6d76785ff9806540c469c3b466eeacacb5d129d38723d53936a90b419f22a5a0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-May-09 03:17:09

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Can access the registry:
  • RegCreateKeyExW
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegSetValueExA
  • RegSetValueExW
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
Malicious VirusTotal score: 15/70 (Scanned on 2026-05-04 19:39:42) APEX: Malicious
Antiy-AVL: Trojan/Win32.Agent
CAT-QuickHeal: Trojan.Riskware
CTX: exe.trojan.generic
Cylance: Unsafe
Fortinet: W32/PossibleThreat
Gridinsoft: Trojan.Win32.Gen.cl
K7AntiVirus: Riskware ( 0040eff71 )
K7GW: Riskware ( 0040eff71 )
MaxSecure: Trojan.Malware.3411146.susgen
Rising: Trojan.Generic!8.C3 (CLOUD)
Trapmine: malicious.moderate.ml.score
TrellixENS: GenericRXAA-AA!2A64F1E0FBB0
VBA32: Trojan.Yomal
Zillya: Adware.Generic.Win32.175573

Hashes

MD5 2a64f1e0fbb0e0687bd41dedf3ab19e8
SHA1 5601fd7b42835ba56fb13e0fe1915964ab0a42e4
SHA256 6d76785ff9806540c469c3b466eeacacb5d129d38723d53936a90b419f22a5a0
SHA3 2657d8b6b3b004c0989a23bb52529f16f8b69ba53bd417405c1ea1c713b774f5
SSDeep 3072:ku1hlvOR3R2gFL4pTGt4/NBOtJwgOeYg4fFcIqeBsmSxsyLZ:Ch2Uly/Tg7cSxHLZ
Imports Hash 5a6e533a847e4a6c14333c31892a86eb

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2023-May-09 03:17:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xfe00
SizeOfInitializedData 0x9200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001A93 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x11000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e8701eb309fa22a0de62fc46cb3f9e7c
SHA1 8e20ee60516c22e19d96590368d51eb36eab1b40
SHA256 f7aa34bfe1b575f7a15df5c86995189e4fbdc50d7b7fb3d0dea082425f6e3e87
SHA3 e2ddc2bf9562a14b2c820c7a80650c727c04765f74aa86c24255ea31a189221e
VirtualSize 0xfc3b
VirtualAddress 0x1000
SizeOfRawData 0xfe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.63187

.rdata

MD5 0aa70fa6cbeb50c3edd3fc22052a258b
SHA1 91b6124b2cafb638e5987d9001af86fd5e1f803e
SHA256 81726e7a4640df606d32b3107fb9f6064e5fa8b28ad52da6609ebec96a5125ca
SHA3 694e5b8259bf7110e21103a3d630800a7f282e0f266a6e646d9e42306f86edde
VirtualSize 0x6a22
VirtualAddress 0x11000
SizeOfRawData 0x6c00
PointerToRawData 0x10200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.20124

.data

MD5 00dec8f6afe6c8e35c6ea809822f2a95
SHA1 188273660ad6fec554004fedeafc468b0c05dde2
SHA256 6fa29402c956953cbe32b9f64d4d1b9249e22ffbd0215390c79e9a244eaf0141
SHA3 6d8e78ea0ab2b04309d49158987c26b706da75be9f4d7cd9a46008433d18c18d
VirtualSize 0x13c8
VirtualAddress 0x18000
SizeOfRawData 0xa00
PointerToRawData 0x16e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.82343

.gfids

MD5 8695c3183ee740e2ced5cf29ce0d0dd9
SHA1 bf6b805ac138f76df62790f66041288522f04bab
SHA256 180755d9c5daf5446b67af5efef738c8c148896cb5cc7c5226deab6b4cc82ab8
SHA3 eff6f8d237b4e594ba25682b26d14ebfaa426ea076dc8c14c1c2423f601e8dc8
VirtualSize 0xb0
VirtualAddress 0x1a000
SizeOfRawData 0x200
PointerToRawData 0x17800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.909243

.reloc

MD5 030fdc397f0090b95b5b697d70eb4285
SHA1 77816f75ffc3d4bafc6a79efaa4806fbece96024
SHA256 46fb388efa1280bf5e34f58be8ca4f7d75afd1b4d1292a1972752c218a0b1d29
SHA3 9b93ed24fe40efa4d81f894c3400f01d85f167bd52ba4a787dba5b7c423a7e16
VirtualSize 0xedc
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x17a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.29252

Imports

ADVAPI32.dll RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegCloseKey
USER32.dll MessageBoxA
KERNEL32.dll WriteConsoleW
CreateFileW
SetEnvironmentVariableW
GetFileAttributesW
GetFullPathNameW
CloseHandle
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
ResumeThread
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
lstrcpyW
lstrlenA
lstrlenW
GetPrivateProfileStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
RaiseException

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-May-09 03:17:09
Version 0.0
SizeofData 636
AddressOfRawData 0x16c7c
PointerToRawData 0x15e7c

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x418004
SEHandlerTable 0x416c70
SEHandlerCount 3

RICH Header

XOR Key 0x7f34f26c
Unmarked objects 0
ASM objects (26213) 9
C++ objects (26213) 138
C objects (26213) 18
ASM objects (24237) 16
C++ objects (24237) 29
C objects (24237) 17
Imports (26213) 7
Total imports 96
C++ objects (24245) 1
Linker (24245) 1

Errors

Leave a comment

No comments yet.