d93c1b814ad6ff124834f4235bf8aac9f09dba8d69c335ebecc8d6efe8d5a062

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2011-Oct-14 05:32:12
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 8 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Malicious VirusTotal score: 3/72 (Scanned on 2026-02-03 02:11:40) APEX: Malicious
MaxSecure: Trojan.Malware.300983.susgen
Trapmine: malicious.high.ml.score

Hashes

MD5 a1924fa8082efb8df878ba9454698d85
SHA1 231f4c77d4260074035dddd795273c355385b33c
SHA256 d93c1b814ad6ff124834f4235bf8aac9f09dba8d69c335ebecc8d6efe8d5a062
SHA3 4d82369ef038a66019f4b5aa1ad0d618ec1b44447700a5398c2688b2d2e629f9
SSDeep 3072:C9qgMC/dJVt8tKvw6+M7bp73HcrTUdSn13cjoQRoXPOgK:C9XdLqtKvw6+qbRbdSpUtwOgK
Imports Hash 967e1f9a13630eb5db1d53106338fb6a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2011-Oct-14 05:32:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x2e000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x49000
AddressOfEntryPoint 0x00077790 (Section: UPX1)
BaseOfCode 0x4a000
BaseOfData 0x78000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x79000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x49000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 66702f40e1f859d027c65231dd1fb060
SHA1 21ef9f8d7751413135a033cb74d00002a17a588e
SHA256 c8011051eabc0b82d84762243f83a0d633fe13744999fa793ab5b80f0b1b2bda
SHA3 967140d8c4758824715271aea74d16a62dd24be1547297768e9eaf903a84e09c
VirtualSize 0x2e000
VirtualAddress 0x4a000
SizeOfRawData 0x2da00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.92364

.rsrc

MD5 2403b1d0de8cd83199ce47699be9161a
SHA1 de99d88813cb8fb805cd526a96af5f7ac6cbb3cd
SHA256 e2a83aa1704c67bee07ef5be842a4b5e7242ebe60b0749edec3384c01dfe62aa
SHA3 62d142ecaa6c266ccb6de193370edbd4821d0362b28e0d2853a13ffe6b62f738
VirtualSize 0x1000
VirtualAddress 0x78000
SizeOfRawData 0x400
PointerToRawData 0x2de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.93918

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll ReportEventA
USER32.dll MessageBoxA

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xdfd5feca
Unmarked objects 0
150 (20413) 3
C++ objects (VS2008 build 21022) 55
ASM objects (VS2008 build 21022) 29
C objects (VS2008 build 21022) 155
Imports (VS2012 build 50727 / VS2005 build 50727) 7
Total imports 100
Unmarked objects (#2) 3
C objects (VS98 SP6 build 8804) 38
137 (VS2008 build 21022) 48
Resource objects (VS2008 build 21022) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.