8bb6e144acf7e444d7afcc46c0c014fe9ad2361ecd9c831bbf28c55fc19dafb0
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 1992-Jun-19 22:22:17 |
| Detected languages |
English - United States
|
| CompanyName | H Hayat |
| FileDescription | 4K Products [x64] - Patch |
| FileVersion | 1.1.0.0 |
| InternalName | Patch [x64].exe |
| LegalCopyright | © 2021, H Hayat |
| LegalTrademarks | |
| OriginalFilename | Patch [x64].exe |
| ProductName | 4K Products [x64] - Patch |
| ProductVersion | 1.1.0.0 |
| Comments |
Plugin Output
| Suspicious | PEiD Signature: | PECompact v2.xx |
| Suspicious | The PE is possibly packed. |
Section CODE is both writable and executable.
Section .rsrc is both writable and executable. |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Malicious | VirusTotal score: 47/70 (Scanned on 2021-05-16 09:55:24) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (high confidence) MicroWorld-eScan: Gen:Variant.Bulz.330158 CAT-QuickHeal: Trojan.Wacatac McAfee: Artemis!FD9E805EBC50 Cylance: Unsafe Zillya: Tool.Patcher.Win32.35145 Sangfor: Riskware.Win32.Wacapew.C K7AntiVirus: Unwanted-Program ( 0054d0751 ) Alibaba: HackTool:Win32/Patcher.947ca582 K7GW: Unwanted-Program ( 0054d0751 ) Cybereason: malicious.ebc50e Cyren: W32/Trojan.QCQH-1688 Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/HackTool.Patcher.ED potentially unsafe APEX: Malicious Paloalto: generic.ml BitDefender: Gen:Variant.Bulz.330158 NANO-Antivirus: Riskware.Win32.Patcher.hyzywe Ad-Aware: Gen:Variant.Bulz.330158 Emsisoft: Gen:Variant.Bulz.330158 (B) Comodo: Malware@#26vnama0wl3q5 VIPRE: Trojan.Win32.Generic!BT McAfee-GW-Edition: GenericRXEJ-BF!DB197D517F1A FireEye: Generic.mg.fd9e805ebc50ee6e Sophos: Generic PUA CM (PUA) GData: Gen:Variant.Bulz.330158 Webroot: W32.Hax.Gen Antiy-AVL: Trojan/Generic.ASMalwS.2196BAA Gridinsoft: Trojan.Win32.Agent.ns Arcabit: Trojan.Bulz.D509AE AegisLab: Trojan.Win32.Patcher.4!c Microsoft: Trojan:Win32/Wacatac.A!ml Cynet: Malicious (score: 100) ALYac: Gen:Variant.Bulz.330158 MAX: malware (ai score=86) Malwarebytes: Malware.AI.4036402309 Panda: Trj/CI.A Rising: PUA.Puasson!8.11126 (CLOUD) Yandex: Trojan.Igent.bVASr7.3 Ikarus: possible-Threat.Hacktool.Patcher eGambit: Unsafe.AI_Score_54% Fortinet: Riskware/Generic_PUA_CM BitDefenderTheta: AI:Packer.274FC81821 AVG: Win32:Malware-gen Avast: Win32:Malware-gen MaxSecure: Trojan.Malware.113660661.susgen |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x50 |
| e_cp | 0x2 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0xf |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0x1a |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 2 |
| TimeDateStamp | 1992-Jun-19 22:22:17 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 2.0 |
| SizeOfCode | 0x1e200 |
| SizeOfInitializedData | 0x1d400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00001000 (Section: CODE) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x20000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x46000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x1d955 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x4000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
CODE
.rsrc
Imports
| kernel32.dll |
LoadLibraryA
GetProcAddress VirtualAlloc VirtualFree |
|---|---|
| user32.dll |
CharNextA
|
| oleaut32.dll |
SysFreeString
|
| advapi32.dll |
RegSetValueExA
|
| version.dll |
VerQueryValueA
|
| gdi32.dll |
SetTextColor
|
| msimg32.dll |
AlphaBlend
|
| ole32.dll |
CoTaskMemFree
|
| shell32.dll |
SHGetPathFromIDListA
|
| comdlg32.dll |
GetSaveFileNameA
|
| IMAGEHLP.DLL |
CheckSumMappedFile
|
| winmm.dll |
sndPlaySoundA
|
Delayed Imports
50
MAIN
DATA
INFO
MODULE
MAINICON
1
1 (#2)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.1.0.0 |
| ProductVersion | 1.1.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | H Hayat |
| FileDescription | 4K Products [x64] - Patch |
| FileVersion (#2) | 1.1.0.0 |
| InternalName | Patch [x64].exe |
| LegalCopyright | © 2021, H Hayat |
| LegalTrademarks | |
| OriginalFilename | Patch [x64].exe |
| ProductName | 4K Products [x64] - Patch |
| ProductVersion (#2) | 1.1.0.0 |
| Comments |
| Resource LangID | English - United States |
|---|
TLS Callbacks
| StartAddressOfRawData | 0x445f08 |
|---|---|
| EndAddressOfRawData | 0x445f10 |
| AddressOfIndex | 0x445f00 |
| AddressOfCallbacks | 0x445f04 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks | (EMPTY) |
Load Configuration
RICH Header
Errors
[*] Warning: Resource MAIN is empty!
[*] Warning: Resource DATA is empty!
[*] Warning: Resource INFO is empty!
[*] Warning: Resource MODULE is empty!
Leave a comment
No comments yet.