8e29f707ec0fc54c80d78ee320506cd9675e62ab9651b3d173707c759dabb1f2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Feb-23 14:29:24
Detected languages English - United States
CompanyName LUX SISTEMAS INFOR
ProductName Vendas
FileVersion 4.02
ProductVersion 4.02
InternalName Vendas
OriginalFilename Vendas.exe

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Info Interesting strings found in the binary: Contains domain names:
  • http://upx.tsx.org
  • upx.tsx.org
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious The file contains overlay data. 124629 bytes of data starting at offset 0x81400.
Malicious VirusTotal score: 12/69 (Scanned on 2020-08-18 07:48:34) APEX: Malicious
Avira: TR/Dropper.Gen
Cybereason: malicious.1179e2
Cynet: Malicious (score: 85)
F-Secure: Trojan.TR/Dropper.Gen
Ikarus: Trojan.Dropper
Invincea: heuristic
Lionic: Trojan.Win32.Generic.4!c
MaxSecure: Trojan.Malware.300983.susgen
Rising: Dropper.Generic!8.35E (CLOUD)
Sangfor: Malware
SentinelOne: DFI - Suspicious PE

Hashes

MD5 8aec106f3f408ec4d888f3506023f004
SHA1 8cfdb901179e22a590eda0b1128abed5d06896d7
SHA256 8e29f707ec0fc54c80d78ee320506cd9675e62ab9651b3d173707c759dabb1f2
SHA3 559315696ef85526edb76df89f956a1726ed3e23ef21ca0b786b331b71b6bd1d
SSDeep 12288:XXJqr8LH1IJqM3WrZBQzu8eK+0kkIqARwS9YbNYlhWyEl1Rpo:nJqg6fGb1K+/tYJSW3l1Rpo
Imports Hash e029f98a2da83608852f59fa44f95f0e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2010-Feb-23 14:29:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.2
SizeOfCode 0x80000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0xed000
AddressOfEntryPoint 0x0016DB40 (Section: UPX1)
BaseOfCode 0xee000
BaseOfData 0x16e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 2.2
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x170000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xed000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 8f17c773d0ecc05bce70358aefd7b680
SHA1 f14cf434d8631c3f3735698fe0fc5b5cddca1de2
SHA256 a5b8b89fb2dec6675f286d5818fb20ae82f40f5ebd2d919985589a68208b76c2
SHA3 a6e087a8a4348b3073df1f8a126b55b9a99e026cfb01af9c67362e0c1419c255
VirtualSize 0x80000
VirtualAddress 0xee000
SizeOfRawData 0x7fe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87022

.rsrc

MD5 82c9d9c66b3120c817313a342619cde0
SHA1 624c98526f491e750b8a1c02e28f1dfb5c469357
SHA256 f844c53c4b311b2d98ac6d7c5960748db54f267b11c5ba80d2f1bd07b2f7dd6c
SHA3 5a7a84548ab342a662e4a289cf25f7715858f4baa69e1dc9a04cc36014510fb3
VirtualSize 0x2000
VirtualAddress 0x16e000
SizeOfRawData 0x1200
PointerToRawData 0x80200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.11043

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
ExitProcess
MSVBVM60.DLL #581

Delayed Imports

50

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.23151
MD5 fd494e13457d7dbd9b0c7c4523719a2e
SHA1 99e6378355231aadd74ba8951af621de5ad775d7
SHA256 47855e3323469a12c427995ed9306b16abb1f555102c5ebefbbd1fa957b85cdd
SHA3 8aa53c6bf2c02114ef1fcac8258a3b2dcf86b6a3f2007d7e753a8f0929e45751

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x14
TimeDateStamp 2010-Feb-23 14:29:24
Entropy 2.0815
Detected Filetype Icon file
MD5 d5f028208a5d91a66f5def3a2eec1f37
SHA1 bcedf7021f780fede5a8bea6c2290433c0923ce8
SHA256 d79e294bd31dc75ef0b228cc54c17e671af34cb3e6765aeeb9c0f6e431aa70cd
SHA3 e9df179db8627cf4278490dea8f488af8adce99dd600ea3d4d034242fb5080f3

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x220
TimeDateStamp 2010-Feb-23 14:29:24
Entropy 3.21697
MD5 f8edf69d3d53836d007d2048f9882022
SHA1 4ae40e487de930cb1291f6bb00f1dc7bef1c4ad8
SHA256 33b9137dc380378fe6728a6c832bedbaeaf3f0cd171a7637888840f7aa7679f3
SHA3 91f4770736167d2653f14a681b241858c1097f3062279daf01ef8f9dcef01e59

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.2.0.0
ProductVersion 4.2.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName LUX SISTEMAS INFOR
ProductName Vendas
FileVersion (#2) 4.02
ProductVersion (#2) 4.02
InternalName Vendas
OriginalFilename Vendas.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x18863eef
Unmarked objects 0
14 (7299) 1
9 (8041) 28
13 (8169) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.