Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Mar-20 06:48:23 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE is packed with UPX |
Unusual section name found: .upx0
Unusual section name found: .upx1 Unusual section name found: .upx2 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 16/70 (Scanned on 2024-04-25 06:21:36) |
APEX:
Malicious
Avira: HEUR/AGEN.1316159 Bkav: W64.AIDetectMalware Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS Elastic: malicious (high confidence) F-Secure: Heuristic.HEUR/AGEN.1316159 FireEye: Generic.mg.12c47860f91e8054 Google: Detected Ikarus: Trojan.Win64.Krypt Microsoft: Trojan:Win32/Wacatac.H!ml Sangfor: Trojan.Win32.Save.a SentinelOne: Static AI - Malicious PE Sophos: Generic ML PUA (PUA) Symantec: ML.Attribute.HighConfidence Trapmine: malicious.moderate.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2024-Mar-20 06:48:23 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x11000 |
SizeOfInitializedData | 0xd600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000007FB83B (Section: .upx2) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb2d000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
RtlCaptureContext
RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW WriteConsoleW RtlUnwindEx GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW EncodePointer RaiseException RtlPcToFileHeader GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW GetCommandLineA GetCommandLineW HeapAlloc HeapFree FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW GetFileType GetFileSizeEx SetFilePointerEx FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW GetProcessHeap FlushFileBuffers GetConsoleOutputCP GetConsoleMode HeapSize HeapReAlloc CloseHandle ReadFile ReadConsoleW CreateFileW RtlUnwind |
---|---|
KERNEL32.dll (#2) |
RtlCaptureContext
RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW WriteConsoleW RtlUnwindEx GetLastError SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW EncodePointer RaiseException RtlPcToFileHeader GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW GetCommandLineA GetCommandLineW HeapAlloc HeapFree FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW GetFileType GetFileSizeEx SetFilePointerEx FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW GetProcessHeap FlushFileBuffers GetConsoleOutputCP GetConsoleMode HeapSize HeapReAlloc CloseHandle ReadFile ReadConsoleW CreateFileW RtlUnwind |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14001c040 |