b2658c43da03bf040076d62f9dab987c
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-Apr-19 17:02:43 |
| Detected languages |
English - United States
|
| CompanyName | Wise Apparatus Team |
| FileDescription | MPC-HC Setup by Wise Apparatus Team |
| FileVersion | 1.0.0.0 |
| LegalCopyright | Copyright 2002-2021 Wise Apparatus Team |
| ProductName | MPC-HC by Wise Apparatus Team |
| ProductVersion | 1.0.0.0 |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to AES Microsoft's Cryptography API |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Cyber Holding Partners LLC
Issuer: Sectigo Public Code Signing CA EV R36 |
| Malicious | VirusTotal score: 8/72 (Scanned on 2024-05-02 21:32:47) |
Bkav:
W32.Common.0377F168
Cylance: unsafe DeepInstinct: MALICIOUS Gridinsoft: Malware.Win32.Snackarcin.bot McAfee: Artemis!B2658C43DA03 Microsoft: PUADlManager:Win32/Snackarcin Skyhigh: Artemis Webroot: W32.Malware.Gen |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x120 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 7 |
| TimeDateStamp | 2024-Apr-19 17:02:43 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x6a9a00 |
| SizeOfInitializedData | 0x69000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00615810 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x6ab000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x717000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x16a163d |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.gfids
.tls
.rsrc
.reloc
Imports
| KERNEL32.dll |
SetUnhandledExceptionFilter
DuplicateHandle GetConsoleOutputCP GetCurrentProcess InterlockedPushEntrySList LocalFree GetCurrentThread SetPriorityClass GetCPInfo GetLogicalProcessorInformation CreateThread FreeLibraryAndExitThread GlobalAlloc ReadConsoleW GetLocaleInfoW UnregisterWait EnterCriticalSection FlushFileBuffers GetEnvironmentVariableA FileTimeToSystemTime DeleteTimerQueueTimer LoadLibraryExW FreeLibrary GetDriveTypeW HeapReAlloc VerSetConditionMask ExitThread RegisterWaitForSingleObject SetEvent GetModuleFileNameW RemoveDirectoryW IsValidLocale SwitchToThread CreateDirectoryW FormatMessageW GetCommandLineA ReleaseSemaphore TryEnterCriticalSection lstrlenA TlsSetValue InitializeCriticalSection GetFileSize TlsFree ChangeTimerQueueTimer GetFullPathNameW GetCurrentThreadId WriteFile GetModuleHandleA QueryPerformanceCounter WriteConsoleW GetVersionExW IsValidCodePage Sleep SystemTimeToTzSpecificLocalTime GetCommandLineW VirtualAlloc PeekNamedPipe GlobalUnlock GetLogicalDriveStringsW SetFilePointer UnhandledExceptionFilter SetStdHandle AcquireSRWLockExclusive GetFileAttributesExW GetTickCount64 CreateEventW CompareFileTime SetFilePointerEx DeleteCriticalSection RaiseException GetProcessHeap InterlockedFlushSList FindNextFileW LeaveCriticalSection WideCharToMultiByte GlobalLock FreeEnvironmentStringsW TerminateProcess GetThreadTimes SetEnvironmentVariableW GetSystemTimeAsFileTime VerifyVersionInfoW GetNumaHighestNodeNumber SleepEx TlsAlloc GetCurrentDirectoryW ResetEvent SignalObjectAndWait FileTimeToLocalFileTime GetConsoleMode EncodePointer FindFirstFileW InitializeSListHead SetEndOfFile InitializeCriticalSectionEx GlobalMemoryStatus GetDateFormatW InterlockedPopEntrySList CreateSemaphoreW SetLastError GetFileSizeEx GetVersion HeapSize FindFirstFileExW SetThreadAffinityMask IsProcessorFeaturePresent GetFileAttributesW CloseHandle DecodePointer SetFileAttributesW ExitProcess InitializeCriticalSectionAndSpinCount VirtualProtect LoadLibraryW GetOEMCP lstrcatA LCMapStringW GetProcAddress DeleteFileW GetModuleHandleExW QueryDepthSList GetCurrentProcessId GetACP GetThreadPriority EnumSystemLocalesW GetLastError FindClose GetStdHandle MultiByteToWideChar GetTimeFormatW GetSystemDirectoryW ReadFile GlobalFree WaitForMultipleObjects TlsGetValue GetSystemInfo CreateTimerQueue MoveFileW GetFileType GetFileInformationByHandle GetTimeZoneInformation GetStringTypeW CreateFileW GetModuleHandleW GetEnvironmentStringsW IsDebuggerPresent GetStartupInfoW SetThreadPriority HeapAlloc ReleaseSRWLockExclusive UnregisterWaitEx QueryPerformanceFrequency MoveFileExW RtlUnwind CompareStringW WaitForSingleObjectEx GetProcessAffinityMask SetFileTime GetTickCount WaitForSingleObject GetUserDefaultLCID CreateTimerQueueTimer HeapFree VirtualFree |
|---|---|
| USER32.dll |
GetParent
SetTimer MoveWindow CheckDlgButton GetKeyState ShowWindow CloseClipboard DialogBoxParamW GetMonitorInfoA GetWindowTextW GetWindowTextLengthW GetFocus GetWindowLongW SetWindowTextW SetFocus IsDlgButtonChecked LoadIconW SendMessageW GetWindowRect MessageBoxA EndDialog MonitorFromWindow InvalidateRect ScreenToClient CharUpperW wsprintfA PostMessageW KillTimer SetWindowLongW LoadStringW EmptyClipboard SetCursor SystemParametersInfoW EnableWindow SetDlgItemTextW OpenClipboard MessageBoxW LoadCursorW MapDialogRect SetClipboardData GetDlgItem |
| ADVAPI32.dll |
CryptGetHashParam
CryptHashData CloseServiceHandle CryptEncrypt CryptImportKey CryptDestroyHash CryptCreateHash CryptReleaseContext CryptAcquireContextW CryptDestroyKey |
| SHELL32.dll |
SHBrowseForFolderW
SHGetSpecialFolderPathW SHGetPathFromIDListW SHGetFileInfoW |
| ole32.dll |
OleInitialize
CoUninitialize CoTaskMemFree CoInitialize CoCreateInstance |
| OLEAUT32.dll |
SysAllocString
SysFreeString VariantClear SysAllocStringLen SysStringLen |
| bcrypt.dll |
BCryptGenRandom
|
| CRYPT32.dll |
CertGetCertificateChain
CertFreeCertificateChainEngine PFXImportCertStore CertFindCertificateInStore CertAddCertificateContextToStore CryptStringToBinaryW CertGetNameStringW CertCloseStore CertOpenStore CertFreeCertificateChain CryptQueryObject CertCreateCertificateChainEngine CertFreeCertificateContext CertFindExtension CryptDecodeObjectEx CertEnumCertificatesInStore |
| WLDAP32.dll |
#73
#301 #147 #133 #79 #142 #167 #127 #145 #219 #46 #14 #216 #208 #41 #117 #26 #27 |
| WS2_32.dll |
recvfrom
sendto getpeername ioctlsocket gethostname freeaddrinfo WSAEventSelect getsockopt send WSAResetEvent WSACloseEvent WSAEnumNetworkEvents socket WSAIoctl WSACreateEvent closesocket WSAGetLastError ntohs WSASetLastError WSAStartup WSACleanup htons setsockopt WSAWaitForMultipleEvents __WSAFDIsSet select accept bind connect getsockname htonl listen recv getaddrinfo |
Delayed Imports
1
2
97
3400
3500
3800
26
28
29
64
188
189
207
208
213
214
215
220
232
233
234
236
1 (#2)
1 (#3)
1 (#4)
String Table contents
| &Close |
| &Continue |
| &Foreground |
| Paused |
| Are you sure you want to cancel? |
| Modified |
| The system cannot allocate the required amount of memory |
| Cannot create folder '{0}' |
| Update operations are not supported for this archive. |
| Cannot open file '{0}' as archive |
| Cannot open encrypted archive '{0}'. Wrong password? |
| Unsupported archive type |
| Cannot open the file as {0} archive |
| The file is open as {0} archive |
| The archive is open with offset |
| Extracting |
| Skipping |
| Specify a location for extracted files. |
| Full pathnames |
| No pathnames |
| Absolute pathnames |
| Relative pathnames |
| Ask before overwrite |
| Overwrite without prompt |
| Skip existing files |
| Auto rename |
| Auto rename existing files |
| {0} bytes |
| Unsupported compression method for '{0}'. |
| Data error in '{0}'. File is broken |
| CRC failed in '{0}'. File is broken. |
| Data error in encrypted file '{0}'. Wrong password? |
| CRC failed in encrypted file '{0}'. Wrong password? |
| Wrong password? |
| Unsupported compression method |
| Data error |
| CRC failed |
| Unavailable data |
| Unexpected end of data |
| There are some data after the end of the payload data |
| Is not archive |
| Headers Error |
| Wrong password |
| Unavailable start of archive |
| Unconfirmed start of archive |
| Unsupported feature |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.0.0.0 |
| ProductVersion | 1.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Wise Apparatus Team |
| FileDescription | MPC-HC Setup by Wise Apparatus Team |
| FileVersion (#2) | 1.0.0.0 |
| LegalCopyright | Copyright 2002-2021 Wise Apparatus Team |
| ProductName | MPC-HC by Wise Apparatus Team |
| ProductVersion (#2) | 1.0.0.0 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Apr-19 17:02:43 |
| Version | 0.0 |
| SizeofData | 960 |
| AddressOfRawData | 0x6e6fc8 |
| PointerToRawData | 0x6e5dc8 |
TLS Callbacks
| StartAddressOfRawData | 0xafa000 |
|---|---|
| EndAddressOfRawData | 0xafa008 |
| AddressOfIndex | 0xaf5b84 |
| AddressOfCallbacks | 0xaab580 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0x5c |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0xaf0064 |
| SEHandlerTable | 0xae6a10 |
| SEHandlerCount | 366 |
RICH Header
| XOR Key | 0x918ccd8b |
|---|---|
| Unmarked objects | 0 |
| C objects (VS 2015/2017 runtime 26706) | 10 |
| ASM objects (VS 2015/2017 runtime 26706) | 2 |
| Imports (VS 2015/2017 runtime 26706) | 6 |
| C++ objects (VS 2015/2017 runtime 26706) | 35 |
| 199 (41118) | 16 |
| Imports (VS2008 SP1 build 30729) | 46 |
| Imports (27045) | 5 |
| Total imports | 298 |
| C++ objects (LTCG) (27045) | 32 |
| Exports (27045) | 1 |
| Resource objects (27045) | 1 |
| 151 | 1 |
| Linker (27045) | 1 |