Malware score

31/344 heuristic rules

98%


malware score

Status: static.crypted.ml.gen

43.7
Suspect Score

0
Legit Score

46
Crypted Score

36
Packed Score

Static Analysis Indicators static.crypted.ml.gen

PE Markers anomalies check

Fields Values

Rich signature

found

Digital signature

not found

Overlay

not found

Subsystem

GUI

Compiler

Is .NET Image

Image is Native

Important PE Header Values suspect

Headers Hashes (MD5/SHA256/SSDEEP) Size

IMAGE_DOS_HEADERS

0x40

IMAGE_NT_HEADER

0x108

IMAGE_OPTIONAL_HEADERS

0xf0
ImageFileHeader Field Additional info Value Common

ImageFileHeader.Machine

0x8664

True

ImageFileHeader.TimeDataStamp

0x5d19e4dc

True

ImageFileHeader.Characteristics

0x222

True

ImageFileHeader.SizeOfOptionalHeader

0xf0

True

ImageOptionalHeader Field Additional info Value Common

ImageOptionalHeader.EntryPoint

0x276f801

False

ImageOptionalHeader.ImageBase

0x140000000

True

ImageOptionalHeader.Checksum

0x9619d3

False

ImageOptionalHeader.LinkerVersion

14.0

True

Resources anomalies check valid

Risk Structure

0%

VersionInfo not found

0%

Manifest found

0%

Message Table not found

0%

Strings Table not found

0%

RCDATA not found

0%

Icon found

0%

Icon Group not found

0%

Cursor found

0%

Accelerator not found

Frequency anomalies check suspect

Risk Anomalies Information

0%

File Entropy

7.9927721119168

0%

File Entropy (without zeros)

7.9621773

0%

Zero Value Frequency

0.011363303045315

0%

0xFF Bytes Frequency

0.48643273

0%

Chi-Square Distribution

3902.4684917153

0%

Monte Carlo Pi Value

3.149879891496

0%

Monte Carlo Pi Error Rate

0.26379097546949

0%

Packed percent

0

Entropy status:  Strong Packed  | Zero Value Frequency:  Packed or Crypted

Manifest check valid

Fields Values

SSDEEP

12:O3vaMN2U5NciE32xA5NXvNxW53SNK+bJmgVNG0n59Ngk+z:OCMPgiE/iiNK+bIgL5PTo

MD5

D12D83E208271DBAA56EF603CC50EDC6

SHA256

20C6468112A0A45E7C9B59F6C4FD2C8BFD93E6C87BE0903B2A11E798F82CB81E

                                        <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>
                    	            

Raw size: 624 bytes

PE Main Icon check valid

Fields Values

SSDEEP

192:gz9k2aFwhZgzLQDYUwjZfjIS0fGXzVnhXGXit4y01fwwy+JIQDIYVLryo08S/x72:okZwhZUEDYXZrIS7Vo3PDIsF0/x7a2tk

MD5

F43239F61ECC08F228CF9F142993E5C1

SHA256

7131B146649F7B00F2273447697FE388902236773A369D9A8831C0350FB7EA4D

Icon ID

0

Icon name

LOGO

Language

Not recognized (sublanguage: Not recognized), codepage: Not recognized

Raw size: 99678 bytes | Total icons: 0

PE Sections Info valid

Name VA RVA Characteristics Virtual Size Aligned Raw Size Size Of Raw Data Pointer To Raw Data

TPF

0x1000

0x140001000

0xe00000e0

0x276e000

0x93ea00

0x93ea00

0x200

.rsrc

0x2771000

0x142771000

0xc0000040 (Initialized Data, Readable, Writable)

0x1d028

0x1d200

0x1d200

0x940000

Total Number Of Sections (NumberOfSections): 3

PE Sections Statistics valid

Name Entropy Zero freq Ratio Hashes

TPF

7.9999799494896

0.0039466886520889

98.732790988736%

.rsrc

2.7809409432763

0.60029674087983

1.215060492282%

Total Number Of Sections (NumberOfSections): 3

PE imported functions suspect

| Function name: GetModuleHandleA | RVA: 5410059372 | HINT: 0 |
| Function name: GetProcAddress | RVA: 5410059391 | HINT: 0 |
| Function name: glutBitmapWidth | RVA: 5410059428 | HINT: 0 |
| Function name: PARDISO | RVA: 5410059464 | HINT: 0 |
| Function name: rtcInit | RVA: 5410059485 | HINT: 0 |
| Function name: RegEnumKeyW | RVA: 5410059508 | HINT: 0 |
| Function name: glEnd | RVA: 5410059535 | HINT: 0 |
| Function name: gluProject | RVA: 5410059553 | HINT: 0 |
| Function name: _Mtx_lock | RVA: 5410059579 | HINT: 0 |
| Function name: _vcomp_fork | RVA: 5410059604 | HINT: 0 |
| Function name: memcmp | RVA: 5410059635 | HINT: 0 |
| Function name: exit | RVA: 5410059678 | HINT: 0 |
| Function name: free | RVA: 5410059716 | HINT: 0 |
| Function name: clock | RVA: 5410059754 | HINT: 0 |
| Function name: rand | RVA: 5410059796 | HINT: 0 |
| Function name: putc | RVA: 5410059835 | HINT: 0 |
| Function name: rename | RVA: 5410059879 | HINT: 0 |
| Function name: strspn | RVA: 5410059921 | HINT: 0 |
| Function name: setlocale | RVA: 5410059963 | HINT: 0 |
| Function name: log | RVA: 5410060006 | HINT: 0 |
| Function name: atol | RVA: 5410060046 | HINT: 0 |
| Function name: getenv | RVA: 5410060091 | HINT: 0 |
| Function name: GetDC | RVA: 5410060111 | HINT: 0 |
| Function name: Arc | RVA: 5410060129 | HINT: 0 |
| Function name: PrintDlgW | RVA: 5410060148 | HINT: 0 |
| Function name: OpenPrinterW | RVA: 5410060173 | HINT: 0 |
| Function name: DragFinish | RVA: 5410060200 | HINT: 0 |
| Function name: #16 | RVA: --- | HINT: --- |
| Function name: DoDragDrop | RVA: 5410060236 | HINT: 0 |
| Function name: #113 | RVA: --- | HINT: --- |
| Function name: UuidToStringW | RVA: 5410060273 | HINT: 0 |

Total Number of Imported Functions:  31  | Total Number of Libraries:  30  | Total Number of Blacklisted Functions:  2

PE Resources valid

ID Type Language Size \ Offset Entropy Hashes

6

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.2305639380152

7

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.4217092402944

8

RT_CURSOR

1033 (1252)

0x134 \ 0x0

2.4874201912592

9

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.2498557857197

10

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.1180318837857

11

RT_CURSOR

1033 (1252)

0x134 \ 0x0

2.6377001532818

12

RT_CURSOR

1033 (1252)

0x134 \ 0x0

2.9111553168121

13

RT_CURSOR

1033 (1252)

0x134 \ 0x0

2.7552688233602

14

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.6536144773966

15

RT_CURSOR

1033 (1252)

0x134 \ 0x0

3.8973303141211

2147484248

RT_BITMAP

1033 (1252)

0xc0 \ 0x0

2.8031196466765

2147484304

RT_BITMAP

1033 (1252)

0x6c \ 0x0

2.609345184077

1

RT_ICON

1033 (1252)

0x468 \ 0x9403d4

3.6504695392175

2

RT_ICON

1033 (1252)

0x10a8 \ 0x940864

2.1650522865735

3

RT_ICON

1033 (1252)

0x25a8 \ 0x941934

2.5281439989022

4

RT_ICON

1033 (1252)

0x4228 \ 0x943f04

4.7707182005075

5

RT_ICON

1033 (1252)

0x10828 \ 0x948154

3.6009013560702

16

RT_ICON

1033 (1252)

0x2e8 \ 0x9589a4

2.0644851111067

17

RT_ICON

1033 (1252)

0x128 \ 0x958cb4

3.1263522208791

18

RT_ICON

1033 (1252)

0x568 \ 0x958e04

3.47107371944

19

RT_ICON

1033 (1252)

0x128 \ 0x959394

2.9485884903746

20

RT_ICON

1033 (1252)

0x568 \ 0x9594e4

3.6623530334473

21

RT_ICON

1033 (1252)

0x128 \ 0x959a74

3.6144426231743

22

RT_ICON

1033 (1252)

0x568 \ 0x959bc4

3.4781740907902

23

RT_ICON

1033 (1252)

0x128 \ 0x95a154

3.2630765481036

24

RT_ICON

1033 (1252)

0x568 \ 0x95a2a4

2.0801307576885

25

RT_ICON

1033 (1252)

0x128 \ 0x95a834

3.7246007358287

26

RT_ICON

1033 (1252)

0x568 \ 0x95a984

1.6912014797681

27

RT_ICON

1033 (1252)

0x128 \ 0x95af14

2.7908275442758

28

RT_ICON

1033 (1252)

0x568 \ 0x95b064

3.3019569154364

29

RT_ICON

1033 (1252)

0x128 \ 0x95b5f4

3.7416453860937

30

RT_ICON

1033 (1252)

0x568 \ 0x95b744

3.4980051698139

31

RT_ICON

1033 (1252)

0x128 \ 0x95bcd4

3.7130747096179

32

RT_ICON

1033 (1252)

0x568 \ 0x95be24

3.4754438635561

33

RT_ICON

1033 (1252)

0x128 \ 0x95c3b4

2.7202683651074

2147599604

RT_MENU

1033 (1252)

0xb4 \ 0x0

3.0068727621571

2147599768

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147599840

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147599916

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147599988

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600056

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600136

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600208

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600280

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600352

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600424

RT_GROUP_CURSOR

1033 (1252)

0x14 \ 0x0

1.291760148181

2147600592

RT_GROUP_ICON

1033 (1252)

0x4c \ 0x95c904

3.7087994002526

2147600720

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95c990

2.9849078912134

2147600820

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95ca04

2.6547974660907

2147600936

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95ca88

2.9849078912134

2147601068

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95cb00

2.5737713630859

2147601188

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95cb74

2.9849078912134

2147601304

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95cbe4

2.9849078912134

2147601416

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95cc58

2.9849078912134

2147601532

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95ccd8

2.8210319581338

2147601660

RT_GROUP_ICON

1033 (1252)

0x22 \ 0x95cd54

2.9260843618016

1

RT_MANIFEST

1033 (1252)

0x270 \ 0x95cdb8

3.7890249953845

Total Number of Resources: 57 | Total Size of Rsrc Section: 119296 | Total Entropy of Rsrc Section: 2.7809409432763 | Total Ratio of Rsrc Section: 0.012149971%

PE Dumped Strings suspect

# String Common

9

AIHZ

Yes

14

QIc1

Yes

16

OnG9

Yes

25

iba,

Yes

28

eY1i

Yes

30

Tp10

Yes

33

CcKy

Yes

40

.Aq6 local path or dir

No

47

agm,W

Yes

48

IUXQH

Yes

53

%.Mr local path or dir

No

56

P5l

Yes

69

cRCvm

Yes

70

AZnWb

Yes

71

t8VS

Yes

75

XFGL OC9ih

Yes

81

myayX

Yes

87

./L1 local path or dir

No

89

HWwnmds

Yes

96

S35M

Yes

98

l4U,

Yes

99

RihPg

Yes

100

tp,I

Yes

103

.5;y local path or dir

No

105

YKt0

Yes

117

A.)a local path or dir

No

130

lGcp

Yes

131

B.6/ local path or dir

No

133

wqq3

Yes

137

eI_cj-

Yes

141

T2BC

Yes

146

duJ.

Yes

153

q5L.

Yes

155

CDY0

Yes

158

MWcN

Yes

168

.bjj? local path or dir

No

173

nRVt

Yes

177

IVB

Yes

179

r2Xs

Yes

180

I6Ht

Yes

181

f,Qs

Yes

185

.4n^o1T(0 local path or dir

No

189

U- h

Yes

191

E5hqy

Yes

194

Q.{"W~v= local path or dir

No

202

jrRK

Yes

209

.e.%{ local path or dir

No

214

ZNVP

Yes

217

VS0

Yes

221

6&. local path or dir

No

Load more

Total Number of Strings: 2645 |  Common strings: 2510 | Danger strings: 135

Bytes Frequency Chart