17.2.0-1) compiler 31328) 3
Imports (VS2022 Update 2 (17.2.0-1) compiler 31328) 6
Imports (27412) 3
Total imports 83
C++ objects (LTCG) (VS2022 Update 2 (17.2.5-6) compiler 31332) 1
Resource objects (VS2022 Update 2 (17.2.5-6) compiler 31332) 1
Linker (VS2022 Update 2 (17.2.5-6) compiler 31332) 1

Errors

<-- -->