c491b20e255a39bf68ca152f32bccf4f37c5608ff3aa825cf956a1e62e9244b2

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Nov-21 10:53:18
Detected languages English - United States
FileDescription Version Dll x64
LegalCopyright © LeFF
FileVersion 2.0.2022
ProductVersion 2022.7
OriginalFilename version.dll

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: LeFF
Section LeFF is both writable and executable.
Unusual section name found: VAULT
Unusual section name found: 2022
Unusual section name found: 2022
Unusual section name found: 2022
Unusual section name found: 2022
Unusual section name found: MrFi
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 8/71 (Scanned on 2026-03-06 21:06:03) CrowdStrike: win/malicious_confidence_90% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Gridinsoft: Trojan.Heur!.030100A2
Sangfor: Suspicious.Win32.Save.a
Skyhigh: BehavesLike.Win64.Trojan.tc

Hashes

MD5 1fc0299330a490793e15440dd5d57bf9
SHA1 3a84626885e975c78b151ad318fe32e045a02a44
SHA256 c491b20e255a39bf68ca152f32bccf4f37c5608ff3aa825cf956a1e62e9244b2
SHA3 a2487272f48f6dd118db593ae13852ffaee5334306c2270c6450be9f1efa28ae
SSDeep 24576:B+hi0o6xKikubVag3uCqNjFst+NZT8MS8CxmX:B+hi5ihbb0jyt+/8KCxK
Imports Hash ef4032231e7f1592bb8a5a65bfccf3d9

DOS Header

e_magic MZ
e_cblp 0x80
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0x10
e_maxalloc 0xffff
e_ss 0
e_sp 0x140
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2023-Nov-21 10:53:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 1.0
SizeOfCode 0x140c00
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001000 (Section: LeFF)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x148000
SizeOfHeaders 0x400
Checksum 0x149129
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
SizeofStackReserve 0x1000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x10000
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

LeFF

MD5 52e174a32ee186cfca423745d5abd8cf
SHA1 cb81773d8f0e0d918d3dceb9b927184415f34bbb
SHA256 d310ba22d1636d7d93d7db72e84287035bb3d6ac5f7e8ad7678c5dcdb2f7495c
SHA3 fbd9bde59f7c30e373fccda2d178d7f9c37d6aad0c8d6f4842f938dc76864f93
VirtualSize 0x140b45
VirtualAddress 0x1000
SizeOfRawData 0x140c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.62137

VAULT

MD5 436448035095a51dce2b29552fdebb35
SHA1 437f1a3549abc2ece9130d9ef02edc1ef6710453
SHA256 f24f0440e8afce8c9ca7e975bd008578ca37b3b04f5695226e64155ce28dbc94
SHA3 eef9d3922658e35e23b9500a12395785162f9c41c65814f17c48b3203c26e258
VirtualSize 0x24
VirtualAddress 0x142000
SizeOfRawData 0x200
PointerToRawData 0x141000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.356223

2022

MD5 2efa7c2ea3e732990249c7851ddede61
SHA1 e738c98212781636299222a949cb273f3772aad2
SHA256 dba3b7ec9d1466a32c818a8d0858a2d5dd0b43c51c381e0e2daaf2087893ad63
SHA3 5d936bf599939bc5d8f47e1c2c719bc928d054ea88600615ee94054ec8762bcb
VirtualSize 0xb61
VirtualAddress 0x143000
SizeOfRawData 0xc00
PointerToRawData 0x141200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.11061

2022 (#2)

MD5 23ac56e266746e9199f385f8a0ad2ca1
SHA1 14f9bd1c58b01aad30842d7fd7d30299865db926
SHA256 c758f8e6d7244d8f1a8b33165e568b3f15297eb6497c4286ab34055ae6806f5a
SHA3 cd1a2fa74e3b26d52198265e66b5aa9902fa11cd6aa66c2a18894b0c08bd9ac7
VirtualSize 0x22b
VirtualAddress 0x144000
SizeOfRawData 0x400
PointerToRawData 0x141e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.31553

2022 (#3)

MD5 85552142b8114b774b8696b5452155a8
SHA1 bb81c524fcef8fa61f4a701846b23e2727f82d8f
SHA256 7411bf932254b286d9aef2778af2be11649f16cc9525831451f6d783d9f8ba7e
SHA3 3ff422450de8f6f2b5095e5e6918b8f8944d8ba5c9ba3f1a58b66a27f04ca7ca
VirtualSize 0x70
VirtualAddress 0x145000
SizeOfRawData 0x200
PointerToRawData 0x142200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.88601

2022 (#4)

MD5 7875b494486aa44b15155d31c4f6b844
SHA1 87ad7f4e6a62b8d11acbb734b18575b4df9f08aa
SHA256 d5ed4740faff32631ddc015734c533305035a42b081ef69f0890775c6d4b364e
SHA3 337265bf046bba0ab222f53a65cd4e17c80b29bcb57ebfcbbbcf2c33bf302691
VirtualSize 0x254
VirtualAddress 0x146000
SizeOfRawData 0x400
PointerToRawData 0x142400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.46242

MrFi

MD5 9f4231f267f72b1896758eb2bcc13107
SHA1 16a4897030a6619ac4d4b24737c0b79af3d2a839
SHA256 912fe218dac11536ac7359fe9eeb4d08bae3a27a689fe58da3dd0a22a9e4f15a
SHA3 9c28a0b5280b55a1cb6e1c09b44fc1ac75eb15054d55fe973b14c7e5c61ae604
VirtualSize 0x258
VirtualAddress 0x147000
SizeOfRawData 0x400
PointerToRawData 0x142800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.1544

Imports

KERNEL32.DLL GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTimeAsFileTime
LoadLibraryA
LocalAlloc
VerLanguageNameA
VerLanguageNameW
VirtualProtect
Shlwapi.dll PathFindFileNameA
USER32.DLL CharLowerA

Delayed Imports

GetFileVersionInfoA

Ordinal 1
Address 0x141aeb

GetFileVersionInfoByHandle

Ordinal 2
Address 0x141af1

GetFileVersionInfoExA

Ordinal 3
Address 0x141af7

GetFileVersionInfoExW

Ordinal 4
Address 0x141afd

GetFileVersionInfoSizeA

Ordinal 5
Address 0x141b03

GetFileVersionInfoSizeExA

Ordinal 6
Address 0x141b09

GetFileVersionInfoSizeExW

Ordinal 7
Address 0x141b0f

GetFileVersionInfoSizeW

Ordinal 8
Address 0x141b15

GetFileVersionInfoW

Ordinal 9
Address 0x141b1b

VerFindFileA

Ordinal 10
Address 0x141b21

VerFindFileW

Ordinal 11
Address 0x141b27

VerInstallFileA

Ordinal 12
Address 0x141b2d

VerInstallFileW

Ordinal 13
Address 0x141b33

VerLanguageNameA

Ordinal 14
Address 0x146108

VerLanguageNameW

Ordinal 15
Address 0x146110

VerQueryValueA

Ordinal 16
Address 0x141b39

VerQueryValueW

Ordinal 17
Address 0x141b3f

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x200
TimeDateStamp 2023-Nov-21 10:53:18
Entropy 3.34202
MD5 6cf8ad24cb893ff7d589a7bc10f1b0c1
SHA1 150bfa844b721997c476e398b750abb1e5fae4e4
SHA256 bd8b352cab7efd99bb6b54acd1cd0d9b097563eb2423a48ee19fb97b8d4a6dee
SHA3 11f95629fc7028954863e3c0f91b436c6c1841c7a5aa32a65f9e5fbd3e3dec17

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.0.2022.0
ProductVersion 2022.7.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileDescription Version Dll x64
LegalCopyright © LeFF
FileVersion (#2) 2.0.2022
ProductVersion (#2) 2022.7
OriginalFilename version.dll
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.