c1305079ebca006578a4e749eb2daafc

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Oct-10 23:00:09

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
Suspicious VirusTotal score: 2/73 (Scanned on 2024-03-14 18:43:10) APEX: Malicious
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 c1305079ebca006578a4e749eb2daafc
SHA1 218b665f7c611d613912b24ee387d725917e03e7
SHA256 a8241123c7172d15060031652daa73db7320a9663a149efdf33d4bf993d98d85
SHA3 2e2cb5ff0c3a48cc64011d35bf59ef866aebd8ebb5745c2875d095433034993d
SSDeep 3072:59at0hkHXO6k0ckurT2+OgVIWdtNOWPLQ2wxF7IjzaDiJPYKtMGiRqwRiL:+N3O6kzk4T2+OgVIWd2cLe5kZTK5qw
Imports Hash 5ef66dbc81fe9b32a6acd9d24ce2866b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2023-Oct-10 23:00:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x26800
SizeOfInitializedData 0x1ee00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000004EB0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4a000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 569b7452779e124b8ce06471c6032866
SHA1 712b2c5d0e3063471b78f0d87d388a07f6405e49
SHA256 a3bb473396680a9a69018d0a795b4b850e1ecc37999c4950cdcd370156ddd232
SHA3 cb0652e088f11143623088704a6fdd86774c7fb0c1c4d9e713c633e307706aab
VirtualSize 0x26630
VirtualAddress 0x1000
SizeOfRawData 0x26800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.48098

.rdata

MD5 6857e3c0f244c2793c2b7f4dc0b32d64
SHA1 2e13771a8b3f8dc81458874180e2ad9034242cd9
SHA256 8943d84206fd0579f5c886465428fbef4ff4d8070e4e4422efee8d65074954e7
SHA3 0a10fed1aa4bdd24b3671def38f633a0d480442bed1b6dce323a717b31045e4c
VirtualSize 0xc124
VirtualAddress 0x28000
SizeOfRawData 0xc200
PointerToRawData 0x26c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.15038

.data

MD5 1cedb943cca7553376c0e781ea3122c0
SHA1 f082679aab31ebb3baebad83d4a1fc693d07c50f
SHA256 44862d09c7396cc9da4bab5e9fc608a95cd6793dad490e1281392872be355266
SHA3 10d440974215be2a177d4b9efc0d61ea68ad23920158a2c83cfb958435a7ea90
VirtualSize 0x10348
VirtualAddress 0x35000
SizeOfRawData 0x1000
PointerToRawData 0x32e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.16821

.pdata

MD5 3957974ec6e1f1d4839dd661ed9640dd
SHA1 37b3f221283f96e1af061d4ac2393128ab813ad2
SHA256 5503e464ff846e0b314fb4bb8eb53710be196f4f45f78d1b484dd1ae4414c83e
SHA3 3c0930192ac98255ddc04a09b7b441fb871ead1896ce43139834357c5c547563
VirtualSize 0x1cec
VirtualAddress 0x46000
SizeOfRawData 0x1e00
PointerToRawData 0x33e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.27343

_RDATA

MD5 940b2ccfd55229a7f0e6e277c2efcbe5
SHA1 fc83440438de64927f290faff2f1cf1a451dec3b
SHA256 6233bf38daf0e63507ba73c4902647764cc5e69fe861b16907f2ed5753da7302
SHA3 52cea36592600f62177428ad7f64ac1c526fe8707caeeb2397ff057d59a4ee4c
VirtualSize 0x15c
VirtualAddress 0x48000
SizeOfRawData 0x200
PointerToRawData 0x35c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.81808

.reloc

MD5 3952a35073734122544762878e639493
SHA1 ebf1be14e3d41b3c2ff64ee42496e7bcf65e36ff
SHA256 a0f2ec74d24c9b91a343f22f14574832bd4f30550a8117fbd4003098e9a42ae3
SHA3 e3457b170d440302dd82265993c08f5fd423a2b5b77603029b896cd3dcaa64e0
VirtualSize 0x70c
VirtualAddress 0x49000
SizeOfRawData 0x800
PointerToRawData 0x35e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.16719

Imports

KERNEL32.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetEndOfFile
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
MultiByteToWideChar
DeleteFileW
MoveFileExW
SetStdHandle
HeapReAlloc
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
CreateFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetTimeZoneInformation
HeapSize
WriteConsoleW
GetFileAttributesExW

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-Oct-10 23:00:09
Version 0.0
SizeofData 756
AddressOfRawData 0x31a68
PointerToRawData 0x30668

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400352c8

RICH Header

XOR Key 0x3d88ca
Unmarked objects 0
ASM objects (30795) 8
C++ objects (30795) 184
C objects (30795) 10
Imports (30795) 3
Total imports 99
253 (VS2022 Update 4 (17.4.2) compiler 31935) 3
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) 40
C objects (VS2022 Update 4 (17.4.2) compiler 31935) 18
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) 9
C++ objects (VS2022 Update 5 (17.5.4) compiler 32217) 1
C objects (VS2022 Update 5 (17.5.4) compiler 32217) 2
Linker (VS2022 Update 5 (17.5.4) compiler 32217) 1

Errors

<-- -->