| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
1970-Jan-01 00:00:00
|
| TLS Callbacks |
2 callback(s) detected.
|
| Debug artifacts |
Embedded COFF debugging symbols
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
|
| Malicious |
VirusTotal score: 8/72 (Scanned on 2026-02-25 19:16:38) |
Cylance:
Unsafe
Kingsoft:
win32.troj.undef.a
MaxSecure:
Trojan.Malware.216064600.susgen
Paloalto:
generic.ml
Rising:
Dropper.Generic!8.35E (RDMK:cmRtazo6eHNrkre0ujfGJ0nvwDO9)
Trapmine:
malicious.moderate.ml.score
TrellixENS:
Artemis!0881C194EEEE
VBA32:
Trojan.Ymacco
|
| MD5 |
0881c194eeee4e65e0007b4994a96781
|
| SHA1 |
f1bb5247ab3c061d8c0ef2f617e3039469c4c7f8
|
| SHA256 |
e92bb1d9bb07c39edc2d892aaacbd421fdab0874334f76dd35b50340d38122a7
|
| SHA3 |
cf55fe93d76384465ca641ca79b2b2710d2098fc6265466f444444e734421c2d
|
| SSDeep |
6144:/iC5VoC2KT4wwPdLPWKirrjuTlcC5VoC2KT4wwPdLPWKirrc:6KoC2KT4XFLQ3uTvoC2KT4XFLQQ
|
| Imports Hash |
d99eded55e32ffcb724c5cb20d0d6efb
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
8
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| PointerToSymbolTable |
0x44a00
|
| NumberOfSymbols |
63
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1e00
|
| SizeOfInitializedData |
0x44600
|
| SizeOfUninitializedData |
0x400
|
| AddressOfEntryPoint |
0x000014A0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x3000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x4b000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x4ba09
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
6e22acd2ce3921427b823bd7c2e6c6af
|
| SHA1 |
096264169d746498078043cd42cd4be795583759
|
| SHA256 |
f33e92a0b7b04551215f7693692cb6d9cf160cba8aa841a1988422945d90c5b4
|
| SHA3 |
6504c199cb307a5c0bf51a761b9bdb9e6dfcfd83a7a7e690c967c5d610ddfbc3
|
| VirtualSize |
0x1c94
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1e00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.83872
|
| MD5 |
ef0f09bf76e786620df286fe2e2168ed
|
| SHA1 |
805f800a1bac6fe42b148190150711a6e5b280c5
|
| SHA256 |
08e3c9817603b5a333a7eb512f29be455fa75079ac000f3fe7fa2e12f89e59b3
|
| SHA3 |
bac73cd11293833b898322f85e7fa190466de232dbbd502c80ced5a5805fb150
|
| VirtualSize |
0x30
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.584487
|
| MD5 |
a5292a990cd77da2feca628dcd6d60cf
|
| SHA1 |
aff1498deb386afaa6359ad4115c554f1b2fd1e4
|
| SHA256 |
c1074d6067f9cbb5e80236196dffc8d0bdab22501ac14ca22eda8de38aa5c85b
|
| SHA3 |
4600dca1a8b363e84ca065b2d29e1ff373784b60ed80a462333859488b60cb8b
|
| VirtualSize |
0x69c
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.68137
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x3ec
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
91ef943a310b576bd6b6f7abad9282af
|
| SHA1 |
69a47175f74ed02e24e7e3b6077508ca34390f11
|
| SHA256 |
58852d8857a277c3594ce169ad82975e2db122f518af12bb2c099896cc1d04de
|
| SHA3 |
519a82c5f9915bddf0b0615ae9edee87f85b95d779168b9354989adbf0ac820d
|
| VirtualSize |
0x684
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.06666
|
| MD5 |
05e70424708cc8f28695ff7c8d4cf29d
|
| SHA1 |
2b15ea74d1853b9969086c9fa2be564b299f2421
|
| SHA256 |
64c9aa8dc04e7871d0ee34d26c4842710f41fc734e7abbf41dce1aca853ca781
|
| SHA3 |
1824ad281a3244ffd2495d5cd45e44f325e14bc8ed47984adf66f0999099d2df
|
| VirtualSize |
0x34
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.270919
|
| MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
| SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
| SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
| SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
| VirtualSize |
0x8
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
| MD5 |
2f78cac45e7e08faaebf38c4aaeec597
|
| SHA1 |
53679a862325efe29bd0cfe387e9773bf4392124
|
| SHA256 |
1f7afa1c669d4fe7fb4d5d065229d91c0ae3f55ada85f9e9f7b1ef291f054313
|
| SHA3 |
001ddc2cf12692d62acbc732349b1dcdc5131e3b7c6dcad117cbae692a99bfec
|
| VirtualSize |
0x41128
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x41200
|
| PointerToRawData |
0x3800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.98601
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetDllDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
_vsnprintf
abort
calloc
exit
fprintf
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strlen
strncmp
vfprintf
wcstombs
_strdup
|
| USER32.dll |
MessageBoxA
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x22f1e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.9849
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
5006ff4c72e4d8b53c79d4f85bb19b84
|
| SHA1 |
2054ed268b31134d0644ad60b6b2163dfc8cda03
|
| SHA256 |
7174dc8d5239145e93b560eb0bc5e11995c3595e6f81076281262e17919a4fc4
|
| SHA3 |
2f7c06636125862ce6d1d030b5e980ebff29cf8e4afc2840a808af46e3332cf2
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
Latin 1 / Western European
|
| Size |
0x14
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
1.77095
|
| Detected Filetype |
Icon file
|
| MD5 |
17b37537fb0414ff2798df468acd81e7
|
| SHA1 |
87dbe612f9498dcb6d2e4c85af30627da3f3f74f
|
| SHA256 |
55e9a61508ca08998d96ce523971fe482db53ed53a3570c870e95768c0da97f9
|
| SHA3 |
5931fedd6faa2a416c6621028f2b2d51278894ab064576bd95f63b1e5f432c43
|
| StartAddressOfRawData |
0x408000
|
| EndAddressOfRawData |
0x408004
|
| AddressOfIndex |
0x405390
|
| AddressOfCallbacks |
0x407020
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x004017E0
0x00401790
|
[!] Error: Could not read a COFF symbol.
[*] Warning: Section .bss has a size of 0!
e92bb1d9bb07c39edc2d892aaacbd421fdab0874334f76dd35b50340d38122a7