| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2021-Mar-17 03:03:46
|
| Detected languages |
English - United States
|
| TLS Callbacks |
2 callback(s) detected.
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
| Suspicious |
The PE is possibly a dropper. |
Resources amount for 85.189% of the executable.
|
| Suspicious |
VirusTotal score: 2/72 (Scanned on 2026-02-25 19:17:14) |
Jiangmin:
Trojan.Generic.gyxrm
MaxSecure:
Trojan.Malware.300983.susgen
|
| MD5 |
eefb466044781fe17a190304f6b8b454
|
| SHA1 |
97b5efaf271998f14d22751b610a9ca82815325b
|
| SHA256 |
a6f8364e5901dcd818bfa558481dbb55511caaf59c4c4086d345584b8c465c0f
|
| SHA3 |
67dc05b89da80d649a29e4daa61d8cad40aad821e0128aa6786c9afc7495ab1d
|
| SSDeep |
3072:JO4iyqmQFyp6VFRyLO338ToWe90cEK7LQtPk5LWFN:JTiyBbkzy/ToB0cEeLQt20
|
| Imports Hash |
6f0f72e12bdea21b3a946ca4036df56c
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
8
|
| TimeDateStamp |
2021-Mar-17 03:03:46
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x2000
|
| SizeOfInitializedData |
0x19600
|
| SizeOfUninitializedData |
0x400
|
| AddressOfEntryPoint |
0x000014A0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x3000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x20000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x1f76c
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
1cf5ae5eadc7c1d71f72bb5390488ef0
|
| SHA1 |
654181a02afc83d1a424b57072158a20206a4d93
|
| SHA256 |
c80128821b47614f20a7580d2c16b9a3dd22de7e1ba82685ac1382a793bd4e2d
|
| SHA3 |
c68c3d69612fbcd71a265850c606b478d196d14b1362d4878d8289d2975fe12e
|
| VirtualSize |
0x1f04
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.99752
|
| MD5 |
8347cb31105176c23bef031c1b15417d
|
| SHA1 |
7b3a71d8e952962207b093f70570093b73d5b5e6
|
| SHA256 |
ddb5b31f2c7d2cc12908009ff1441c59b3f5fadf3f3acb7da7941579998aeb69
|
| SHA3 |
0c04c86575cb2eb48d6986cd0ef4b109572d439e38d73c6044f8146a988f9473
|
| VirtualSize |
0x78
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
1.34089
|
| MD5 |
cb90300356c29bcc12fb843be53621e7
|
| SHA1 |
63b28d5ddedb594eee724b475840e80dd995df96
|
| SHA256 |
98a25e3ebd824e1d0f479644c391a7087d8ae34050ba0470149d73bcc1812b74
|
| SHA3 |
e0c14b04a0ab549fdabd27772150c4dfeb47bb0d170dc1404eba0ee625306275
|
| VirtualSize |
0x6d0
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.75531
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x3f0
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
66aa60d1e5abdc08361f728f8011a4e7
|
| SHA1 |
6c613a430c7cfffca286a7dad1eda72239153d35
|
| SHA256 |
5cf088f8148aded34ebb5054c174a724fe18f89f358a9201548ab1fba4f6c513
|
| SHA3 |
b5a5df6ee935b9529c10954d8ca7ca20ef4bf7bf5c16284437904b496e8407a0
|
| VirtualSize |
0xaa8
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0xc00
|
| PointerToRawData |
0x2e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.35015
|
| MD5 |
f5162ac0c440a3b119bf2874a30b5641
|
| SHA1 |
f41283616afbe92effe33bd7f337736b100d8cd9
|
| SHA256 |
29a1aa0c2fc4e2419548764aa552c93c4ea5bf441ac95399e4a7bbc4c5aa70af
|
| SHA3 |
76af62ad8afe62b7defd85e68cc9252b2c86cfb2c2b7898117e3153d55e310ef
|
| VirtualSize |
0x34
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.274825
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x8
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
36993c0f6c8904a4c5bd77eae1cb0937
|
| SHA1 |
a22cb535c5a893f80d92e1fce738e9369daf0a00
|
| SHA256 |
614b842522cb4d15b598689d0cd43a6aa95eb63278c575a41ee73f40f74e37f9
|
| SHA3 |
05ba528b707d19c16339c636a60a7bc4fa455c659648ae5ed2e5a637380254b2
|
| VirtualSize |
0x16ef0
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x17000
|
| PointerToRawData |
0x3e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.98444
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetDllDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| api-ms-win-crt-convert-l1-1-0.dll |
mbstowcs
wcstombs
|
| api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron
|
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc
free
malloc
realloc
|
| api-ms-win-crt-locale-l1-1-0.dll |
setlocale
__initialize_lconv_for_unsigned_char
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
| api-ms-win-crt-private-l1-1-0.dll |
memcpy
|
| api-ms-win-crt-runtime-l1-1-0.dll |
_set_app_type
__p___argc
__p___argv
__p___wargv
__p__acmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal
|
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
fwrite
|
| api-ms-win-crt-string-l1-1-0.dll |
strlen
strncmp
_strdup
|
| api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone
__tzname
_tzset
|
| USER32.dll |
MessageBoxA
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x16e3c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.98664
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
2aa9df8868d9531dbf2da14a9a7a6b0f
|
| SHA1 |
78a042c6770267412c71fa786fc5275985ef4e76
|
| SHA256 |
d50afffca5822aefe6e44d316fa4c8656e8dd1f973aca37694a724d7b29e2e25
|
| SHA3 |
6d80caac597782892035b7a53e24ecfadddee1c6f754e346bc51bc8efff355dd
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.59047
|
| Detected Filetype |
Icon file
|
| MD5 |
22e20862692ad220a7c6724230cabea5
|
| SHA1 |
cbbe8f9973a3b813a480f0cf821adb0b55fc3b02
|
| SHA256 |
04c7265ca6ce3b24473128485d88a2305b73d575e6eae2debf196bf61b9be264
|
| SHA3 |
246a6fe05bde7cefa17bcc18f696599d381fb71ddf1602b6ef84aa289185e87f
|
| StartAddressOfRawData |
0x408000
|
| EndAddressOfRawData |
0x408004
|
| AddressOfIndex |
0x405390
|
| AddressOfCallbacks |
0x407020
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x004017B0
0x00401760
|
[*] Warning: Section .bss has a size of 0!
a6f8364e5901dcd818bfa558481dbb55511caaf59c4c4086d345584b8c465c0f