064068f9243910daa1508e6ab8e29ff28baa74c52bd3137a287a22cce08cb65e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-May-28 08:26:25
Detected languages English - United States
CompanyName Human Plus One Corp.
FileDescription DTG, DTF & UV Printer Printing Software
FileVersion 10.5.0.0
LegalCopyright Copyright 2005 Human Plus One Corp. All rights reserved.
ProductVersion 10.5.0.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • cacerts.digicert.com
  • crl3.digicert.com
  • crl4.digicert.com
  • digicert.com
  • http://cacerts.digicert.com
  • http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
  • http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
  • http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
  • http://crl3.digicert.com
  • http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
  • http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
  • http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
  • http://crl4.digicert.com
  • http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
  • http://ocsp.digicert.com0
  • http://ocsp.digicert.com0A
  • http://ocsp.digicert.com0X
  • http://ocsp.digicert.com0\
  • http://www.digicert.com
  • http://www.digicert.com/CPS0
  • www.digicert.com
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Suspicious The PE is possibly packed. Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Section is both writable and executable.
Unusual section name found: .winlice
Section .winlice is both writable and executable.
Unusual section name found: .boot
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegOpenKeyW
 Leverages the raw socket API to access the Internet:
  • WSAGetLastError
Info The PE is digitally signed. Signer: Tin Hoc Nam Anh
Issuer: Tin Hoc Nam Anh
Malicious VirusTotal score: 7/70 (Scanned on 2024-03-04 23:06:54) Bkav: W32.AIDetectMalware
Google: Detected
Ikarus: Trojan.Crypt
McAfee: Artemis!D0CB6D177599
Skyhigh: Artemis
Trapmine: suspicious.low.ml.score
VBA32: BScope.Trojan.Wacatac

Hashes

MD5 d0cb6d1775996d19b7a7801f0d617ca1
SHA1 0695d26ad9b429e8d37ec1b027e0bc17cebb7ee9
SHA256 064068f9243910daa1508e6ab8e29ff28baa74c52bd3137a287a22cce08cb65e
SHA3 96b84e43e66847a2e4abb48d4263d773290e7cb7dbe562fdff45b39a82e4bb90
SSDeep 393216:my4Uibbsc9Kxi/QBTmFVOhPzmE9Y2GFg9WtZOicVQGyhE4nkAn+kUuO/bidFW:hc9KCQFmF+PzmE+Rg9WLFfGy3PZUuQoW
Imports Hash 6edbfaf9a492a236405a2609f1ce3589

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x128

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 11
TimeDateStamp 2022-May-28 08:26:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xbd600
SizeOfInitializedData 0x122200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x01A621B8 (Section: .boot)
BaseOfCode 0x1000
BaseOfData 0xbf000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x26dc000
SizeOfHeaders 0x400
Checksum 0x10c9a2a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

MD5 0d42ccf716f85791d8a9a5ceb5076879
SHA1 7a977085bb536437fa11eca44a14138053a359fe
SHA256 6ed31afb4aa60a1495134cd3c025fa5ef3ccbc60fa762f03b90ab742d229cdd5
SHA3 d78b8864ec6e5e2f860b72b0ace46c08c8e87f3797f4a0aad77c60ece68bd604
VirtualSize 0xbd575
VirtualAddress 0x1000
SizeOfRawData 0x56e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.98495

(#2)

MD5 8e5752b8110f0fc580ea8b7dc5651a0c
SHA1 01eacf8bd79c8ee239cc8a83bb7f2af60a65c1d5
SHA256 cf702c2479a1c5d06b56319b6169af137b1f1f93e9c1af698358f178b22aca37
SHA3 2960ab314a10fde4de1d91e56d114305b7ecc02c78208be71b5cef775b331299
VirtualSize 0x4f2be
VirtualAddress 0xbf000
SizeOfRawData 0x12a00
PointerToRawData 0x57200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.96636

(#3)

MD5 037fb0bf3eb2883a44a8c625cbbf417c
SHA1 91ecea43d4ec1fad413312bdaa676a31a6022234
SHA256 9c954e1bd15b44aadecd8de456addd577c14259d21ea922f3878440d9015d252
SHA3 9299ea7eb885b1c2f99bf3d507a6f855d189d7de1c0ee24870147417785c4276
VirtualSize 0x80e24
VirtualAddress 0x10f000
SizeOfRawData 0x6e200
PointerToRawData 0x69c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.91448

(#4)

MD5 ea5f63687397405aa6b5247cd45d0cb9
SHA1 1591c1e75587279dadedd24fc924120aea269d0a
SHA256 33cf2a17e2cf04fe6183ceb0782873086aed16b4731edc267e126d17b59226ff
SHA3 643f685c7b6ce4d10a96f8113819d7a66c05eb5533ad8f2fff568e6f5521eea3
VirtualSize 0x3f578
VirtualAddress 0x190000
SizeOfRawData 0x38a00
PointerToRawData 0xd7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.93301

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13000
VirtualAddress 0x1d0000
SizeOfRawData 0
PointerToRawData 0x110800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

(#5)

MD5 a2e471f1b5b9a23d1670d8cb70c15eb8
SHA1 1925e28f1ba753ce7c83b2c10968c97791557c5e
SHA256 2f51bdf4e343f8e951b0a151e83e2ce2f8814f9fb2fa710a01e0fa4df65215e4
SHA3 dd4faaf0f9cbabbe13f3ebee1bcd9640cc8e5bd6ea221653ae3722a8eb84b6e1
VirtualSize 0xa36000
VirtualAddress 0x1e3000
SizeOfRawData 0x329e00
PointerToRawData 0x110800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99995

.idata

MD5 8c46a34b796e9fe7460fd25e97b8ae55
SHA1 74af373481ce165d9a169178d64b8a9e8a48ccb2
SHA256 8e80dbb6b715eb479081e585e193630f301e3e741aa36799b1986e907c26eaa2
SHA3 2474d11f4a204af5410f4918804b6f891349b3d61f76014a0cabb5363fb4417b
VirtualSize 0x1000
VirtualAddress 0xc19000
SizeOfRawData 0x800
PointerToRawData 0x43a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.32544

.tls

MD5 e62793f9186a233e8d525e6ebe27f198
SHA1 c5b22aa41039482f3f193403275975ca8cc70e74
SHA256 a9dada3e933ceec46efb8dc9676680a79be86efedbca19f08dfa3e0bd20f161e
SHA3 89c248a0ccd73a2e0e464aeb07919f6e8dcec7556a570e60a15a06cc1d2ba15a
VirtualSize 0x1000
VirtualAddress 0xc1a000
SizeOfRawData 0x200
PointerToRawData 0x43ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.221192

.rsrc

MD5 725c777c80174049fb5b121bc81638c7
SHA1 c72a3b0b7a3134c7f81d8a6a73ade15708af166e
SHA256 9c5e9566f05cfe3ac4cbce257489b8fd50d31b9d7da1ce1ee7942dbadb5e6009
SHA3 f62d4da8d8d1ab4b730d4d132b557aef1ee46014d3eddad8d1f437aef5d93378
VirtualSize 0x4e00
VirtualAddress 0xc1b000
SizeOfRawData 0x4e00
PointerToRawData 0x43b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.82985

.winlice

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe42000
VirtualAddress 0xc20000
SizeOfRawData 0
PointerToRawData 0x43fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot

MD5 9390c6f8b429a92b45fd61e1ba8776f0
SHA1 dfddc161c6998b9cc42fbcb9ef0c730f3887ce3b
SHA256 57cf732e75bd3b85aba9c7e199357ff1f4424cd9f708d4c7de78fc28d241a337
SHA3 4b662629c28952c0c4a0f1550449244f6d2b0206d72d290527045a4b410503eb
VirtualSize 0xc79e00
VirtualAddress 0x1a62000
SizeOfRawData 0xc79e00
PointerToRawData 0x43fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.86494

Imports

kernel32.dll GetModuleHandleA
Imagelib17u.dll ?AlphaCreate@CxImage@@QAE_NXZ
SETUPAPI.dll SetupDiGetClassDevsA
mfc140u.dll #11024
USER32.dll DrawEdge
GDI32.dll CreateCompatibleBitmap
WINSPOOL.DRV OpenPrinterW
ADVAPI32.dll RegOpenKeyW
SHELL32.dll DragFinish
COMCTL32.dll ImageList_GetImageInfo
ScreenLib17u.dll ??1CXTPPropertyGridItem@@UAE@XZ
gdiplus.dll GdiplusShutdown
VCOMP140.DLL _vcomp_fork
WS2_32.dll WSAGetLastError
WINTRUST.dll WTHelperProvDataFromStateData
CRYPT32.dll CertGetNameStringW
VERSION.dll GetFileVersionInfoW
VCRUNTIME140.dll __std_terminate
api-ms-win-crt-heap-l1-1-0.dll realloc
api-ms-win-crt-convert-l1-1-0.dll atof
api-ms-win-crt-runtime-l1-1-0.dll _invalid_parameter_noinfo
api-ms-win-crt-string-l1-1-0.dll strncmp
api-ms-win-crt-stdio-l1-1-0.dll rewind
api-ms-win-crt-math-l1-1-0.dll ceil
api-ms-win-crt-filesystem-l1-1-0.dll _fstat64i32
api-ms-win-crt-time-l1-1-0.dll _ctime64
api-ms-win-crt-locale-l1-1-0.dll localeconv
api-ms-win-crt-utility-l1-1-0.dll ldiv
api-ms-win-crt-environment-l1-1-0.dll getenv

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.30289
MD5 ad2a9ac7b3662122ccf2b5f4e347b1b4
SHA1 53ba363bee5ec4095ee12e872aa22f865ef3a6db
SHA256 88acb72375d5f5ef339bf02a80ca1ed63fd090584541d260f8cabaac979a7a1e
SHA3 7d36c5b0843b5fc0c5f96fa8efb49f2ee0e7b418df6b4af185e76ab1f483e814

9

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x456
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.59946
MD5 59faa7861de93607a8430c2ddf494fad
SHA1 e28836c29d314f611d57bda15c38e01452d8d58a
SHA256 04431e8e81b53c4d22c28e83a87b5afa563b9f698487db5a331ee0766a612f37
SHA3 615fc333fcee9ca488cd7ee91743b8ca311eca2c09c2d0410990098b22990afc

128

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 3e1d980f0dc747eec9d946c155cb1498
SHA1 15414ced0202f709d400c957d441a8856dde8479
SHA256 027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd
SHA3 11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41514
MD5 d5e83e0a981729483adedf2ed1a8fc94
SHA1 ae9dad79f49f35742e12d5b9d78713ee6eb7e41f
SHA256 2c6db1818bb579c575ebf825f711a0e7f8e0bca36fe84a8920179605d3608bfb
SHA3 dd0fdd202401fd5a409c152267dbdf459172fe65bb662c26d65ff07beef90807

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x280
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07176
MD5 0f3b71d0fa474d73aff7de9cdf842732
SHA1 7990f81c60b8ab722c5ad7367f69c85106be5ed5
SHA256 5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09
SHA3 c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375

String Table contents

Textile
Textile
Textile.Document
Textile.Document
All Files(*.eps,*.ps,*.pdf;*.bmp,*.tif,*.jpg;*.png,*.psd)|*.eps;*.ps;*.bmp;*.tif;*.jpg;*.png;*.psd;*.pdf|Encapsulated PostScript(*.eps)|*.eps|PostScript(*.ps)|*.pdf|Portable document format(*.pdf)|*.pdf|Windows Bitmap(*.bmp)|*.bmp|tagged Image File Format(*.tif)|*.tif|JPEG File(*.jpg)|*.jpg|Portable Network Graphics(*.png)|*.png|Photoshop Data File(*.psd)|*.psd||
Objects
Selected
Info
Line Color
Output Size
Width
Height
X
Position X
Y
Position Y
Original Size
Width
Height
Equal Proportion
Ratio X

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.5.0.0
ProductVersion 10.5.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Human Plus One Corp.
FileDescription DTG, DTF & UV Printer Printing Software
FileVersion (#2) 10.5.0.0
LegalCopyright Copyright 2005 Human Plus One Corp. All rights reserved.
ProductVersion (#2) 10.5.0.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9009e9a0
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 22
199 (41118) 10
Imports (27045) 2
C objects (VS 2015/2017 runtime 26706) 13
ASM objects (VS 2015/2017 runtime 26706) 8
C++ objects (VS 2015/2017 runtime 26706) 31
Imports (VS 2015/2017 runtime 26706) 8
C objects (VS2017 v15.9.2-3 compiler 27024) 21
Imports (27412) 28
Imports (VS2017 v15.9.2-3 compiler 27024) 3
Total imports 1346
C objects (VS98 SP6 build 8804) 10
C objects (27048) 50
C++ objects (27048) 65
Resource objects (27048) 1
151 1
Linker (27048) 1

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section .reloc has a size of 0! [*] Warning: Section .winlice has a size of 0!
Leave a comment

No comments yet.