Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2019-Dec-02 23:39:58
|
Detected languages |
English - United States
|
Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 9 import(s).
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Queries user information on remote machines:
|
Info |
The PE's resources present abnormal characteristics. |
Resource 4081 is possibly compressed or encrypted.
Resource 4084 is possibly compressed or encrypted.
Resource 4085 is possibly compressed or encrypted.
Resource 4086 is possibly compressed or encrypted.
Resource 4087 is possibly compressed or encrypted.
Resource 4088 is possibly compressed or encrypted.
Resource 4089 is possibly compressed or encrypted.
Resource PACKAGEINFO is possibly compressed or encrypted.
The binary may have been compiled on a machine in the UTC+1 timezone.
|
Malicious |
VirusTotal score: 4/66 (Scanned on 2021-11-25 00:55:41) |
McAfee-GW-Edition:
BehavesLike.Win64.Generic.gc
MaxSecure:
Trojan.Malware.300983.susgen
Antiy-AVL:
Trojan/Generic.ASBOL.C5E3
APEX:
Malicious
|
MD5 |
fad6501d34d4e0fd7befe87b13db23bf
|
SHA1 |
15626dc498f5a92b4a0f2862560b93e04a4203a5
|
SHA256 |
483122115113d6083eb5f633b36be2f0065e779e600c9c541c4a3b6dec29ec9f
|
SHA3 |
b480eee2fef53d399f9aff76f376bad23194d8117f1d4b18ffe0d1470622170c
|
SSDeep |
12288:6UDv4x7c5Addx6PtMaPAE/aHRJwy6kbgs80Q:6sv4lklXPhgRckbM0Q
|
Imports Hash |
304c965ac22a66c271e5a7e1749a8e2e
|
e_magic |
MZ
|
e_cblp |
0x50
|
e_cp |
0x2
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0xf
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0x1a
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
3
|
TimeDateStamp |
2019-Dec-02 23:39:58
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic |
PE32+
|
LinkerVersion |
8.2
|
SizeOfCode |
0x6b000
|
SizeOfInitializedData |
0x1000
|
SizeOfUninitializedData |
0x189000
|
AddressOfEntryPoint |
0x00000000001F4070 (Section: UPX1)
|
BaseOfCode |
0x18a000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.2
|
ImageVersion |
5.2
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x1f6000
|
SizeOfHeaders |
0x1000
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x4000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x2000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x189000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
4f34db9deb46f6f5d851fa5a49e3dec6
|
SHA1 |
191bc7ab98d5295f7ea9b60679ce3532bbba440d
|
SHA256 |
373cb5016f9d0e59225a8b28e04521b9edf53c6d0849ebdf77502241485455e3
|
SHA3 |
d8f06f4afaf3745fc54d77b2b11fd8fcbb971bbc875cf1e720f35d2e9d78bee2
|
VirtualSize |
0x6b000
|
VirtualAddress |
0x18a000
|
SizeOfRawData |
0x6a600
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.896
|
MD5 |
760a1e01c657e7d5e35aeb1003f40cc9
|
SHA1 |
6fe283c3c6ee77247cf6aaa8e65d7326f8939eb6
|
SHA256 |
9b2c7416781591a0342d2df583db5f81467c882f98676b1d628dc952b9de9a84
|
SHA3 |
603f8e3653471545195e24a6a4809e9401954b0671ad05cc6995f95716cfa6f8
|
VirtualSize |
0x1000
|
VirtualAddress |
0x1f5000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x6aa00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
2.78256
|
advapi32.dll |
RegLoadKeyW
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
netapi32.dll |
NetWkstaGetInfo
|
oleaut32.dll |
VariantCopy
|
user32.dll |
CharNextW
|
version.dll |
VerQueryValueW
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x21c
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.9162
|
MD5 |
ee4d8c4da5979063c1c60348fa664d06
|
SHA1 |
8b98f651c094c51add56d2aacf4f35b1b6e1c818
|
SHA256 |
7f22ece29a6e1a60a3f2cb8d50f92d301f6f2b95d12ca0d212e984d597b0af69
|
SHA3 |
bbec31bc47863cc2d56f34654c22de47656bdbcb6786c461047bb001e0f85a49
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x358
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.00729
|
MD5 |
6f106fdd7ef7f17ff01b5c80f1a3f17c
|
SHA1 |
6b4332bc4331fe224f19added0458c9b42c5ed00
|
SHA256 |
96580a3cab8422c1b82a96065f71a8374b288a82f4fca513900183af4c070360
|
SHA3 |
8207db2a4007b21bfcab9eef1165639bbd04ef17de5f9d27b930fe0551c6a018
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x394
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.99803
|
MD5 |
0aaa1156fb2a7c9ca5ebf8db52fcfe88
|
SHA1 |
4d5ff047012648214e609b6da10e721f939d5307
|
SHA256 |
12696dc5493ca5dc66e8f021ad966ab8204868fcedbbfd3b1318f311af894223
|
SHA3 |
ac61c49fb562534a8d493f7ae487bdc7dfd60366fd5d09f21bb7ea3d77d894a1
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x388
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.95682
|
MD5 |
ed6a670589d44e72bcc3cc9ebf4cf8ca
|
SHA1 |
3e5d67792d7feb9509b36cd18344c21e7a9c15cf
|
SHA256 |
da3e61d75927e4086a9a5bbdb1df570ec1fbd87dff1affa90c2ef11607f4886f
|
SHA3 |
8fb39c717e84f779bf2c65e19cf8e58e73c8682b666d2f7ce9ad352625609150
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x40c
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.0249
|
MD5 |
0775169ba20619ce1175917c458c02b0
|
SHA1 |
0dfe014c1f60b2a0c8ddcb7da873ee203c19f118
|
SHA256 |
deb949f50eb95fea253c658e80cff2a4ce5075e8ae793d9ca2303b4ba52ab07c
|
SHA3 |
fbad21d0864b6c0be5512b1ed486a690082f17c6642481bfa61657d6978b165a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x378
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.07191
|
MD5 |
b48ce2c1a0d2b462cd74f2fe61a2d8bd
|
SHA1 |
75cb17d16dc3f934532808c37161b6f2a17cae7a
|
SHA256 |
5262def54d5fc60f460be4759fdc00d02c97ebcd4c444a8f0c7ac6a480d4b79f
|
SHA3 |
a0e1a1b903a64eb2a74e6af0a9649bca0095adf285c1419d25921c19f22d4f1c
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x460
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.0324
|
MD5 |
f5ddf71fac234979768848361bd2fc74
|
SHA1 |
4cb2a6265caaf5bb01c1f4624664fd7f4b9b8a59
|
SHA256 |
2b976dcf5ce9c1e59d89a1293404aee19fd04769d37a5c322d24d83f78cda5b2
|
SHA3 |
765e6ed3980d01c08c138628a5e0914652d0b161fa9f7d657086bc01f6e61e95
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x4b4
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.09608
|
MD5 |
07db92b8c9a8b649a4307aede38bb1dc
|
SHA1 |
ef7ec8e0de6492379263f217ac31c3912a4cc599
|
SHA256 |
3df4d56807987f89d4587d5fe01d11465065371ffd938e26681b640854abd121
|
SHA3 |
fad1a85a787e6272647cee3d1e639da6bdef3712c8bca3304f0d7291df6fcd19
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x378
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.1191
|
MD5 |
9e99e91af1c340a2d2ea34b9b3cecb06
|
SHA1 |
a38ae079bb4b941b682691fc64239b802523086b
|
SHA256 |
71b4eb66d9a2fd8019a565eb9b46fddd6807b0734cfebed7b6a267fc86ff5309
|
SHA3 |
c6936deec6d38c41595ab0787da02ded03913608154d3f33b40d00c8858abfd2
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x440
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.02771
|
MD5 |
8e2aa2cfffe3376a2dc8fafe82107b1a
|
SHA1 |
1edb6fe1b22d7978577910d709304b9c3df2301b
|
SHA256 |
15eba31adcdc8eaa3873291afd67892bd2c75adc0a4114e345ec0c676d06ed5c
|
SHA3 |
3ce5390eb979e2b2137ff3985e1fe8e1b3b4dfa550753d2345b5206f9a7bc88f
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x1d0
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.68075
|
MD5 |
4ec01285659379e58f797b7208fb439d
|
SHA1 |
9e47545bb9b15c438bc9a6471e221760d0798624
|
SHA256 |
17a5c1605b435ba6c3f0d334da5c7fb8f9a1a2e9b5d65b76ea18dfbddfa7f189
|
SHA3 |
e4749e38e9fc98e1d54b62f0c36ee621e455ea8c57bb81fbccedd9a7b4f098d0
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0xcc
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.47443
|
MD5 |
f273d460224feb3f4ef1cd4a97f98009
|
SHA1 |
3c118b5b620e63318b7addf45b40083017587b51
|
SHA256 |
5810a11f9661b8d2523db6eb8b04634b819108bb39bcabab1bda6027e75a36b7
|
SHA3 |
5cc8eede2a427606225cb5120710bb467f9b7f931e280e2568d3e5030537bc44
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x17c
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.70938
|
MD5 |
0baaaee1ae51dfa54ae77c88aac2b034
|
SHA1 |
1ca387c5b6e0d69f064a9d467c8ef63bd3160633
|
SHA256 |
d07ff5a899adf04e499ecedc3e9d650c6aa82136bffad4f6dfc0131f35e3624d
|
SHA3 |
1da7c9485c49117fd1fa7e2cebe1e06a9a23a9b9805a3ef2bb78bcbb0b04ba70
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x384
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.96793
|
MD5 |
e66506cea8441b7a25e210967dbd38f3
|
SHA1 |
bfaff25de3bff29ad55f2bb93cdf15dac1de88a2
|
SHA256 |
127e2487bbe92030642a6423af1e652679846b9f76b323d1827c1e2fd9f9e889
|
SHA3 |
c945d55435f4783c4fba2ad66d83dba888cc99d805ccdcd9bdfbeefa9b0d790f
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x3e0
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.93944
|
MD5 |
11817f775977e035e665c82fb81008ff
|
SHA1 |
82b79481f935fd8ab4d5da8055ecd8a9b9b80243
|
SHA256 |
1e9cedcf1071159d9c620af520f61a90f9b7d53c9f1236b94b27cee5aed6dbc7
|
SHA3 |
0e58bad7267e35d4d6db3807683a97f7a70d73fcfebee214a7445ba275903749
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x368
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.92687
|
MD5 |
4826d164b8d25eef74de8918d189077c
|
SHA1 |
74eaead3f35aacd45ac9c7ed55ed46310f86e402
|
SHA256 |
acdd0fe4416d848db4a38ede0cd72ad28f65bdfb533d5be2917d954a030ed0d4
|
SHA3 |
41a515d997fddd08ee65d3bb34153280e0d521a71c36d1ce9ee623f65cf0d039
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x294
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
6.79214
|
MD5 |
f977d3de84d9de3f4b0334c124a0e0f2
|
SHA1 |
d93e0ecdcb3692b8eeda25d6fb2423a2baa66bce
|
SHA256 |
b270370745da61a6cbbb66add1b82467ae7953abab15634cc73b8c4a13062788
|
SHA3 |
1059dacc324833f56db21ffa8ca79fa5de50653765b424bdd40ae7d55ff9fd96
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x10
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
3.625
|
MD5 |
43afaaf17fb531ed761f02d4324bf08a
|
SHA1 |
91134faafe57a738909d3de7bc2d68943b911edc
|
SHA256 |
03a112268ba89c1bb616d5731d85097a215deb82c4d89d92da6a78d39da731ed
|
SHA3 |
32f30dc1b53b0da75f5aa7137acfa9d8159ae1994a184b81c559fdccd80b8f29
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x420
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
7.0322
|
MD5 |
2f7df09f2d9b2902a890075533ac4137
|
SHA1 |
3112355b1446fd8442558ce952da91df94419c74
|
SHA256 |
c23f888ccf29c6e3ec3f416001a8b814cb5478f71d3113c75fd2374980dab4d9
|
SHA3 |
7248c835adc5570320258337a68127f2ba8de926cb7d030bc00aa9638c716e5f
|
Type |
RT_RCDATA
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2
|
TimeDateStamp |
2019-Dec-03 00:40:00
|
Entropy |
1
|
MD5 |
d4d35b36c71cb59a527f085492a11e84
|
SHA1 |
b9f72d8bbe175c66ba22f772c9cfcf7e88e9aca1
|
SHA256 |
ec015eba2a8b7eb1b54494efff0bd58265c8fc7e355c3a0126fbec3489ea2922
|
SHA3 |
8c3c903324b2beac5354ce8c3a9db9bed0107905d62a56125a07c2efbca82598
|
[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: IMAGE_EXPORT_DIRECTORY field Characteristics is reserved and should be 0!
[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!