Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_7daba3c46a14107fc59e865d654fefe9.exe"
- [*] File Size: 294912
- [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
- [*] SHA256: "1e97c62a80461efb9f6e9220ec22b29552b6bc63bc9e8ad6244d26519aaf914d"
- [*] MD5: "7daba3c46a14107fc59e865d654fefe9"
- [*] SHA1: "fbe1cf8f3d312495408e6c6d51244dc5cbecf1d7"
- [*] SHA512: "a5c8bd4f4fa6e74574c0fc1ee8a34fdd71c1e7d38bf00f4a23271b8d46d73948b7cb991f7f683b4657a129f36f7f06fd9aaebaf39967e13b386b27eab650804f"
- [*] CRC32: "AB7BEC67"
- [*] SSDEEP: "6144:5ny47oa7kv1TOveImZNoh+ch7mXIT893fat6+b5edXvzWyBEwjMINH5h:5yKkv1jBYAcRmX393fat5edXv7ewAIhb"
- [*] Process Execution: [
- "Exes_7daba3c46a14107fc59e865d654fefe9.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "File has been identified by 32 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "FireEye": "Generic.mg.7daba3c46a14107f"
- },
- {
- "Qihoo-360": "HEUR/Malware.QVM19.Gen"
- },
- {
- "Zillya": "Trojan.Agent.Win32.122908"
- },
- {
- "Alibaba": "Trojan:Win32/Hiclas.8a3d8020"
- },
- {
- "K7GW": "Trojan ( 004f51791 )"
- },
- {
- "K7AntiVirus": "Trojan ( 004f51791 )"
- },
- {
- "Cyren": "W32/Risk.HCYV-4193"
- },
- {
- "Symantec": "ML.Attribute.HighConfidence"
- },
- {
- "ESET-NOD32": "Win32/Agent.OPA"
- },
- {
- "APEX": "Malicious"
- },
- {
- "NANO-Antivirus": "Virus.Win32.Gen.ccmw"
- },
- {
- "Rising": "Trojan.Win32.Generic.12773DD9 (C64:YzY0Ogy0oz2YJuVF)"
- },
- {
- "Comodo": "Malware@#a4b4fogahile"
- },
- {
- "F-Secure": "Trojan.TR/Crypt.XPACK.Gen"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "SentinelOne": "DFI - Suspicious PE"
- },
- {
- "F-Prot": "W32/MalwareF.ADCMN"
- },
- {
- "Webroot": "W32.Trojan.Trojan-Agent.Gen.X"
- },
- {
- "Avira": "TR/Crypt.XPACK.Gen"
- },
- {
- "MAX": "malware (ai score=100)"
- },
- {
- "Antiy-AVL": "Trojan/Win32.SGeneric"
- },
- {
- "Microsoft": "Trojan:Win32/Hiclas!gfc"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "AegisLab": "Trojan.Win32.Generic.4!c"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Yandex": "Trojan.Agent!c++y5y1J4nM"
- },
- {
- "Ikarus": "Trojan.Crypt.AIQ"
- },
- {
- "eGambit": "Generic.Malware"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "MaxSecure": "Virus.PECorrupt"
- }
- ]
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Minimum OS version is older than NT4 yet the PE timestamp year is newer than 2000"
- },
- {
- "anomaly": "Entrypoint of binary points to a non-executable code section"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "printf",
- "address": "0xe28054"
- }
- ],
- "dll": "msvcrt.dll"
- },
- {
- "imports": [
- {
- "name": "GetTickCount",
- "address": "0xe2805c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0xe28060"
- },
- {
- "name": "ExitProcess",
- "address": "0xe28064"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00055515",
- "overlay": null,
- "imagebase": "0x00de0000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00de2000",
- "timestamp": "2040-10-07 10:09:39",
- "osversion": "1.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00001000",
- "entropy": "0.06",
- "raw_address": "0x00001000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xe0000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00045000",
- "entropy": "7.98",
- "raw_address": "0x00002000",
- "virtual_size": "0x00045000",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "NicolasB",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00047000",
- "size_of_data": "0xefefadff",
- "entropy": "0.61",
- "raw_address": "0x00047000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00048000",
- "size_of_data": "0x00001000",
- "entropy": "0.61",
- "raw_address": "0x00047000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xc0000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00048000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000be"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "64f37a9561ff77b2cfcfe4eb061d8d45",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 2,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "printf",
- "address": "0xe28054"
- }
- ],
- "dll": "msvcrt.dll"
- },
- {
- "imports": [
- {
- "name": "GetTickCount",
- "address": "0xe2805c"
- },
- {
- "name": "GetCommandLineA",
- "address": "0xe28060"
- },
- {
- "name": "ExitProcess",
- "address": "0xe28064"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x00055515",
- "overlay": null,
- "imagebase": "0x00de0000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00de2000",
- "timestamp": "2040-10-07 10:09:39",
- "osversion": "1.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00001000",
- "entropy": "0.06",
- "raw_address": "0x00001000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xe0000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00002000",
- "size_of_data": "0x00045000",
- "entropy": "7.98",
- "raw_address": "0x00002000",
- "virtual_size": "0x00045000",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "NicolasB",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00047000",
- "size_of_data": "0xefefadff",
- "entropy": "0.61",
- "raw_address": "0x00047000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00048000",
- "size_of_data": "0x00001000",
- "entropy": "0.61",
- "raw_address": "0x00047000",
- "virtual_size": "0x00001000",
- "characteristics_raw": "0xc0000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00048000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000000be"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "64f37a9561ff77b2cfcfe4eb061d8d45",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 2,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement