f9ac6b16273556b3a57bf2c6d7e7db97

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2007-Nov-18 17:00:18
Detected languages English - United States
Hungarian - Hungary

Plugin Output

Suspicious PEiD Signature: kkrunchy 0.23 alpha -> Ryd
kkrunchy -> Ryd
kkrunchy V0.2X -> Ryd ! Sign by fly
Suspicious The PE is packed with kkrunchy Unusual section name found: kkrunchy
Section kkrunchy is both writable and executable.
The PE only has 2 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 14/65 (Scanned on 2017-09-08 04:52:32) Cylance: Unsafe
Zillya: Trojan.Cryptodef.Win32.1701
Comodo: Heur.Packed.Unknown
VIPRE: Packed.Win32.Krunchy (v)
Invincea: heuristic
SentinelOne: static engine - malicious
Webroot: W32.Malware.Gen
Antiy-AVL: Trojan/Win32.AGeneric
Endgame: malicious (high confidence)
AVware: Packed.Win32.Krunchy (v)
WhiteArmor: Malware.HighConfidence
Rising: Malware.Heuristic!ET#99% (rdm+)
Yandex: Trojan.Orsam!IBkEEtDFFeM
CrowdStrike: malicious_confidence_90% (W)

Hashes

MD5 f9ac6b16273556b3a57bf2c6d7e7db97
SHA1 8f6942cf31c97fe821d0ccd3a5c1790d9669e95d
SHA256 74e9a296d1b1c7ec27dcca35961d3563779c48cd8163a6ec00fa19aff17a6ed0
SHA3 20c64b06833ed8f1d454e878bb521a943666771098fe70b7b4fc02c58e41068f
SSDeep 1536:4Fnw75foHUVexZjhM7/py7nYV7S8B2+3W+b:4VQ5eOev6pnjB28
Imports Hash 87bed5a7cba00c7e1f4015f1bdae2183

DOS Header

e_magic MZ
e_cblp 0x6f63
e_cp 0x736e
e_crlc 0x6970
e_cparhdr 0x6172
e_minalloc 0x7963
e_maxalloc 0x4550
e_ss 0
e_sp 0x14c
e_csum 0x1
e_ip 0x6fa2
e_cs 0x4740
e_ovno 0
e_oemid 0x10b
e_oeminfo 0x6
e_lfanew 0xc

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 1
TimeDateStamp 2007-Nov-18 17:00:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x15000
SizeOfInitializedData 0xc1000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000EFDA (Section: kkrunchy)
BaseOfCode 0x1000
BaseOfData 0xc
ImageBase 0x8d0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x11d000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

kkrunchy

MD5 67a3c84a7a41083bd3e3599b18a9a11d
SHA1 9ea6402502e78f5d6fa06d68e35596dd8628bc02
SHA256 c07ba83efd581e6b14e68725cdb7fa98e48d4546f29a1b1c870f61a03a50ad72
SHA3 0e71a689de462b0caf84ce7df925bec065be4c30bafa428c36e2c576dbd7603c
VirtualSize 0x11b11b
VirtualAddress 0x1000
SizeOfRawData 0xf000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.85782

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.11667
MD5 990fbc159a40176368bad3566d837e73
SHA1 1c494bc26a8db6ed9e5c40713934e5b9eb84ad4a
SHA256 1d6325ed6c89a1b82558f2232d76f1b3080cfc69d7f32283ec86dfad7913b3af
SHA3 7246188fac74faf258cfa73fca3ee0116ac42f23e486fc0955d4e6d5c374b843

101

Type RT_DIALOG
Language Hungarian - Hungary
Codepage UNKNOWN
Size 0x22e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

107

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 6f191f45d2ea96b2d22e9eafa1a55bd7
SHA1 aa9a0930cb6ae38dd9645dbd2e85cf3796ed2977
SHA256 f01c223e6cf0e0f5c1d990ad720488af398180adb1b92e61c2144cf11d3130f8
SHA3 ab7f66f51b1cb5a30df00c2674a3a04e8323578947f36708e2e82dd5d04f0416

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Resource is empty!
<-- -->