febf08bcdfeb3b1b91cafa3bbcf2dbcf35db4eb74993279e21b3d37f6980cc8e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2008-Oct-14 13:55:34

Plugin Output

Suspicious PEiD Signature: ASPack v2.12
Suspicious The PE is packed with Aspack or Armadillo Unusual section name found: .aspack
Unusual section name found: .adata
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 8/72 (Scanned on 2026-03-24 18:57:57) APEX: Malicious
Cylance: Unsafe
Cynet: Malicious (score: 100)
Elastic: malicious (moderate confidence)
Malwarebytes: Malware.Heuristic.2037
SentinelOne: Static AI - Suspicious PE
Trapmine: malicious.high.ml.score
VBA32: BScope.Trojan.Occamy

Hashes

MD5 125763f69098121fc0023426211a32f1
SHA1 7b4f5298a2fbf2e0a044a2919db1715e3e176d5f
SHA256 febf08bcdfeb3b1b91cafa3bbcf2dbcf35db4eb74993279e21b3d37f6980cc8e
SHA3 1a872181beac9b1f1956a77ea61caf995be0a3d995390ba7d7435eafe33711a3
SSDeep 384:iUZSWo3k5nu5EhurE2QKLrQKpF4MQG2D19vXBg226CtH5OR4AxYr6+29PfS7nd:LEx0u0d2BrQKpF4Mk19mDD1YjxPZCB
Imports Hash 24748ca76ac547f9773cd52fcf2a81bc

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2008-Oct-14 13:55:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x7000
SizeOfInitializedData 0x4000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000C001 (Section: .aspack)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xe000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f2897c868903feaa1e0e9a5ade0a863f
SHA1 bb4007e16a5820e625a38b5effab600d4783b91c
SHA256 e98e3bc9b84419fd6fcaf9ade9ed5db2b2b04aece4fe63423c50301bfa8b7e9b
SHA3 a8091b37535836def5414b6564922b5b25b79dc7f99d20ac08d7e54975294eee
VirtualSize 0x7000
VirtualAddress 0x1000
SizeOfRawData 0x4400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.92929

.rdata

MD5 def54eda99d246a7a609adbc576188a3
SHA1 8e51b31e3b9dcbc01989d7b9eb5dc0e1ebbfd697
SHA256 d5cc6f12ffa361484deffa155c9f16a8e495a05189830660e49a8d5c2f6014aa
SHA3 306f5c14a98dc56320b44698029fa0352e10cd87c5705e1287fb21e9224d4e4c
VirtualSize 0x2000
VirtualAddress 0x8000
SizeOfRawData 0xa00
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.73251

.data

MD5 3bd35c58aca01e7f94d60875936d9cfa
SHA1 682e1c19a805cf0c20f272173c1e7211c7a8e342
SHA256 9fa124cd2d6ed6b724f040cb1dc55c0921c5b59dfadd836ca7c9d51333ccb207
SHA3 75ac1eeafbc39f88f2583febf3625704cb5aa9263ef5b2634a78e65039c29051
VirtualSize 0x2000
VirtualAddress 0xa000
SizeOfRawData 0x400
PointerToRawData 0x5400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.06899

.aspack

MD5 2f7f5b2ba7253c3dfb7075c79068ba20
SHA1 06048a9b8dcb14febd8d8efe9bd6736ffc2d4e10
SHA256 cea9379cc5fb86862b1e2a1ef97ba5c9947d250b1727f05472df97684e25907b
SHA3 7ea6bea5e97de8ed154f0667bedd528103ca159eb69814f816b913b41c766fd5
VirtualSize 0x1000
VirtualAddress 0xc000
SizeOfRawData 0x1000
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.05157

.adata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0xd000
SizeOfRawData 0
PointerToRawData 0x6800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

kernel32.dll GetProcAddress
GetModuleHandleA
LoadLibraryA
wsock32.dll closesocket

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xc48654c
Unmarked objects 0
C objects (VS2003 (.NET) SP1 build 6030) 60
ASM objects (VS2003 (.NET) SP1 build 6030) 15
Imports (2179) 5
Total imports 68
C++ objects (VS2003 (.NET) SP1 build 6030) 15
Linker (VS2003 (.NET) SP1 build 6030) 1

Errors

[*] Warning: Section .adata has a size of 0!
Leave a comment

No comments yet.