a481adacfabdcf23a259adacedbd173853164cc5baced20fd859cad31a346232

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Feb-09 07:11:09
Comments ?FBI=2DH9A=EEG3II5EC4
CompanyName 9CC6?49CA7547D<C3
FileDescription :><I88A7<I35?=:H>
FileVersion 23.10.35.78
InternalName 04.exe
LegalCopyright Copyright © 1989 9CC6?49CA7547D<C3. All rights reserved.
OriginalFilename 04.exe
ProductName :><I88A7<I35?=:H>
ProductVersion 23.10.35.78
Assembly Version 1.0.0.0

Plugin Output

Suspicious The PE is possibly packed. The PE only has 0 import(s).
Malicious VirusTotal score: 24/71 (Scanned on 2026-03-15 02:10:44) ALYac: IL:Trojan.MSILZilla.159826
APEX: Malicious
Arcabit: IL:Trojan.MSILZilla.D27052
BitDefender: IL:Trojan.MSILZilla.159826
Bkav: W64.AIDetectMalware.CS
CTX: exe.trojan.msilzilla
CrowdStrike: win/malicious_confidence_100% (D)
DeepInstinct: MALICIOUS
DrWeb: Trojan.PackedNET.3465
Elastic: malicious (high confidence)
Emsisoft: IL:Trojan.MSILZilla.159826 (B)
Fortinet: MSIL/Kryptik.AKJG!tr
GData: IL:Trojan.MSILZilla.159826
Google: Detected
Ikarus: Trojan.MSIL.Crypt
McAfeeD: ti!A481ADACFABD
MicroWorld-eScan: IL:Trojan.MSILZilla.159826
Rising: Malware.Obfus/MSIL@AI.82 (RDM.MSIL2:S3Pvzb5CHfB+Rhp/vnmM5g)
SentinelOne: Static AI - Suspicious PE
Sophos: ML/PE-A
Trapmine: suspicious.low.ml.score
VIPRE: IL:Trojan.MSILZilla.159826
VirIT: Trojan.Win64.MSIL_Heur.A
huorong: Trojan/MSIL.Injector.nj

Hashes

MD5 b864dc1ea431bc9f13e74b598ba645c4
SHA1 61e7a4ae7b3b6e469e9af279f3ea4b9c4fe427b3
SHA256 a481adacfabdcf23a259adacedbd173853164cc5baced20fd859cad31a346232
SHA3 477995b9c80cb04b3ef04e6a1d8ab2c155382e3bb2147c57c6824ea37a7ef0f7
SSDeep 49152:riuZfpSmpQFNKko67Pr1UqaUtHG00kvn4mIPOA:NprpQ0sUutm05n4m2
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2021-Feb-09 07:11:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32+
LinkerVersion 8.0
SizeOfCode 0x25e400
SizeOfInitializedData 0x400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x264000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a3881e95e05095e264359c93166454e7
SHA1 4f55cb88f4b45a135e2374a9208f376626c25020
SHA256 5f04f305532241ab0616d5d9b3166f67dcd6f3b4531bf0c959b02bc63da44e09
SHA3 e21dc22d2b95f023370efa6daa50dda9be96a0e30be5ac4299b27d4de30c694c
VirtualSize 0x25e300
VirtualAddress 0x2000
SizeOfRawData 0x25e400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.73277

.rsrc

MD5 858b3409a77b3088f0404afca5c440d1
SHA1 2c203fdb71b4823e6a5c85e81d3315337107c3ce
SHA256 7af265b1399287d3681c06cc754ea1c3c23512a52ec0179797df63b4a448a545
SHA3 bb1a11e1c17c8a367acd4d42a72e537b914c7c14bfcf5e3c519cc8481f0352fa
VirtualSize 0x3f8
VirtualAddress 0x262000
SizeOfRawData 0x400
PointerToRawData 0x25e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.46015

Imports

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3a0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.56742
MD5 c03704913df142805d7f128cb73081cf
SHA1 60cc73ea3cf376041771171a2cfa3b657c21e1cd
SHA256 469f3135dd3cf4c919eea35931d80d4a6336e0f9c0c29ec14d9599e0a6e343b0
SHA3 e36026ab6ddd47ae0a85a379166cb79442b3274f4b4746c2919a83a263dfd3af

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 23.10.35.78
ProductVersion 23.10.35.78
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments ?FBI=2DH9A=EEG3II5EC4
CompanyName 9CC6?49CA7547D<C3
FileDescription :><I88A7<I35?=:H>
FileVersion (#2) 23.10.35.78
InternalName 04.exe
LegalCopyright Copyright © 1989 9CC6?49CA7547D<C3. All rights reserved.
OriginalFilename 04.exe
ProductName :><I88A7<I35?=:H>
ProductVersion (#2) 23.10.35.78
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.